TechSpot

[Closed] Delayed write failed issue

By TedCorcoran
Apr 12, 2012
  1. Hi

    I got a few redirects from Google returns to random sites unaffiliated with the hot link and knew something was up. Ran Avast scan. Today, received Delayed Write Failed message. Destination was:

    C:\$Extend\$UsnJrnl:$J

    and

    C:\WINDOWS\System32\Config

    Ran MalwareBytes, GMER, and DDS --- logs to follow.

    Have access to the Internet via the machine. Please let me know next steps -- and accept my thanks in advance for all you do and for any help you can provide.

    -Ted

    >>>>>> MalwareBytes Log <<<<<<<<<

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.04.08

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 7.0.5730.11
    tcorcoran :: TCORCORAN03 [administrator]

    2012-04-11 10:48:45 PM
    mbam-log-2012-04-11 (22-48-45).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 253280
    Time elapsed: 32 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  2. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    >>>>>>> GMER Log <<<<<<<<

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-12 10:41:39
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2040AH rev.00000096
    Running: 2f7bpf76.exe; Driver: C:\DOCUME~1\TCORCO~1\LOCALS~1\Temp\pxrdyfog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA25A1DF8]
    SSDT 872EFAF0 ZwAlertResumeThread
    SSDT 87668CA8 ZwAlertThread
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA262EA5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA25A285E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA25CED5D]
    SSDT 8777A5B0 ZwConnectPort
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA25A72E4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA25A7330]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA25A7422]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA25CE711]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA25A7252]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA25A7374]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA25A729A]
    SSDT 875CD518 ZwCreateThread
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA25A73DC]
    SSDT 876770D0 ZwDebugActiveProcess
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA25A1E44]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA25CF423]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA25CF6D9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA25A49A8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA25CF28E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA25CF0F9]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA262EB34]
    SSDT 87607368 ZwImpersonateAnonymousToken
    SSDT 875F80F0 ZwImpersonateThread
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA25A1AD6]
    SSDT 875CC110 ZwMapViewOfSection
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA25A1E90]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA25A4D1C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA25A2B02]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA25A730E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA25A7352]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA25A7446]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA25CEA6D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA25A7278]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA25A4518]
    SSDT 8760A8D8 ZwOpenProcessToken
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA25A73AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA25A72C2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA25A474C]
    SSDT 872C2A80 ZwOpenThreadToken
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA25A7400]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA262ECA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA25CEF74]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA25A29CE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA25CEDC6]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA2638B68]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA25CDD84]
    SSDT 87304AF0 ZwResumeThread
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA25A1EDC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA25A1F28]
    SSDT 8760DD40 ZwSetContextThread
    SSDT 87358B50 ZwSetInformationProcess
    SSDT 87601640 ZwSetInformationThread
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA25A1B46]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA25A1CEA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA25CF52A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA25A1C92]
    SSDT 875CA038 ZwSuspendProcess
    SSDT 8766DD50 ZwSuspendThread
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA25A1D5A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xA262ED60]
    SSDT 8764A0E8 ZwTerminateThread
    SSDT 87610780 ZwUnmapViewOfSection
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA25A1F74]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xA262EBE0]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA2644D92]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 90 804E26EC 4 Bytes [5A, EA, 62, A2]
    .text ntoskrnl.exe!_abnormal_termination + F0 804E274C 1 Byte [11]
    .text ntoskrnl.exe!_abnormal_termination + 1D0 804E282C 2 Bytes [D6, 1A]
    .text ntoskrnl.exe!_abnormal_termination + 1D3 804E282F 1 Byte [A2]
    .text ntoskrnl.exe!_abnormal_termination + 228 804E2884 8 Bytes [6D, EA, 5C, A2, 78, 72, 5A, ...] {INSD ; JMP FAR 0xa25a:0x7278a25c}
    .text ...
    PAGE ntoskrnl.exe!ObInsertObject 805641A3 5 Bytes JMP A264374C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80569D33 4 Bytes CALL A25A319F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8058041A 7 Bytes JMP A2644D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059D924 5 Bytes JMP A2641C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    init C:\WINDOWS\system32\DRIVERS\gtipci21.sys entry point in "init" section [0xF71CCA80]
    .text win32k.sys!EngFreeUserMem + 674 BF80BB11 5 Bytes JMP A25A6180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFreeUserMem + E5B BF80C2F8 5 Bytes JMP A25A607C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF810239 5 Bytes JMP A25A6036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 3228 BF81E155 5 Bytes JMP A25A4E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMulDiv + 506D BF823F38 5 Bytes JMP A25A5724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPaint + 4EF BF82CB8B 5 Bytes JMP A25A4F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + 6077 BF835D15 5 Bytes JMP A25A62EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 37B3 BF83DAE6 5 Bytes JMP A25A64F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + ED04 BF849037 5 Bytes JMP A25A60BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMultiByteToWideChar + 44AF BF851373 5 Bytes JMP A25A6450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnicodeToMultiByteN + DB4 BF858BB3 5 Bytes JMP A25A4FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnicodeToMultiByteN + 2D97 BF85AB96 5 Bytes JMP A25A5F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnicodeToMultiByteN + 63E4 BF85E1E3 5 Bytes JMP A25A5384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnicodeToMultiByteN + 646F BF85E26E 5 Bytes JMP A25A5562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 415A BF879B63 5 Bytes JMP A25A551C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetLastError + 1606 BF896DAD 5 Bytes JMP A25A57FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 1899 BF899503 5 Bytes JMP A25A4E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 23AD BF89DBF1 5 Bytes JMP A25A6232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + 8D7E BF8B97A5 5 Bytes JMP A25A570C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + D861 BF8BE288 5 Bytes JMP A25A57E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngAlphaBlend + 4C65 BF8C3DC7 5 Bytes JMP A25A5104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 15C6 BF8E92E9 5 Bytes JMP A25A51AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 1846 BF8E9569 5 Bytes JMP A25A52E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 445D BF8EC180 5 Bytes JMP A25A4D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + CE64 BF8F4B87 5 Bytes JMP A25A573C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 1994 BF911BC0 5 Bytes JMP A25A4F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2568 BF912794 5 Bytes JMP A25A50B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4EC2 BF9150EE 5 Bytes JMP A25A567C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 191E BF942A95 5 Bytes JMP A25A63A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
     
  3. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00391014
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00390C0C
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390E10
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\csrss.exe[228] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[228] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000701F8
    .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000703FC
    .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\winlogon.exe[252] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\winlogon.exe[252] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\winlogon.exe[252] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\winlogon.exe[252] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\winlogon.exe[252] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\services.exe[292] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\services.exe[292] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\services.exe[292] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\services.exe[292] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\services.exe[292] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\services.exe[292] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\Explorer.EXE[296] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\Explorer.EXE[296] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[296] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\Explorer.EXE[296] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
    .text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
    .text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
    .text C:\WINDOWS\Explorer.EXE[296] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\Explorer.EXE[296] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002C0804
    .text C:\WINDOWS\Explorer.EXE[296] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002C0600
    .text C:\WINDOWS\Explorer.EXE[296] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[296] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\lsass.exe[308] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\lsass.exe[308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[308] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\lsass.exe[308] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\lsass.exe[308] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\lsass.exe[308] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\lsass.exe[308] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\lsass.exe[308] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00371014
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00370804
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00370A08
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00370C0C
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00370E10
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003701F8
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003703FC
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00370600
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\svchost.exe[488] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[488] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[488] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\svchost.exe[600] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[600] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[600] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[600] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[600] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000801F8
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000803FC
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\SCardSvr.exe[720] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\SCardSvr.exe[720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\System32\SCardSvr.exe[720] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\SCardSvr.exe[720] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\System32\SCardSvr.exe[720] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\System32\SCardSvr.exe[720] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002A0804
    .text C:\WINDOWS\System32\SCardSvr.exe[720] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\System32\SCardSvr.exe[720] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\System32\SCardSvr.exe[720] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
     
  4. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 004C1014
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 004C0804
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 004C0A08
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 004C0C0C
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 004C0E10
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 004C01F8
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 004C03FC
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 004C0600
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 004D0A08
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 004D0804
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 004D0600
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 004D01F8
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 004D03FC
    .text C:\WINDOWS\system32\spoolsv.exe[860] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\spoolsv.exe[860] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[860] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\spoolsv.exe[860] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\spoolsv.exe[860] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\spoolsv.exe[860] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\spoolsv.exe[860] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\spoolsv.exe[860] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\spoolsv.exe[860] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[936] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[936] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[936] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
    .text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
    .text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
    .text C:\WINDOWS\System32\svchost.exe[936] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[936] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[936] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[936] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[936] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003A1014
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003A0804
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 003A0A08
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 003A0E10
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003A01F8
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003A03FC
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003A0600
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003B0A08
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003B0804
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003B0600
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003B01F8
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003B03FC
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003A1014
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003A0804
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 003A0A08
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 003A0E10
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003A01F8
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003A03FC
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003A0600
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003B0A08
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003B0804
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003B0600
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003B01F8
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003B03FC
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000C01F8
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000C03FC
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00311014
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00310804
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00310A08
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00310C0C
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00310E10
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!CreateServiceA 77E37071 5 Bytes JMP 003101F8
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!CreateServiceW 77E37209 5 Bytes JMP 003103FC
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!DeleteService 77E37311 5 Bytes JMP 00310600
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] USER32.DLL!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00320A08
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] USER32.DLL!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00320804
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] USER32.DLL!SetWindowsHookExA 77D611E9 5 Bytes JMP 00320600
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] USER32.DLL!SetWinEventHook 77D617C8 5 Bytes JMP 003201F8
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] USER32.DLL!UnhookWinEvent 77D6187D 5 Bytes JMP 003203FC
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003C1014
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003C0804
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 003C0A08
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 003C0C0C
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 003C0E10
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003C01F8
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003C03FC
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003C0600
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003D0A08
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003D0804
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003D0600
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003D01F8
    .text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003D03FC
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
     
