[Closed] Delayed write failed issue

Status
Not open for further replies.
T

TedCorcoran

Posts: 27   +0
Hi

I got a few redirects from Google returns to random sites unaffiliated with the hot link and knew something was up. Ran Avast scan. Today, received Delayed Write Failed message. Destination was:

C:\$Extend\$UsnJrnl:$J

and

C:\WINDOWS\System32\Config

Ran MalwareBytes, GMER, and DDS --- logs to follow.

Have access to the Internet via the machine. Please let me know next steps -- and accept my thanks in advance for all you do and for any help you can provide.

-Ted

>>>>>> MalwareBytes Log <<<<<<<<<

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.11
tcorcoran :: TCORCORAN03 [administrator]

2012-04-11 10:48:45 PM
mbam-log-2012-04-11 (22-48-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253280
Time elapsed: 32 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
>>>>>>> GMER Log <<<<<<<<

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-12 10:41:39
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2040AH rev.00000096
Running: 2f7bpf76.exe; Driver: C:\DOCUME~1\TCORCO~1\LOCALS~1\Temp\pxrdyfog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA25A1DF8]
SSDT 872EFAF0 ZwAlertResumeThread
SSDT 87668CA8 ZwAlertThread
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA262EA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA25A285E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA25CED5D]
SSDT 8777A5B0 ZwConnectPort
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA25A72E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA25A7330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA25A7422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA25CE711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA25A7252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA25A7374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA25A729A]
SSDT 875CD518 ZwCreateThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA25A73DC]
SSDT 876770D0 ZwDebugActiveProcess
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA25A1E44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA25CF423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA25CF6D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA25A49A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA25CF28E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA25CF0F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA262EB34]
SSDT 87607368 ZwImpersonateAnonymousToken
SSDT 875F80F0 ZwImpersonateThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA25A1AD6]
SSDT 875CC110 ZwMapViewOfSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA25A1E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA25A4D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA25A2B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA25A730E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA25A7352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA25A7446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA25CEA6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA25A7278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA25A4518]
SSDT 8760A8D8 ZwOpenProcessToken
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA25A73AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA25A72C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA25A474C]
SSDT 872C2A80 ZwOpenThreadToken
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA25A7400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA262ECA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA25CEF74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA25A29CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA25CEDC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA2638B68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA25CDD84]
SSDT 87304AF0 ZwResumeThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA25A1EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA25A1F28]
SSDT 8760DD40 ZwSetContextThread
SSDT 87358B50 ZwSetInformationProcess
SSDT 87601640 ZwSetInformationThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA25A1B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA25A1CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA25CF52A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA25A1C92]
SSDT 875CA038 ZwSuspendProcess
SSDT 8766DD50 ZwSuspendThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA25A1D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xA262ED60]
SSDT 8764A0E8 ZwTerminateThread
SSDT 87610780 ZwUnmapViewOfSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA25A1F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xA262EBE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA2644D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 90 804E26EC 4 Bytes [5A, EA, 62, A2]
.text ntoskrnl.exe!_abnormal_termination + F0 804E274C 1 Byte [11]
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E282C 2 Bytes [D6, 1A]
.text ntoskrnl.exe!_abnormal_termination + 1D3 804E282F 1 Byte [A2]
.text ntoskrnl.exe!_abnormal_termination + 228 804E2884 8 Bytes [6D, EA, 5C, A2, 78, 72, 5A, ...] {INSD ; JMP FAR 0xa25a:0x7278a25c}
.text ...
PAGE ntoskrnl.exe!ObInsertObject 805641A3 5 Bytes JMP A264374C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80569D33 4 Bytes CALL A25A319F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058041A 7 Bytes JMP A2644D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059D924 5 Bytes JMP A2641C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\DRIVERS\gtipci21.sys entry point in "init" section [0xF71CCA80]
.text win32k.sys!EngFreeUserMem + 674 BF80BB11 5 Bytes JMP A25A6180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + E5B BF80C2F8 5 Bytes JMP A25A607C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF810239 5 Bytes JMP A25A6036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 3228 BF81E155 5 Bytes JMP A25A4E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 506D BF823F38 5 Bytes JMP A25A5724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 4EF BF82CB8B 5 Bytes JMP A25A4F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 6077 BF835D15 5 Bytes JMP A25A62EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 37B3 BF83DAE6 5 Bytes JMP A25A64F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + ED04 BF849037 5 Bytes JMP A25A60BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 44AF BF851373 5 Bytes JMP A25A6450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + DB4 BF858BB3 5 Bytes JMP A25A4FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2D97 BF85AB96 5 Bytes JMP A25A5F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 63E4 BF85E1E3 5 Bytes JMP A25A5384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 646F BF85E26E 5 Bytes JMP A25A5562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 415A BF879B63 5 Bytes JMP A25A551C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF896DAD 5 Bytes JMP A25A57FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 1899 BF899503 5 Bytes JMP A25A4E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 23AD BF89DBF1 5 Bytes JMP A25A6232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 8D7E BF8B97A5 5 Bytes JMP A25A570C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + D861 BF8BE288 5 Bytes JMP A25A57E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 4C65 BF8C3DC7 5 Bytes JMP A25A5104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 15C6 BF8E92E9 5 Bytes JMP A25A51AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 1846 BF8E9569 5 Bytes JMP A25A52E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 445D BF8EC180 5 Bytes JMP A25A4D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + CE64 BF8F4B87 5 Bytes JMP A25A573C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF911BC0 5 Bytes JMP A25A4F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF912794 5 Bytes JMP A25A50B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC2 BF9150EE 5 Bytes JMP A25A567C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 191E BF942A95 5 Bytes JMP A25A63A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
 