  5. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1400] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1400] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 004E1014
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 004E0804
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 004E0A08
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 004E0C0C
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 004E0E10
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 004E01F8
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 004E03FC
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 004E0600
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 004F0A08
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 004F0804
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 004F0600
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 004F01F8
    .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 004F03FC
    .text C:\WINDOWS\System32\smss.exe[1872] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2108] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\UAService7.exe[2356] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
    .text C:\WINDOWS\system32\UAService7.exe[2356] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\UAService7.exe[2356] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
    .text C:\WINDOWS\system32\UAService7.exe[2356] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00371014
    .text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00370804
    .text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00370A08
    .text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00370C0C
    .text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00370E10
    .text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003701F8
    .text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003703FC
    .text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00370600
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003A1014
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003A0804
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 003A0A08
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 003A0E10
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003A01F8
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003A03FC
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003A0600
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003B0A08
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003B0804
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003B0600
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003B01F8
    .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003B03FC
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003D1014
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003D0804
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 003D0A08
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 003D0C0C
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 003D0E10
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003D01F8
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003D03FC
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003D0600
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003E0A08
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003E0804
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003E0600
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003E01F8
    .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003E03FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2496] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
    .text C:\WINDOWS\System32\svchost.exe[2516] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[2516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2516] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[2516] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
    .text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
    .text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
    .text C:\WINDOWS\System32\svchost.exe[2516] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[2516] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[2516] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[2516] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[2516] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[2556] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[2556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2556] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[2556] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
    .text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
    .text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
    .text C:\WINDOWS\System32\svchost.exe[2556] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[2556] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[2556] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[2556] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[2556] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00371014
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00370804
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00370A08
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00370C0C
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00370E10
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003701F8
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003703FC
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00370600
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00391014
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00390804
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00390C0C
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390E10
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003901F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003903FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00390600
    .text C:\Program Files\Apoint\Apntex.exe[2832] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
    .text C:\Program Files\Apoint\Apntex.exe[2832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Apoint\Apntex.exe[2832] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
    .text C:\Program Files\Apoint\Apntex.exe[2832] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Apoint\Apntex.exe[2832] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00370A08
    .text C:\Program Files\Apoint\Apntex.exe[2832] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00370804
    .text C:\Program Files\Apoint\Apntex.exe[2832] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00370600
    .text C:\Program Files\Apoint\Apntex.exe[2832] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003701F8
    .text C:\Program Files\Apoint\Apntex.exe[2832] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003703FC
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
    .text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
    .text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
     
  6. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    .text C:\WINDOWS\System32\svchost.exe[3336] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[3336] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[3336] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[3336] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
    .text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
    .text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
    .text C:\WINDOWS\System32\svchost.exe[3336] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[3336] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[3336] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[3336] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[3336] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00371014
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00370804
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00370A08
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00370C0C
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00370E10
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003701F8
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003703FC
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00370600
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[3428] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00371014
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00370804
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00370A08
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00370C0C
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00370E10
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003701F8
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003703FC
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00370600
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000801F8
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000803FC
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wdfmgr.exe[3500] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002C03FC
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00371014
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00370804
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00370A08
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00370C0C
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00370E10
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003701F8
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003703FC
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00370600
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
    .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3808] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3808] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3852] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\ctfmon.exe[3872] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\ctfmon.exe[3872] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[3872] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\ctfmon.exe[3872] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\ctfmon.exe[3872] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\ctfmon.exe[3872] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\ctfmon.exe[3872] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\ctfmon.exe[3872] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\ctfmon.exe[3872] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002C03FC
    .text C:\Program Files\Apoint\Apoint.exe[4088] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
    .text C:\Program Files\Apoint\Apoint.exe[4088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Apoint\Apoint.exe[4088] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
    .text C:\Program Files\Apoint\Apoint.exe[4088] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Apoint\Apoint.exe[4088] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00370A08
    .text C:\Program Files\Apoint\Apoint.exe[4088] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00370804
    .text C:\Program Files\Apoint\Apoint.exe[4088] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00370600
    .text C:\Program Files\Apoint\Apoint.exe[4088] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003701F8
    .text C:\Program Files\Apoint\Apoint.exe[4088] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003703FC
    .text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
    .text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
    .text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
    .text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
    .text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
    .text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
    .text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
    .text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
     
  7. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[292] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005D0002
    IAT C:\WINDOWS\system32\services.exe[292] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005D0000
    IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
    IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[3808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Services - GMER 1.0.15 ----

    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] ifiiwgaxg <-- ROOTKIT !!!

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg@DisplayName Windows Helper
    Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg@Type 32
    Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg@Start 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg@ErrorControl 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg@ObjectName LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg@Description Prefetches JRE files for faster startup of Java applets and applications
    Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg\Parameters@ServiceDll C:\WINDOWS\system32\eqyhh.dll
    Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg@DisplayName Windows Helper
    Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg@Type 32
    Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg@Start 2
    Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg@ErrorControl 0
    Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg@ObjectName LocalSystem
    Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg@Description Prefetches JRE files for faster startup of Java applets and applications
    Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg\Parameters@ServiceDll C:\WINDOWS\system32\eqyhh.dll

    ---- EOF - GMER 1.0.15 ----
     
  8. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    >>>>>> DDS Logs <<<<<<<<

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_26
    Run by tcorcoran at 10:52:23 on 2012-04-12
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.368 [GMT -4:00]
    .
    AV: Norton Internet Security *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Norton Internet Security *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mDefault_Page_URL = hxxp://www.google.com
    mDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
    BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\tcorcoran\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
    mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    uPolicies-system: EnableProfileQuota = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxsrvc.dll
    Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
    SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 94.232.248.66 antivirprotection.com
    Hosts: 94.232.248.66 www.antivirprotection.com
    Hosts: 74.208.10.249 gs.apple.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\tcorcoran\application data\mozilla\firefox\profiles\fyctq6of.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://vshare.toolbarhome.com/?hp=df
    FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
    FF - component: c:\documents and settings\tcorcoran\application data\mozilla\firefox\profiles\fyctq6of.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\tcorcoran\application data\mozilla\firefox\profiles\fyctq6of.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - plugin: c:\documents and settings\tcorcoran\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\progra~1\mozill~1\plugins\np32dsw.dll
    FF - plugin: c:\progra~1\mozill~1\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\progra~1\mozill~1\plugins\npmusicn.dll
    FF - plugin: c:\progra~1\mozill~1\plugins\NPOFFICE.DLL
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    FF - Ext: XULRunner: {A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5} - c:\documents and settings\tcorcoran\local settings\application data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2007-2-24 18110]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-11 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-11 337880]
    R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
    R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-9-17 10872]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2007-2-24 619390]
    R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2007-2-24 423454]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-11 20696]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-11 44768]
    R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-19 112688]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2005-6-3 80384]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070820.048\NAVENG.SYS [2011-3-19 81232]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070820.048\NAVEX15.SYS [2011-3-19 865904]
    R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2011-3-19 1251720]
    S2 COMServer;COMServer;"c:\windows\system32\msapps\comsrvr.exe" s --> c:\windows\system32\msapps\comsrvr.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
    S2 ifiiwgaxg;Windows Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
    S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11010.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [?]
    S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-3-10 39424]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
    S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasusb.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
    S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2010-9-15 386560]
    S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2010-9-15 20992]
    S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2010-9-15 33792]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
    .
    =============== Created Last 30 ================
    .
    2012-04-12 03:30:14 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-04-12 03:28:12 41184 ----a-w- c:\windows\avastSS.scr
    2012-04-12 03:26:36 -------- d-----w- c:\program files\AVAST Software
    2012-04-12 03:26:36 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    .
    ==================== Find3M ====================
    .
    2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 10:56:02.50 ===============
     
  9. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    >>>>>> DDS Logs --Attach.txt-- <<<<<<<<

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2005-06-08 10:12:44 AM
    System Uptime: 2012-04-12 12:10:37 AM (10 hours ago)
    .
    Motherboard: Dell Inc. | | 0D4571
    Processor: Intel(R) Pentium(R) M processor 2.00GHz | Microprocessor | 1995/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 37 GiB total, 7.526 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    32 Bit HP CIO Components Installer
    Adobe Acrobat - Reader 6.0.2 Update
    Adobe Acrobat 6.0 Standard
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Anchor Service CS4
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge CS4
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS3
    Adobe Drive CS4
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS3
    Adobe Linguistics CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop 7.0
    Adobe Reader 6.0.1
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe SING CS4
    Adobe Stock Photos CS3
    Adobe Type Support CS4
    Adobe Update Manager CS3
    Adobe Update Manager CS4
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    ALPS Touch Pad Driver
    AppCore
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AttachmentOptions
    Audacity 1.2.6
    avast! Free Antivirus
    AVG Anti-Spyware 7.5
    Beyond Compare Version 2.2.7
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Business Contact Manager for Outlook 2003
    CAIR2
    ccCommon
    Cisco Systems VPN Client 5.0.00.0340
    Color Detector 2.0
    Compatibility Pack for the 2007 Office system
    Component Framework
    Connect
    eLicenser Control
    First Step Guide
    Google Chrome
    Google Update Helper
    Google Video Uploader
    HijackThis 1.99.1
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB928388)
    Intel(R) Graphics Media Accelerator Driver for Mobile
    Intel(R) PROSet/Wireless Software
    Internal Network Card Power Management
    ISO Recorder
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) SE Runtime Environment 6
    kuler
    LiveUpdate (Symantec Corporation)
    Logos
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Macromedia Shockwave Player
    Malwarebytes Anti-Malware version 1.61.0.1400
    mCore
    mDrWiFi
    MetaFrame Presentation Server Client
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Age of Empires II
    Microsoft Age of Empires II: The Conquerors Expansion
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Office Project Professional 2003
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual SourceSafe NetSetup
    mIWA
    mIWCA
    mLogView
    mMHouse
    Mozilla Firefox (3.6.26)
    mPfMgr
    mPfWiz
    mProSafe
    mSSO
    mToolkit
    mWlsSafe
    mXML
    mZConfig
    Norton AntiVirus
    Norton AntiVirus Help
    Norton Confidential Core
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    PDF Settings CS4
    Pdf995
    Photoshop Camera Raw
    PowerDVD 5.1
    QuickSet
    QuickTime
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896428)
    Skype™ 4.2
    Sony DVD Handycam USB Driver 2
    SPBBC 32bit
    Steinberg Cubase LE 4
    Suite Shared Configuration CS4
    SUPERAntiSpyware
    Symantec Real Time Storage Protection Component
    SymNet
    TextPad 4.7
    TFCleanup v2.3
    Uninstall Startup Inspector
    US-122 MKII / US-144 MKII
    WebFldrs XP
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB888310
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    WinRAR archiver
    WinZip
    WinZip Self-Extractor
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2012-04-12 12:48:44 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    2012-04-12 12:16:23 AM, error: Service Control Manager [7023] - The Windows Helper service terminated with the following error: The specified module could not be found.
    2012-04-11 10:41:05 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
    2012-04-11 10:37:15 PM, error: Service Control Manager [7023] - The Windows Helper service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
    2012-04-11 10:35:24 PM, error: NETLOGON [5719] - No Domain Controller is available for domain CVILLE due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    2012-04-11 10:32:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2012-04-11 10:31:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV AVG Anti-Spyware Driver eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SPBBCDrv SRTSPX SYMTDI Tcpip
    2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
    2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
    2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    .
    ==== End Of File ===========================
     
  10. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    Hi,

    Worried that the GMER is the "show all" scan, though I did not check the box. The scan seemed to hang when I received a rootkit warning. I clicked start again and it continued. Let me know if this step needs to be re-executed.

    Again, thanks!

    -Ted
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Hi Ted! I would say 'welcome back but this is probably the last forum anyone want to be in! Let's hope we can fix this one. There are some extra entries In GMER I'll remove so the thread isn't so long.
    -------------------------------
    You've ended up with 2 AV though- so please remove one of them. Reboot when finished please.
    AV: Norton Internet Security *Enabled/
    AV: avast! Antivirus *Enabled/
    =========================================
    The Delayed Write Failure is most likely coming from the Rogue SYSTEM RESTORE: AKA Data Recovery So let's work on that. We'll let Combofix help us:

    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =======================================
    This malware is a fake computer analysis and optimization program that displays fake information in order to scare you into believing that there is an issue with your computer and you need their program to fix it.
    • It will display numerous error messages when you attempt to launch programs or delete files.
    • It will scan your computer, which will then find a variety of errors that it states it cannot fix until you purchase the program. so-called defragment tool.
    • Folder, icons, programs may appear to be missing their content.
    • It may terminate a program you launch stating that "the program or hard drive is corrupted".
    • The messages that you will see when you attempt run a program are:
      [o]Hard Drive Failure
      [o]System ot Critical Error
      [o]Closing these messages will then bring 'notice' of Windows Recovery Diagnostics and/or Fix Disk
    • When running it will also display fake alerts from your Windows taskbar of various "Critical Errors" and other fake warnings.
    • . The malware may prevent downloads directly to the infected computer. In that case, programs can be loaded onto a flash drive, then transferred to the problem system to run.
    ===================================
    1. Boot into Safe Mode with Networking
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.
    =======================================
    2. To end the processes that belong to the rogue program:
    Please click on RKill
    • At the download page, click on Download now button for iExplore.exe download link and save to the desktop
    • Double click on the iExplore.exe icon
    • Please be patient- it may take a bit.
    • The black Window will close when through and you can continue.
    Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
    =======================================
    Do not reboot your computer after runningRKilll as the malware programs will start again.
    ================================
    3. This malware frequently comes with the TDSSrootkit, so do the following:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43 Save log and post in next reply.
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    ====================================
    If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
    ====================================
    4. Update and rescan with Malwarebytes:
    • Select Perform Full Scan on the Scanner tab
    • Click on the Scan button.
    • When scan has finished, you will see this image:
      [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheck Word Wrap before copying the log to paste in your next reply.
    ==============================
    Note: If #5 and/or #6 don't apply, you can skip those steps.
    5.Correct Display Changes if needed:
    If the desktop background is black or if the theme has been removed:
    • Click on Start> Control Panel> Appearance & Personalization
    • Select Change Theme or Change Desktop Background
    =====================================
    6.Some items may not show on the Start menu. To add them back:
    • Right click on Start> Properties
    • Taskbar and Start Menu Properties screen appears
    • choose Start Menu tab> Click on Customize
    • For Windows XP> Choose Advanced tab
    • Check the items you want back on the Start Menu
    • When finished> click on OK> Apply and close.
    =====================================
    You can now reboot back into Normal Mode.
    (Note: If programs, icons, files, etc. appear to be missing, you can run #3 first, then continue with RKill)
    =====================================
    Please leave the logs from Combofix and TDSSKiller in the next reply.
     
  12. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    ComboFix Log:


    ComboFix 12-04-12.03 - tcorcoran 2012-04-12 20:43:14.4.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.606 [GMT -4:00]
    Running from: c:\documents and settings\tcorcoran\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\tcorcoran\g2mdlhlpx.exe
    c:\documents and settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}
    c:\documents and settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\chrome.manifest
    c:\documents and settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\chrome\content\_cfg.js
    c:\documents and settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\chrome\content\overlay.xul
    c:\documents and settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\install.rdf
    c:\documents and settings\tcorcoran\WINDOWS
    c:\program files\Common Files\fwzu
    c:\program files\Common Files\fwzu\fwzua.lck
    c:\program files\Common Files\fwzu\fwzud\class-barrel
    c:\program files\Common Files\fwzu\fwzul.lck
    c:\program files\Common Files\fwzu\fwzum.lck
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe
    c:\windows\system32\jierrfba.ini
    c:\windows\system32\setb6.tmp
    .
    c:\windows\system32\proquota.exe was missing
    Restored copy from - c:\i386\proquota.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_COMSERVER
    -------\Service_COMServer
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-13 00:57 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\proquota.exe
    2012-04-13 00:57 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
    2012-04-13 00:15 . 2012-04-13 00:15 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
    2012-04-12 03:30 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-04-12 03:30 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-04-12 03:30 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-04-12 03:30 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-04-12 03:30 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-04-12 03:30 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-04-12 03:30 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-04-12 03:30 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-04-12 03:28 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-04-12 03:28 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
    2012-04-12 03:26 . 2012-04-12 03:26 -------- d-----w- c:\program files\AVAST Software
    2012-04-12 03:26 . 2012-04-12 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-04 19:56 . 2011-03-20 19:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^tcorcoran^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\documents and settings\tcorcoran\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^tcorcoran^Start Menu^Programs^Startup^Konfabulator.lnk]
    path=c:\documents and settings\tcorcoran\Start Menu\Programs\Startup\Konfabulator.lnk
    backup=c:\windows\pss\Konfabulator.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    c:\windows\system32\dumprep 0 -u [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 10:00 15360 ------w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    2005-03-04 16:26 606208 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2005-02-15 20:02 126976 ------w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2005-02-15 20:02 155648 ------w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2010-04-06 06:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
    "c:\\Program Files\\Intel\\Wireless\\Bin\\1XConfig.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    .
    R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2007-02-24 18110]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-04-11 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-04-11 337880]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2010-02-17 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 2:41 PM 67656]
    R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2007-02-24 619390]
    R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2007-02-24 423454]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-04-11 20696]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2005-06-03 5:52 PM 80384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 5:58 PM 135664]
    S2 ifiiwgaxg;Windows Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-08-11 6:00 PM 14336]
    S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
    S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-03-10 4:55 PM 39424]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 5:58 PM 135664]
    S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
    S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2010-09-15 6:08 PM 386560]
    S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2010-09-15 6:08 PM 20992]
    S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2010-09-15 6:08 PM 33792]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *NewlyCreated* - WUAUSERV
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ifiiwgaxg
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 21:58]
    .
    2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 21:58]
    .
    2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-484061587-1417001333-1130Core.job
    - c:\documents and settings\tcorcoran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-17 23:52]
    .
    2012-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-484061587-1417001333-1130UA.job
    - c:\documents and settings\tcorcoran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-17 23:52]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\documents and settings\tcorcoran\Application Data\Mozilla\Firefox\Profiles\fyctq6of.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    Notify-ckpNotify - (no file)
    Notify-NavLogon - (no file)
    SafeBoot-AVG Anti-Spyware Driver
    MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-DSS - c:\windows\BBSTORE\DSS\DSSAGENT.EXE
    MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
    MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
    AddRemove-HijackThis - c:\documents and settings\tcorcoran\Desktop\HijackThis.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-12 21:10
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\windows\system32\wbem\Performance\WmiApRpl.ini 3824 bytes
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ifiiwgaxg]
    "ServiceDll"="c:\windows\system32\eqyhh.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1612)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\program files\Intel\Wireless\Bin\LgNotify.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    - - - - - - - > 'explorer.exe'(3104)
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\BIB.dll
    c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
    c:\program files\Alex Feinman\ISO Recorder\ISORecorder.dll
    c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
    c:\progra~1\WINZIP\WZSHLSTB.DLL
    c:\program files\WinRAR\rarext.dll
    c:\program files\Beyond Compare 2\BCShellEx.dll
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\context.dll
    c:\windows\system32\browselc.dll
    c:\program files\Microsoft Office\OFFICE11\msohev.dll
    c:\windows\system32\shdoclc.dll
    c:\progra~1\TEXTPA~1\System\shellext.dll
    c:\program files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
    c:\windows\system32\igfxpph.dll
    c:\windows\system32\hccutils.DLL
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
    c:\program files\SUPERAntiSpyware\SASSEH.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Intel\Wireless\Bin\WLKeeper.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\UAService7.exe
    c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
    c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
    c:\program files\Apoint\Apntex.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\documents and settings\tcorcoran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-12 21:20:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-13 01:19
    ComboFix2.txt 2008-01-06 12:00
    ComboFix3.txt 2007-09-17 14:22
    .
    Pre-Run: 8,317,292,544 bytes free
    Post-Run: 9,183,162,368 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /bootlogo /noguiboot /kernel=KERNEL01.exe
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /bootlogo /noguiboot
    .
    - - End Of File - - 1108BA2A96435E193905F17EA929327B
     