---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[128] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\csrss.exe[228] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[228] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\winlogon.exe[252] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[252] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[252] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[252] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[252] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[292] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[292] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[292] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\services.exe[292] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\services.exe[292] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[292] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[292] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[292] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[292] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\Explorer.EXE[296] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[296] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[296] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[296] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
.text C:\WINDOWS\Explorer.EXE[296] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[296] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[296] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[296] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[296] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[308] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[308] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\lsass.exe[308] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[308] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[308] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[308] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[308] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00371014
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00370804
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00370A08
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00370C0C
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00370E10
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003701F8
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003703FC
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00370600
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[348] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\svchost.exe[488] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[488] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[488] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[600] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[600] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[600] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[600] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[600] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[644] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[712] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\SCardSvr.exe[720] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\SCardSvr.exe[720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\SCardSvr.exe[720] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\SCardSvr.exe[720] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\SCardSvr.exe[720] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\SCardSvr.exe[720] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\SCardSvr.exe[720] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\SCardSvr.exe[720] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\SCardSvr.exe[720] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\SCardSvr.exe[720] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
 
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 004C1014
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 004C0804
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 004C0A08
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 004C0C0C
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 004C0E10
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 004C01F8
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 004C03FC
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 004C0600
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 004D0A08
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 004D0804
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 004D0600
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 004D01F8
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[748] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 004D03FC
.text C:\WINDOWS\system32\spoolsv.exe[860] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[860] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[860] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[860] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\spoolsv.exe[860] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\spoolsv.exe[860] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[860] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[860] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[860] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[860] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[936] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[936] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[936] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[936] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[936] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[936] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[936] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[936] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003A1014
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003A0804
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 003A0A08
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 003A0C0C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 003A0E10
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003A01F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003A03FC
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003A0600
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003B0A08
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003B0804
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003B0600
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003B01F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003B03FC
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003A1014
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003A0804
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 003A0A08
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 003A0C0C
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 003A0E10
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003A01F8
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003A03FC
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003A0600
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003B0A08
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003B0804
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003B0600
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003B01F8
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1056] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003B03FC
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000C01F8
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000C03FC
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00311014
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00310804
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00310A08
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00310C0C
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00310E10
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!CreateServiceA 77E37071 5 Bytes JMP 003101F8
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!CreateServiceW 77E37209 5 Bytes JMP 003103FC
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] ADVAPI32.DLL!DeleteService 77E37311 5 Bytes JMP 00310600
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] USER32.DLL!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00320A08
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] USER32.DLL!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00320804
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] USER32.DLL!SetWindowsHookExA 77D611E9 5 Bytes JMP 00320600
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] USER32.DLL!SetWinEventHook 77D617C8 5 Bytes JMP 003201F8
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1164] USER32.DLL!UnhookWinEvent 77D6187D 5 Bytes JMP 003203FC
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003C1014
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003C0804
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 003C0A08
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 003C0C0C
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 003C0E10
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003C01F8
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003C03FC
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003C0600
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003D0A08
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003D0804
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003D0600
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003D01F8
.text C:\Documents and Settings\tcorcoran\Desktop\2f7bpf76.exe[1208] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003D03FC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1300] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
 