  13. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    >>>>>>>>>>>> TDSSKiller <<<<<<<<<<<<


    22:20:15.0265 0836 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
    22:20:15.0265 0836 ============================================================
    22:20:15.0265 0836 Current date / time: 2012/04/12 22:20:15.0265
    22:20:15.0265 0836 SystemInfo:
    22:20:15.0265 0836
    22:20:15.0265 0836 OS Version: 5.1.2600 ServicePack: 2.0
    22:20:15.0265 0836 Product type: Workstation
    22:20:15.0265 0836 ComputerName: TCORCORAN03
    22:20:15.0265 0836 UserName: tcorcoran
    22:20:15.0265 0836 Windows directory: C:\WINDOWS
    22:20:15.0265 0836 System windows directory: C:\WINDOWS
    22:20:15.0265 0836 Processor architecture: Intel x86
    22:20:15.0265 0836 Number of processors: 1
    22:20:15.0265 0836 Page size: 0x1000
    22:20:15.0265 0836 Boot type: Safe boot with network
    22:20:15.0265 0836 ============================================================
    22:20:17.0281 0836 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    22:20:17.0281 0836 \Device\Harddisk0\DR0:
    22:20:17.0281 0836 MBR used
    22:20:17.0281 0836 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x4A5DF76
    22:20:17.0328 0836 Initialize success
    22:20:17.0328 0836 ============================================================
    22:20:38.0390 1020 ============================================================
    22:20:38.0390 1020 Scan started
    22:20:38.0390 1020 Mode: Manual;
    22:20:38.0390 1020 ============================================================
    22:20:40.0015 1020 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
    22:20:40.0015 1020 Aavmker4 - ok
    22:20:40.0265 1020 Abiosdsk - ok
    22:20:40.0531 1020 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    22:20:40.0531 1020 abp480n5 - ok
    22:20:40.0875 1020 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    22:20:40.0875 1020 ACPI - ok
    22:20:41.0140 1020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    22:20:41.0140 1020 ACPIEC - ok
    22:20:41.0500 1020 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
    22:20:41.0500 1020 adfs - ok
    22:20:41.0859 1020 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    22:20:41.0859 1020 adpu160m - ok
    22:20:42.0203 1020 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
    22:20:42.0203 1020 aec - ok
    22:20:42.0515 1020 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    22:20:42.0515 1020 AegisP - ok
    22:20:42.0843 1020 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
    22:20:42.0843 1020 AFD - ok
    22:20:43.0156 1020 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
    22:20:43.0156 1020 agp440 - ok
    22:20:43.0484 1020 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    22:20:43.0484 1020 agpCPQ - ok
    22:20:43.0750 1020 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    22:20:43.0750 1020 Aha154x - ok
    22:20:44.0046 1020 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    22:20:44.0046 1020 aic78u2 - ok
    22:20:44.0328 1020 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    22:20:44.0328 1020 aic78xx - ok
    22:20:44.0578 1020 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
    22:20:44.0578 1020 Alerter - ok
    22:20:44.0890 1020 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
    22:20:44.0890 1020 ALG - ok
    22:20:45.0171 1020 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    22:20:45.0171 1020 AliIde - ok
    22:20:45.0468 1020 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    22:20:45.0468 1020 alim1541 - ok
    22:20:45.0765 1020 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    22:20:45.0765 1020 amdagp - ok
    22:20:46.0046 1020 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    22:20:46.0046 1020 amsint - ok
    22:20:46.0375 1020 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    22:20:46.0375 1020 ApfiltrService - ok
    22:20:46.0703 1020 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
    22:20:46.0703 1020 APPDRV - ok
    22:20:46.0921 1020 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:20:46.0921 1020 Apple Mobile Device - ok
    22:20:47.0250 1020 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
    22:20:47.0250 1020 AppMgmt - ok
    22:20:47.0562 1020 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    22:20:47.0562 1020 asc - ok
    22:20:47.0875 1020 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    22:20:47.0875 1020 asc3350p - ok
    22:20:48.0156 1020 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    22:20:48.0156 1020 asc3550 - ok
    22:20:48.0468 1020 aspnet_state (4eabf511b1af176a971c3271e48fa3a8) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    22:20:48.0468 1020 aspnet_state - ok
    22:20:48.0828 1020 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    22:20:48.0828 1020 aswFsBlk - ok
    22:20:49.0171 1020 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
    22:20:49.0171 1020 aswMon2 - ok
    22:20:49.0453 1020 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
    22:20:49.0453 1020 AswRdr - ok
    22:20:49.0968 1020 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
    22:20:49.0968 1020 aswSnx - ok
    22:20:50.0406 1020 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
    22:20:50.0406 1020 aswSP - ok
    22:20:50.0750 1020 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
    22:20:50.0750 1020 aswTdi - ok
    22:20:51.0031 1020 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    22:20:51.0031 1020 AsyncMac - ok
    22:20:51.0328 1020 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    22:20:51.0328 1020 atapi - ok
    22:20:51.0578 1020 Atdisk - ok
    22:20:51.0875 1020 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    22:20:51.0875 1020 Atmarpc - ok
    22:20:52.0156 1020 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
    22:20:52.0156 1020 AudioSrv - ok
    22:20:52.0437 1020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    22:20:52.0437 1020 audstub - ok
    22:20:52.0765 1020 Automatic LiveUpdate Scheduler (de220dcea74e13e659ff6192c3afe49c) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    22:20:52.0765 1020 Automatic LiveUpdate Scheduler - ok
    22:20:52.0921 1020 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    22:20:52.0921 1020 avast! Antivirus - ok
    22:20:53.0062 1020 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
    22:20:53.0062 1020 AVG Anti-Spyware Driver - ok
    22:20:53.0234 1020 AVG Anti-Spyware Guard (5dcd235c061022bcda9aa48670b64211) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    22:20:53.0234 1020 AVG Anti-Spyware Guard - ok
    22:20:53.0578 1020 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
    22:20:53.0578 1020 AvgAsCln - ok
    22:20:53.0906 1020 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    22:20:53.0906 1020 b57w2k - ok
    22:20:54.0187 1020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    22:20:54.0187 1020 Beep - ok
    22:20:54.0609 1020 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
    22:20:54.0609 1020 BITS - ok
    22:20:54.0953 1020 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
    22:20:54.0953 1020 Bonjour Service - ok
    22:20:55.0312 1020 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
    22:20:55.0312 1020 Bridge - ok
    22:20:55.0359 1020 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
    22:20:55.0359 1020 BridgeMP - ok
    22:20:55.0656 1020 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
    22:20:55.0656 1020 Browser - ok
    22:20:55.0671 1020 catchme - ok
    22:20:55.0953 1020 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    22:20:55.0953 1020 cbidf - ok
    22:20:56.0218 1020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    22:20:56.0218 1020 cbidf2k - ok
    22:20:56.0500 1020 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    22:20:56.0500 1020 cd20xrnt - ok
    22:20:56.0765 1020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    22:20:56.0765 1020 Cdaudio - ok
    22:20:57.0093 1020 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    22:20:57.0093 1020 Cdfs - ok
    22:20:57.0390 1020 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    22:20:57.0390 1020 Cdrom - ok
    22:20:57.0609 1020 Changer - ok
    22:20:57.0890 1020 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
    22:20:57.0890 1020 CiSvc - ok
    22:20:58.0125 1020 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
    22:20:58.0125 1020 ClipSrv - ok
    22:20:58.0406 1020 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:20:58.0406 1020 clr_optimization_v2.0.50727_32 - ok
    22:20:58.0765 1020 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    22:20:58.0765 1020 CmBatt - ok
    22:20:59.0046 1020 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    22:20:59.0046 1020 CmdIde - ok
    22:20:59.0296 1020 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    22:20:59.0296 1020 Compbatt - ok
    22:20:59.0515 1020 COMSysApp - ok
    22:20:59.0843 1020 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    22:20:59.0843 1020 Cpqarray - ok
    22:21:00.0140 1020 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
    22:21:00.0140 1020 CryptSvc - ok
    22:21:00.0500 1020 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    22:21:00.0500 1020 CVirtA - ok
    22:21:01.0406 1020 CVPND (08d8fa119f2ad6ac0377fb667523482e) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    22:21:01.0421 1020 CVPND - ok
    22:21:01.0843 1020 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
    22:21:01.0843 1020 CVPNDRVA - ok
    22:21:02.0265 1020 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    22:21:02.0265 1020 dac2w2k - ok
    22:21:02.0562 1020 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    22:21:02.0562 1020 dac960nt - ok
    22:21:03.0015 1020 DcomLaunch (419899803ca479b73b02390318c787c0) C:\WINDOWS\system32\rpcss.dll
    22:21:03.0015 1020 DcomLaunch - ok
    22:21:03.0328 1020 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
    22:21:03.0328 1020 Dhcp - ok
    22:21:03.0640 1020 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    22:21:03.0656 1020 Disk - ok
    22:21:03.0890 1020 dmadmin - ok
    22:21:04.0500 1020 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    22:21:04.0500 1020 dmboot - ok
    22:21:04.0859 1020 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    22:21:04.0859 1020 dmio - ok
    22:21:05.0140 1020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    22:21:05.0140 1020 dmload - ok
    22:21:05.0406 1020 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
    22:21:05.0406 1020 dmserver - ok
    22:21:05.0765 1020 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    22:21:05.0765 1020 DMusic - ok
    22:21:06.0187 1020 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
    22:21:06.0187 1020 DNE - ok
    22:21:06.0468 1020 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
    22:21:06.0468 1020 Dnscache - ok
    22:21:06.0765 1020 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    22:21:06.0765 1020 dpti2o - ok
    22:21:07.0078 1020 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    22:21:07.0078 1020 drmkaud - ok
    22:21:07.0437 1020 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    22:21:07.0437 1020 E100B - ok
    22:21:07.0593 1020 EraserUtilDrv11010 - ok
    22:21:07.0875 1020 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
    22:21:07.0875 1020 ERSvc - ok
    22:21:08.0265 1020 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
    22:21:08.0265 1020 Eventlog - ok
    22:21:08.0640 1020 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\system32\es.dll
    22:21:08.0640 1020 EventSystem - ok
    22:21:08.0812 1020 EvtEng (d335183519e6814dfab4ed3dd806a943) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    22:21:08.0828 1020 EvtEng - ok
    22:21:09.0203 1020 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
    22:21:09.0203 1020 FANTOM - ok
    22:21:09.0546 1020 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    22:21:09.0546 1020 Fastfat - ok
    22:21:09.0859 1020 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
    22:21:09.0859 1020 FastUserSwitchingCompatibility - ok
    22:21:10.0218 1020 Fax (fcbd571fa0ee8dc238944ae5fab74461) C:\WINDOWS\system32\fxssvc.exe
    22:21:10.0234 1020 Fax - ok
    22:21:10.0562 1020 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    22:21:10.0562 1020 Fdc - ok
    22:21:10.0859 1020 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    22:21:10.0859 1020 Fips - ok
    22:21:11.0281 1020 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    22:21:11.0296 1020 FLEXnet Licensing Service - ok
    22:21:11.0593 1020 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    22:21:11.0593 1020 Flpydisk - ok
    22:21:11.0906 1020 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    22:21:11.0906 1020 FltMgr - ok
    22:21:12.0218 1020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:21:12.0218 1020 Fs_Rec - ok
    22:21:12.0531 1020 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    22:21:12.0531 1020 Ftdisk - ok
    22:21:12.0828 1020 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    22:21:12.0843 1020 GEARAspiWDM - ok
    22:21:13.0109 1020 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    22:21:13.0109 1020 Gpc - ok
    22:21:13.0390 1020 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
    22:21:13.0390 1020 GTIPCI21 - ok
    22:21:13.0734 1020 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    22:21:13.0734 1020 gupdate - ok
    22:21:13.0812 1020 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    22:21:13.0828 1020 gupdatem - ok
    22:21:13.0984 1020 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    22:21:13.0984 1020 helpsvc - ok
    22:21:14.0281 1020 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
    22:21:14.0281 1020 HidServ - ok
    22:21:14.0625 1020 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    22:21:14.0640 1020 HidUsb - ok
    22:21:14.0921 1020 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    22:21:14.0921 1020 hpn - ok
    22:21:15.0343 1020 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
    22:21:15.0343 1020 HTTP - ok
    22:21:15.0625 1020 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
    22:21:15.0625 1020 HTTPFilter - ok
    22:21:15.0906 1020 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
    22:21:15.0906 1020 i2omgmt - ok
    22:21:16.0203 1020 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    22:21:16.0203 1020 i2omp - ok
    22:21:16.0515 1020 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    22:21:16.0515 1020 i8042prt - ok
    22:21:17.0125 1020 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    22:21:17.0140 1020 ialm - ok
    22:21:17.0421 1020 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    22:21:17.0421 1020 IDriverT - ok
    22:21:17.0421 1020 Suspicious service (NoAccess): ifiiwgaxg
    22:21:17.0671 1020 ifiiwgaxg ( LockedService.Multi.Generic ) - warning
    22:21:17.0671 1020 ifiiwgaxg - detected LockedService.Multi.Generic (1)
    22:21:18.0015 1020 IISADMIN (74b9fa2afaf60b7f4e2a952e77b9dc6c) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    22:21:18.0015 1020 IISADMIN - ok
    22:21:18.0296 1020 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    22:21:18.0296 1020 Imapi - ok
    22:21:18.0531 1020 Imapi Helper (1acad13923e467e473c3ec503223f983) C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    22:21:18.0531 1020 Imapi Helper - ok
    22:21:18.0906 1020 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
    22:21:18.0906 1020 ImapiService - ok
    22:21:19.0265 1020 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    22:21:19.0265 1020 ini910u - ok
    22:21:19.0546 1020 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
    22:21:19.0546 1020 IntelIde - ok
    22:21:19.0843 1020 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    22:21:19.0843 1020 intelppm - ok
    22:21:20.0140 1020 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    22:21:20.0140 1020 Ip6Fw - ok
    22:21:20.0468 1020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:21:20.0468 1020 IpFilterDriver - ok
    22:21:20.0750 1020 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    22:21:20.0750 1020 IpInIp - ok
    22:21:21.0125 1020 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    22:21:21.0125 1020 IpNat - ok
    22:21:21.0625 1020 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe
    22:21:21.0625 1020 iPod Service - ok
    22:21:21.0968 1020 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    22:21:21.0984 1020 IPSec - ok
    22:21:22.0250 1020 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    22:21:22.0250 1020 IRENUM - ok
    22:21:22.0531 1020 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    22:21:22.0531 1020 isapnp - ok
    22:21:22.0921 1020 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
    22:21:22.0921 1020 IWCA - ok
    22:21:23.0343 1020 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
    22:21:23.0343 1020 JavaQuickStarterService - ok
    22:21:23.0703 1020 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    22:21:23.0703 1020 Kbdclass - ok
    22:21:24.0046 1020 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    22:21:24.0046 1020 kbdhid - ok
    22:21:24.0390 1020 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
    22:21:24.0390 1020 kmixer - ok
    22:21:24.0687 1020 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
    22:21:24.0687 1020 KSecDD - ok
    22:21:25.0031 1020 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
    22:21:25.0031 1020 lanmanserver - ok
    22:21:25.0421 1020 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll
    22:21:25.0421 1020 lanmanworkstation - ok
    22:21:25.0671 1020 lbrtfdc - ok
    22:21:27.0218 1020 LiveUpdate (63ed50a6ed61829c2def5b733d258a05) C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    22:21:27.0234 1020 LiveUpdate - ok
    22:21:27.0484 1020 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
    22:21:27.0484 1020 LmHosts - ok
    22:21:27.0750 1020 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    22:21:27.0765 1020 MDM - ok
    22:21:28.0078 1020 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
    22:21:28.0078 1020 Messenger - ok
    22:21:28.0375 1020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    22:21:28.0375 1020 mnmdd - ok
    22:21:28.0640 1020 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
    22:21:28.0640 1020 mnmsrvc - ok
    22:21:29.0000 1020 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    22:21:29.0000 1020 Modem - ok
    22:21:29.0281 1020 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    22:21:29.0281 1020 Mouclass - ok
    22:21:29.0625 1020 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    22:21:29.0625 1020 mouhid - ok
    22:21:29.0937 1020 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    22:21:29.0937 1020 MountMgr - ok
    22:21:30.0250 1020 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    22:21:30.0250 1020 mraid35x - ok
    22:21:30.0593 1020 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    22:21:30.0593 1020 MRxDAV - ok
    22:21:31.0156 1020 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:21:31.0156 1020 MRxSmb - ok
    22:21:31.0406 1020 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
    22:21:31.0406 1020 MSDTC - ok
    22:21:31.0734 1020 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    22:21:31.0734 1020 Msfs - ok
    22:21:31.0968 1020 MSIServer - ok
    22:21:32.0250 1020 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    22:21:32.0250 1020 MSKSSRV - ok
    22:21:32.0546 1020 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    22:21:32.0546 1020 MSPCLOCK - ok
    22:21:32.0828 1020 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    22:21:32.0828 1020 MSPQM - ok
    22:21:33.0093 1020 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    22:21:33.0109 1020 mssmbios - ok
    22:21:33.0234 1020 MSSQL$MICROSOFTBCM - ok
    22:21:33.0375 1020 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
    22:21:33.0375 1020 MSSQLServerADHelper - ok
    22:21:33.0718 1020 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    22:21:33.0718 1020 Mup - ok
    22:21:34.0125 1020 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    22:21:34.0125 1020 NDIS - ok
    22:21:34.0390 1020 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    22:21:34.0390 1020 NdisTapi - ok
    22:21:34.0656 1020 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    22:21:34.0656 1020 Ndisuio - ok
    22:21:34.0937 1020 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    22:21:34.0937 1020 NdisWan - ok
    22:21:35.0234 1020 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    22:21:35.0234 1020 NDProxy - ok
    22:21:35.0515 1020 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\WINDOWS\system32\HPZinw12.dll
    22:21:35.0515 1020 Net Driver HPZ12 - ok
    22:21:35.0781 1020 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    22:21:35.0781 1020 NetBIOS - ok
    22:21:36.0140 1020 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    22:21:36.0140 1020 NetBT - ok
    22:21:36.0437 1020 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
    22:21:36.0437 1020 NetDDE - ok
    22:21:36.0484 1020 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
    22:21:36.0484 1020 NetDDEdsdm - ok
    22:21:36.0781 1020 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:21:36.0781 1020 Netlogon - ok
    22:21:37.0093 1020 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
    22:21:37.0093 1020 Netman - ok
    22:21:37.0421 1020 NICCONFIGSVC (f24bcfefe471f4d34a5786b7fcb9235c) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    22:21:37.0421 1020 NICCONFIGSVC - ok
    22:21:37.0781 1020 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
    22:21:37.0781 1020 Nla - ok
    22:21:38.0078 1020 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    22:21:38.0078 1020 Npfs - ok
    22:21:38.0593 1020 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
    22:21:38.0593 1020 Ntfs - ok
    22:21:38.0890 1020 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:21:38.0890 1020 NtLmSsp - ok
    22:21:39.0281 1020 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
    22:21:39.0281 1020 NtmsSvc - ok
    22:21:39.0562 1020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    22:21:39.0562 1020 Null - ok
    22:21:40.0625 1020 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    22:21:40.0640 1020 nv - ok
    22:21:40.0953 1020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    22:21:40.0953 1020 NwlnkFlt - ok
    22:21:41.0328 1020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    22:21:41.0328 1020 NwlnkFwd - ok
    22:21:41.0609 1020 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
    22:21:41.0609 1020 omci - ok
    22:21:41.0796 1020 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:21:41.0796 1020 ose - ok
    22:21:42.0140 1020 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    22:21:42.0140 1020 Parport - ok
    22:21:42.0437 1020 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    22:21:42.0437 1020 PartMgr - ok
    22:21:42.0687 1020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    22:21:42.0687 1020 ParVdm - ok
    22:21:42.0968 1020 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    22:21:42.0968 1020 PCI - ok
    22:21:43.0218 1020 PCIDump - ok
    22:21:43.0500 1020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    22:21:43.0500 1020 PCIIde - ok
    22:21:43.0812 1020 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    22:21:43.0812 1020 Pcmcia - ok
    22:21:44.0078 1020 PDCOMP - ok
    22:21:44.0343 1020 PDFRAME - ok
    22:21:44.0625 1020 PDRELI - ok
    22:21:44.0890 1020 PDRFRAME - ok
    22:21:45.0203 1020 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    22:21:45.0203 1020 perc2 - ok
    22:21:45.0484 1020 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    22:21:45.0484 1020 perc2hib - ok
    22:21:45.0828 1020 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
    22:21:45.0843 1020 PlugPlay - ok
    22:21:46.0125 1020 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\WINDOWS\system32\HPZipm12.dll
    22:21:46.0125 1020 Pml Driver HPZ12 - ok
    22:21:46.0375 1020 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:21:46.0375 1020 PolicyAgent - ok
    22:21:46.0703 1020 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    22:21:46.0703 1020 PptpMiniport - ok
    22:21:46.0984 1020 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:21:46.0984 1020 ProtectedStorage - ok
    22:21:47.0265 1020 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    22:21:47.0265 1020 PSched - ok
    22:21:47.0531 1020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    22:21:47.0531 1020 Ptilink - ok
    22:21:47.0796 1020 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    22:21:47.0796 1020 ql1080 - ok
    22:21:48.0109 1020 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    22:21:48.0109 1020 Ql10wnt - ok
    22:21:48.0390 1020 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    22:21:48.0390 1020 ql12160 - ok
    22:21:48.0687 1020 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    22:21:48.0687 1020 ql1240 - ok
    22:21:48.0984 1020 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    22:21:48.0984 1020 ql1280 - ok
    22:21:49.0296 1020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:21:49.0296 1020 RasAcd - ok
    22:21:49.0609 1020 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
    22:21:49.0609 1020 RasAuto - ok
    22:21:49.0906 1020 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    22:21:49.0906 1020 Rasl2tp - ok
    22:21:50.0203 1020 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
    22:21:50.0203 1020 RasMan - ok
    22:21:50.0515 1020 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:21:50.0515 1020 RasPppoe - ok
    22:21:50.0796 1020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    22:21:50.0796 1020 Raspti - ok
    22:21:51.0234 1020 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:21:51.0234 1020 Rdbss - ok
    22:21:51.0484 1020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    22:21:51.0484 1020 RDPCDD - ok
    22:21:51.0859 1020 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    22:21:51.0859 1020 rdpdr - ok
    22:21:52.0234 1020 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
    22:21:52.0250 1020 RDPWD - ok
    22:21:52.0562 1020 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
    22:21:52.0562 1020 RDSessMgr - ok
    22:21:52.0890 1020 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    22:21:52.0890 1020 redbook - ok
    22:21:53.0109 1020 RegSrvc (15ba3bceeb32c4279b27f5c3389e4847) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    22:21:53.0109 1020 RegSrvc - ok
    22:21:53.0421 1020 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
    22:21:53.0421 1020 RemoteAccess - ok
    22:21:53.0703 1020 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
    22:21:53.0703 1020 RemoteRegistry - ok
    22:21:54.0000 1020 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
    22:21:54.0000 1020 RpcLocator - ok
    22:21:54.0453 1020 RpcSs (419899803ca479b73b02390318c787c0) C:\WINDOWS\System32\rpcss.dll
    22:21:54.0468 1020 RpcSs - ok
    22:21:54.0750 1020 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    22:21:54.0765 1020 RSVP - ok
    22:21:55.0062 1020 S24EventMonitor (79a647519ca3e700e9738153f788fb7d) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    22:21:55.0078 1020 S24EventMonitor - ok
    22:21:55.0390 1020 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    22:21:55.0406 1020 s24trans - ok
    22:21:55.0656 1020 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:21:55.0656 1020 SamSs - ok
    22:21:55.0781 1020 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    22:21:55.0781 1020 SASDIFSV - ok
    22:21:55.0906 1020 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    22:21:55.0906 1020 SASKUTIL - ok
    22:21:56.0203 1020 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
    22:21:56.0203 1020 SCardSvr - ok
    22:21:56.0531 1020 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
    22:21:56.0531 1020 Schedule - ok
    22:21:56.0890 1020 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    22:21:56.0890 1020 Secdrv - ok
    22:21:57.0156 1020 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
    22:21:57.0156 1020 seclogon - ok
    22:21:57.0453 1020 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
    22:21:57.0453 1020 SENS - ok
    22:21:57.0718 1020 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    22:21:57.0718 1020 serenum - ok
    22:21:58.0000 1020 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
    22:21:58.0000 1020 Serial - ok
    22:21:58.0296 1020 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    22:21:58.0296 1020 Sfloppy - ok
    22:21:58.0703 1020 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
    22:21:58.0703 1020 SharedAccess - ok
    22:21:59.0062 1020 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
    22:21:59.0062 1020 ShellHWDetection - ok
    22:21:59.0296 1020 Simbad - ok
    22:21:59.0609 1020 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    22:21:59.0609 1020 sisagp - ok
    22:21:59.0953 1020 SMTPSVC (74b9fa2afaf60b7f4e2a952e77b9dc6c) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    22:21:59.0953 1020 SMTPSVC - ok
    22:22:00.0531 1020 sonypvf3 (f576ee7cc67a9b1e6a0f6a9ec1b1e6ab) C:\WINDOWS\system32\drivers\sonypvf3.sys
    22:22:00.0546 1020 sonypvf3 - ok
    22:22:00.0843 1020 sonypvl3 (9b70d51a35fe6230814d031e66f34651) C:\WINDOWS\system32\drivers\sonypvl3.sys
    22:22:00.0843 1020 sonypvl3 - ok
    22:22:01.0265 1020 sonypvt3 (6db72277b2d0db32d6b4a3882e966a97) C:\WINDOWS\system32\drivers\sonypvt3.sys
    22:22:01.0281 1020 sonypvt3 - ok
    22:22:01.0593 1020 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    22:22:01.0593 1020 SONYPVU1 - ok
    22:22:01.0906 1020 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    22:22:01.0906 1020 Sparrow - ok
    22:22:02.0234 1020 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
    22:22:02.0234 1020 splitter - ok
    22:22:02.0500 1020 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
    22:22:02.0500 1020 Spooler - ok
    22:22:02.0625 1020 SQLAgent$MICROSOFTBCM - ok
    22:22:02.0984 1020 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    22:22:02.0984 1020 sr - ok
    22:22:03.0296 1020 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
    22:22:03.0312 1020 srservice - ok
    22:22:03.0796 1020 Srv (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys
    22:22:03.0796 1020 Srv - ok
    22:22:04.0125 1020 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
    22:22:04.0125 1020 SSDPSRV - ok
    22:22:04.0531 1020 STAC97 (19fcec67aaffab07ba358860a602cb4a) C:\WINDOWS\system32\drivers\STAC97.sys
    22:22:04.0546 1020 STAC97 - ok
    22:22:04.0937 1020 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
    22:22:04.0937 1020 stisvc - ok
    22:22:05.0250 1020 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    22:22:05.0250 1020 swenum - ok
    22:22:05.0546 1020 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    22:22:05.0562 1020 swmidi - ok
    22:22:05.0796 1020 SwPrv - ok
    22:22:06.0109 1020 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    22:22:06.0109 1020 symc810 - ok
    22:22:06.0390 1020 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    22:22:06.0406 1020 symc8xx - ok
    22:22:06.0671 1020 SymIM - ok
    22:22:06.0937 1020 SymIMMP - ok
    22:22:07.0234 1020 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    22:22:07.0234 1020 sym_hi - ok
    22:22:07.0531 1020 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    22:22:07.0531 1020 sym_u3 - ok
    22:22:07.0796 1020 SynasUSB - ok
    22:22:08.0078 1020 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    22:22:08.0093 1020 sysaudio - ok
    22:22:08.0343 1020 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
    22:22:08.0359 1020 SysmonLog - ok
    22:22:08.0687 1020 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
    22:22:08.0687 1020 TapiSrv - ok
    22:22:09.0140 1020 TASCAM_US122144 (6ca4684a6d0406487b334e20afbfda29) C:\WINDOWS\system32\Drivers\tascusb2.sys
    22:22:09.0156 1020 TASCAM_US122144 - ok
    22:22:09.0515 1020 TASCAM_US122L_MK2_MIDI (93147900549a9ab74212dea5234109f3) C:\WINDOWS\system32\drivers\tscusb2m.sys
    22:22:09.0515 1020 TASCAM_US122L_MK2_MIDI - ok
    22:22:09.0828 1020 TASCAM_US122L_MK2_WDM (248b76aeabb98356b283fdd603ef3d6c) C:\WINDOWS\system32\drivers\tscusb2a.sys
    22:22:09.0828 1020 TASCAM_US122L_MK2_WDM - ok
    22:22:10.0296 1020 Tcpip (88763a98a4c26c409741b4aa162720c9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    22:22:10.0296 1020 Tcpip - ok
    22:22:10.0593 1020 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    22:22:10.0609 1020 TDPIPE - ok
    22:22:10.0921 1020 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    22:22:10.0921 1020 TDTCP - ok
    22:22:11.0203 1020 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    22:22:11.0203 1020 TermDD - ok
    22:22:11.0578 1020 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
    22:22:11.0578 1020 TermService - ok
    22:22:11.0906 1020 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
    22:22:11.0921 1020 Themes - ok
    22:22:12.0187 1020 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
    22:22:12.0187 1020 TlntSvr - ok
    22:22:12.0500 1020 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    22:22:12.0500 1020 TosIde - ok
    22:22:12.0875 1020 Tosrfbd (47bb36a3db94807bc26c280d1ce4a243) C:\WINDOWS\system32\Drivers\tosrfbd.sys
    22:22:12.0875 1020 Tosrfbd - ok
    22:22:13.0156 1020 Tosrfcom (d185be751021bcf1e5d58566d408314a) C:\WINDOWS\system32\drivers\Tosrfcom.sys
    22:22:13.0156 1020 Tosrfcom - ok
    22:22:13.0468 1020 Tosrfhid (341612b9758054e5965bcd6ae111b8f9) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
    22:22:13.0468 1020 Tosrfhid - ok
    22:22:13.0734 1020 Tosrfusb (ddb8a339e57d514768f45d33b11bdb50) C:\WINDOWS\system32\Drivers\tosrfusb.sys
    22:22:13.0734 1020 Tosrfusb - ok
    22:22:14.0062 1020 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
    22:22:14.0078 1020 TrkWks - ok
    22:22:14.0421 1020 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    22:22:14.0421 1020 Udfs - ok
    22:22:14.0703 1020 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    22:22:14.0703 1020 ultra - ok
    22:22:15.0031 1020 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
    22:22:15.0031 1020 UMWdf - ok
    22:22:15.0390 1020 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    22:22:15.0390 1020 Update - ok
    22:22:15.0734 1020 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
    22:22:15.0734 1020 upnphost - ok
    22:22:16.0015 1020 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
    22:22:16.0015 1020 UPS - ok
    22:22:16.0390 1020 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
    22:22:16.0390 1020 USBAAPL - ok
    22:22:16.0687 1020 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    22:22:16.0687 1020 usbccgp - ok
    22:22:16.0984 1020 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    22:22:16.0984 1020 usbehci - ok
    22:22:17.0296 1020 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    22:22:17.0296 1020 usbhub - ok
    22:22:17.0640 1020 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    22:22:17.0640 1020 usbprint - ok
    22:22:17.0968 1020 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    22:22:17.0968 1020 usbscan - ok
    22:22:18.0312 1020 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    22:22:18.0312 1020 USBSTOR - ok
    22:22:18.0578 1020 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    22:22:18.0578 1020 usbuhci - ok
    22:22:18.0906 1020 UserAccess7 (0edfe36e05a62888eff6d97ae494b2a5) C:\WINDOWS\system32\UAService7.exe
    22:22:18.0906 1020 UserAccess7 - ok
    22:22:19.0203 1020 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    22:22:19.0203 1020 VgaSave - ok
    22:22:19.0484 1020 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    22:22:19.0484 1020 viaagp - ok
    22:22:19.0781 1020 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
    22:22:19.0781 1020 ViaIde - ok
    22:22:20.0062 1020 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    22:22:20.0062 1020 VolSnap - ok
    22:22:20.0484 1020 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
    22:22:20.0484 1020 vsdatant - ok
    22:22:20.0812 1020 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
    22:22:20.0812 1020 VSS - ok
    22:22:22.0468 1020 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
    22:22:22.0484 1020 w29n51 - ok
    22:22:22.0796 1020 w32time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
    22:22:22.0796 1020 w32time - ok
    22:22:23.0218 1020 W3SVC (74b9fa2afaf60b7f4e2a952e77b9dc6c) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    22:22:23.0218 1020 W3SVC - ok
    22:22:23.0546 1020 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    22:22:23.0546 1020 Wanarp - ok
    22:22:23.0781 1020 WDICA - ok
    22:22:24.0109 1020 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
    22:22:24.0109 1020 wdmaud - ok
    22:22:24.0390 1020 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
    22:22:24.0390 1020 WebClient - ok
    22:22:24.0734 1020 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
    22:22:24.0750 1020 winmgmt - ok
    22:22:25.0062 1020 WLANKEEPER (43ed73f10de96e0a23244bd9cf04f5c2) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    22:22:25.0062 1020 WLANKEEPER - ok
    22:22:25.0390 1020 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
    22:22:25.0390 1020 WmdmPmSN - ok
    22:22:25.0921 1020 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS\System32\advapi32.dll
    22:22:25.0921 1020 Wmi - ok
    22:22:26.0234 1020 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    22:22:26.0234 1020 WmiApSrv - ok
    22:22:26.0515 1020 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    22:22:26.0515 1020 WS2IFSL - ok
    22:22:26.0843 1020 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
    22:22:26.0843 1020 wscsvc - ok
    22:22:27.0125 1020 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
    22:22:27.0125 1020 wuauserv - ok
    22:22:27.0515 1020 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
    22:22:27.0515 1020 WZCSVC - ok
    22:22:27.0812 1020 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
    22:22:27.0812 1020 xmlprov - ok
    22:22:27.0890 1020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    22:22:28.0203 1020 \Device\Harddisk0\DR0 - ok
    22:22:28.0218 1020 Boot (0x1200) (ec4963500b5466684c5ce25d1aeb1a02) \Device\Harddisk0\DR0\Partition0
    22:22:28.0234 1020 \Device\Harddisk0\DR0\Partition0 - ok
    22:22:28.0250 1020 ============================================================
    22:22:28.0250 1020 Scan finished
    22:22:28.0250 1020 ============================================================
    22:22:28.0281 0840 Detected object count: 1
    22:22:28.0281 0840 Actual detected object count: 1
    22:22:46.0562 0840 ifiiwgaxg ( LockedService.Multi.Generic ) - User select action: Quarantine
     
  14. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    Hi,

    Please see Combofix and TDSSKiller logs above.

    A few notes:

    -- Was unable to connect to the Internet while in Safe Mode. Rebooted normally, downloaded RKill and TDSSKiller then rebooted and ran them from Safe Mode.

    -- On the Malwarebytes full scan, in Safe Mode, received a Delayed Write Failed alert after the scan had finished, saying Windows was unable to save all data for the file

    C:\$Mft

    - Ted
     
  15. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    I should be clear: For what its worth, I was in Safe Mode with Networking

    -Ted
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thank you for answering my question about which Safe Mode! Ted, are you a Comcast Customer?

    Hosts modified sending searches to a Russion Site>> That's why the redirect.
    Have you intentionally edited the Host files bypass Apple's signature server?
    ===============================================
    There are multiple antivirus programs running:
    Noted in my Reply #11:
    Current AV processes in Combofix:
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    Please get that down to one antivirus. Reboot after removing one AV.
    ===================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\eqyhh.dll
    FileLook::
    c:\progra~1\TEXTPA~1\System\shellext.dll
    DDS::
    uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    Hosts: 94.232.248.66 antivirprotection.com
    Hosts: 94.232.248.66 www.antivirprotection.com
    Folder::
    c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "!AVG Anti-Spyware"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @="Service"
    [HKLM\~\startupfolder\C:^Documents and Settings^tcorcoran^Start Menu^Programs^Startup^Konfabulator.lnk]
    path=c:\documents and settings\tcorcoran\Start Menu\Programs\Startup\Konfabulator.lnk
    backup=c:\windows\pss\Konfabulator.lnkStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    "FirewallOverride"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-.
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=-
    RegLock::
    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    
    Clearjavacache::
    Driver::
    ifiiwgaxg
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ===================
    I'd like you to boot into Normal Mode so you can run the Eset Online Virus scan:
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =======================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =====================================
    Open Firefox> Tools> Addons> Extensions> Remove any entries for:
    Search Toolbar
    Zugo
    ====================================
    Please leave logs in next reply.
     
  17. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    >>>>>>>>>> ComboFix.txt <<<<<<<<<<<<

    ComboFix 12-04-12.03 - tcorcoran 2012-04-12 20:43:14.4.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.606 [GMT -4:00]
    Running from: C:\Documents and Settings\tcorcoran\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Documents and Settings\All Users\Application Data\TEMP
    C:\Documents and Settings\tcorcoran\g2mdlhlpx.exe
    C:\Documents and Settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}
    C:\Documents and Settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\chrome.manifest
    C:\Documents and Settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\chrome\content\_cfg.js
    C:\Documents and Settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\chrome\content\overlay.xul
    C:\Documents and Settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\install.rdf
    C:\Documents and Settings\tcorcoran\WINDOWS
    C:\Program Files\Common Files\fwzu
    C:\Program Files\Common Files\fwzu\fwzua.lck
    C:\Program Files\Common Files\fwzu\fwzud\class-barrel
    C:\Program Files\Common Files\fwzu\fwzul.lck
    C:\Program Files\Common Files\fwzu\fwzum.lck
    C:\Program Files\Search Toolbar
    C:\Program Files\Search Toolbar\icon.ico
    C:\Program Files\Search Toolbar\SearchToolbar.dll
    C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe
    C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe
    C:\WINDOWS\system32\jierrfba.ini
    C:\WINDOWS\system32\setb6.tmp

    C:\WINDOWS\system32\proquota.exe was missing
    Restored copy from - C:\I386\proquota.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_COMSERVER
    -------\Service_COMServer


    ((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))


    2012-04-13 00:57:38 . 2004-08-04 10:00:00 50176 ----a-w- C:\WINDOWS\system32\proquota.exe
    2012-04-13 00:57:38 . 2004-08-04 10:00:00 50176 ----a-w- C:\WINDOWS\system32\dllcache\proquota.exe
    2012-04-13 00:15:44 . 2012-04-13 00:15:44 -------- d-----w- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
    2012-04-12 03:30:42 . 2012-03-06 23:01:30 20696 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2012-04-12 03:30:41 . 2012-03-06 23:03:38 337880 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
    2012-04-12 03:30:19 . 2012-03-06 23:02:00 35672 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
    2012-04-12 03:30:17 . 2012-03-06 23:01:53 53848 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
    2012-04-12 03:30:14 . 2012-03-06 23:03:51 612184 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
    2012-04-12 03:30:09 . 2012-03-06 23:01:39 95704 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
    2012-04-12 03:30:09 . 2012-03-06 23:01:35 89048 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
    2012-04-12 03:30:07 . 2012-03-06 22:58:29 24920 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
    2012-04-12 03:28:12 . 2012-03-06 23:15:19 41184 ----a-w- C:\WINDOWS\avastSS.scr
    2012-04-12 03:28:08 . 2012-03-06 23:15:14 201352 ----a-w- C:\WINDOWS\system32\aswBoot.exe
    2012-04-12 03:26:36 . 2012-04-12 03:26:36 -------- d-----w- C:\Program Files\AVAST Software
    2012-04-12 03:26:36 . 2012-04-12 03:26:36 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVAST Software
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2012-04-04 19:56:40 . 2011-03-20 19:12:08 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15:06 123536 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 21:33:20 155648]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 19:59:54 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-11-18 01:59:04 421160]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25:42 6731312]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-09-08 16:17:42 421888]
    "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-03-06 23:15:17 4241512]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2004-09-07 21:08:06 110592 ----a-w- C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^tcorcoran^Start Menu^Programs^Startup^Dropbox.lnk]
    path=C:\Documents and Settings\tcorcoran\Start Menu\Programs\Startup\Dropbox.lnk
    backup=C:\WINDOWS\pss\Dropbox.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^tcorcoran^Start Menu^Programs^Startup^Konfabulator.lnk]
    path=C:\Documents and Settings\tcorcoran\Start Menu\Programs\Startup\Konfabulator.lnk
    backup=C:\WINDOWS\pss\Konfabulator.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -u [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 10:00:00 15360 ------w- C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    2005-03-04 16:26:08 606208 ----a-w- C:\Program Files\Dell\QuickSet\quickset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2005-02-15 20:02:56 126976 ------w- C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2005-02-15 20:02:58 155648 ------w- C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-10-13 16:24:37 1694208 ----a-w- C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 16:17:42 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2010-04-06 06:27:46 26102056 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
    "C:\\Program Files\\Intel\\Wireless\\Bin\\1XConfig.exe"=
    "C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2007-02-24 10:16:18 PM 18110]
    R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [2012-04-11 11:30:14 PM 612184]
    R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [2012-04-11 11:30:41 PM 337880]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2010-02-17 2:25:48 PM 12872]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 2:41:30 PM 67656]
    R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2007-02-24 10:16:17 PM 619390]
    R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2007-02-24 10:16:18 PM 423454]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-04-11 11:30:42 PM 20696]
    R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\drivers\gtipci21.sys [2005-06-03 5:52:42 PM 80384]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 5:58:31 PM 135664]
    S2 ifiiwgaxg;Windows Helper;C:\WINDOWS\system32\svchost.exe -k netsvcs [2004-08-11 6:00:34 PM 14336]
    S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
    S3 FANTOM;LEGO MINDSTORMS NXT Driver;C:\WINDOWS\system32\drivers\fantom.sys [2006-03-10 4:55:18 PM 39424]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 5:58:31 PM 135664]
    S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys --> C:\WINDOWS\system32\drivers\SynasUSB.sys [?]
    S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\WINDOWS\system32\drivers\tascusb2.sys [2010-09-15 6:08:23 PM 386560]
    S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;C:\WINDOWS\system32\drivers\tscusb2m.sys [2010-09-15 6:08:24 PM 20992]
    S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;C:\WINDOWS\system32\drivers\tscusb2a.sys [2010-09-15 6:08:24 PM 33792]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - WS2IFSL
    *NewlyCreated* - WUAUSERV

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ifiiwgaxg

    Contents of the 'Scheduled Tasks' folder

    2012-04-13 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 21:58:31 . 2010-02-03 21:58:26]

    2012-04-12 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 21:58:31 . 2010-02-03 21:58:26]

    2012-04-12 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-484061587-1417001333-1130Core.job
    - C:\Documents and Settings\tcorcoran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-17 23:53:01 . 2011-09-17 23:52:58]

    2012-04-13 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-484061587-1417001333-1130UA.job
    - C:\Documents and Settings\tcorcoran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-17 23:53:01 . 2011-09-17 23:52:58]


    ------- Supplementary Scan -------

    uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - C:\Documents and Settings\tcorcoran\Application Data\Mozilla\Firefox\Profiles\fyctq6of.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF

    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\jre6\bin\jusched.exe
    Notify-ckpNotify - (no file)
    Notify-NavLogon - (no file)
    SafeBoot-AVG Anti-Spyware Driver
    MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-DSS - C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
    MSConfigStartUp-osCheck - C:\Program Files\Norton Internet Security\osCheck.exe
    MSConfigStartUp-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe
    AddRemove-HijackThis - C:\Documents and Settings\tcorcoran\Desktop\HijackThis.exe
     
  18. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    >>>>>>>> ESETScan.txt <<<<<<<<<<<<

    C:\Documents and Settings\tcorcoran\Desktop\torrents\Windows 7 Ultimate Fully Activated Genuine x86 x64 - Team ! M-J-R !\Windows 7 Loader.zip a variant of Win32/HackKMS.A application


    Note: I'm a little worried about the accuracy here. This log is from a second running of ESET, the first time I did not uncheck Remove Found Threats and check Scan Archives. When I realized my error, I stopped the scan. At that point it had found a decent list of threats -- and I figured they would be found again in the second scan. Not so. The second scan only found this one threat, though I looked at the quarantine and there were a number of threats there that seemed to correspond to those indicated in the first scan -- perhaps it had "removed" them to this quarantine.
     
  19. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    >>>>>>>>>>>>> CKScanner Log <<<<<<<<<<<<<

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\tcorcoran\desktop\torrents\cool edit pro 2.1 with crack.zip
    c:\documents and settings\tcorcoran\desktop\torrents\cool edit pro 2.1 with crack\cepsetup.exe
    c:\documents and settings\tcorcoran\desktop\torrents\cool edit pro 2.1 with crack\crack\cd2003.txt
    c:\documents and settings\tcorcoran\desktop\torrents\cool edit pro 2.1 with crack\crack\cep2reg.exe
    c:\documents and settings\tcorcoran\desktop\torrents\cool edit pro 2.1 with crack\crack\keygen.nfo
    scanner sequence 3.BC.11.XQLBAU
    ----- EOF -----
     
  20. TedCorcoran

    TedCorcoran TS Rookie Topic Starter Posts: 27

    Answers to your questions:

    -- I am a Comcast Customer
    -- I have not intentionally edited Host files

    Also, I had removed Norton using the Control Panel. The Symantec LiveUpdate was a different program, I guess. I removed it.

    Thank you for the continued attention!

    -Ted
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...