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1400] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1400] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 004E1014
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 004E0804
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 004E0A08
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 004E0C0C
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 004E0E10
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 004E01F8
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 004E03FC
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 004E0600
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 004F0A08
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 004F0804
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 004F0600
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 004F01F8
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1588] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 004F03FC
.text C:\WINDOWS\System32\smss.exe[1872] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2108] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\iPod\bin\iPodService.exe[2108] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2108] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\iPod\bin\iPodService.exe[2108] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\iPod\bin\iPodService.exe[2108] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\iPod\bin\iPodService.exe[2108] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
.text C:\Program Files\iPod\bin\iPodService.exe[2108] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
.text C:\Program Files\iPod\bin\iPodService.exe[2108] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
.text C:\Program Files\iPod\bin\iPodService.exe[2108] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
.text C:\Program Files\iPod\bin\iPodService.exe[2108] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\UAService7.exe[2356] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\UAService7.exe[2356] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\UAService7.exe[2356] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\UAService7.exe[2356] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\UAService7.exe[2356] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00370600
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003A1014
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003A0804
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 003A0A08
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 003A0C0C
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 003A0E10
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003A01F8
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003A03FC
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003A0600
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003B0A08
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003B0804
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003B0600
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003B01F8
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2408] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003B03FC
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003D1014
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003D0804
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 003D0A08
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 003D0C0C
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 003D0E10
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003D01F8
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003D03FC
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003D0600
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003E0A08
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003E0804
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003E0600
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003E01F8
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[2480] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003E03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2496] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\svchost.exe[2516] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2516] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2516] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[2516] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[2516] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[2516] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[2516] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[2516] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[2516] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[2556] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2556] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2556] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[2556] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[2556] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[2556] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[2556] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[2556] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[2556] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00371014
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00370804
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00370A08
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00370C0C
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00370E10
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003701F8
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003703FC
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00370600
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2748] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00391014
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00390804
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00390C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390E10
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003901F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003903FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2828] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00390600
.text C:\Program Files\Apoint\Apntex.exe[2832] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Apoint\Apntex.exe[2832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Apoint\Apntex.exe[2832] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Apoint\Apntex.exe[2832] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Apoint\Apntex.exe[2832] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00370A08
.text C:\Program Files\Apoint\Apntex.exe[2832] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00370804
.text C:\Program Files\Apoint\Apntex.exe[2832] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00370600
.text C:\Program Files\Apoint\Apntex.exe[2832] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003701F8
.text C:\Program Files\Apoint\Apntex.exe[2832] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003703FC
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[2976] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[3260] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
 
.text C:\WINDOWS\System32\svchost.exe[3336] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[3336] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3336] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[3336] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[3336] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[3336] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[3336] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[3336] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[3336] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[3336] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00371014
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00370804
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00370A08
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00370C0C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00370E10
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003701F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003703FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00370600
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3384] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[3428] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00371014
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00370804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00370A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00370C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00370E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003701F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003703FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00370600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3476] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\wdfmgr.exe[3500] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\wdfmgr.exe[3500] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[3500] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\wdfmgr.exe[3500] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wdfmgr.exe[3500] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wdfmgr.exe[3500] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wdfmgr.exe[3500] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wdfmgr.exe[3500] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wdfmgr.exe[3500] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wdfmgr.exe[3500] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002C03FC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00371014
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00370804
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00370A08
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00370C0C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00370E10
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003701F8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003703FC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00370600
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[3748] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3808] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3808] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3852] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[3872] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[3872] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3872] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[3872] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\ctfmon.exe[3872] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\ctfmon.exe[3872] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[3872] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[3872] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[3872] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[3872] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002C03FC
.text C:\Program Files\Apoint\Apoint.exe[4088] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Apoint\Apoint.exe[4088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Apoint\Apoint.exe[4088] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Apoint\Apoint.exe[4088] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Apoint\Apoint.exe[4088] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00370A08
.text C:\Program Files\Apoint\Apoint.exe[4088] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00370804
.text C:\Program Files\Apoint\Apoint.exe[4088] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00370600
.text C:\Program Files\Apoint\Apoint.exe[4088] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003701F8
.text C:\Program Files\Apoint\Apoint.exe[4088] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003703FC
.text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\Apoint\Apoint.exe[4088] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
 
---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[292] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005D0002
IAT C:\WINDOWS\system32\services.exe[292] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005D0000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[3808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] ifiiwgaxg <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg@DisplayName Windows Helper
Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg@Description Prefetches JRE files for faster startup of Java applets and applications
Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\ifiiwgaxg\Parameters@ServiceDll C:\WINDOWS\system32\eqyhh.dll
Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg@DisplayName Windows Helper
Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg@Description Prefetches JRE files for faster startup of Java applets and applications
Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\ifiiwgaxg\Parameters@ServiceDll C:\WINDOWS\system32\eqyhh.dll

---- EOF - GMER 1.0.15 ----
 
>>>>>> DDS Logs <<<<<<<<

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_26
Run by tcorcoran at 10:52:23 on 2012-04-12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.368 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\tcorcoran\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 94.232.248.66 antivirprotection.com
Hosts: 94.232.248.66 www.antivirprotection.com
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tcorcoran\application data\mozilla\firefox\profiles\fyctq6of.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://vshare.toolbarhome.com/?hp=df
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\tcorcoran\application data\mozilla\firefox\profiles\fyctq6of.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\tcorcoran\application data\mozilla\firefox\profiles\fyctq6of.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\tcorcoran\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\mozill~1\plugins\np32dsw.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npmusicn.dll
FF - plugin: c:\progra~1\mozill~1\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: XULRunner: {A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5} - c:\documents and settings\tcorcoran\local settings\application data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2007-2-24 18110]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-11 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-11 337880]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-9-17 10872]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2007-2-24 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2007-2-24 423454]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-11 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-11 44768]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-19 112688]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2005-6-3 80384]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070820.048\NAVENG.SYS [2011-3-19 81232]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070820.048\NAVEX15.SYS [2011-3-19 865904]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2011-3-19 1251720]
S2 COMServer;COMServer;"c:\windows\system32\msapps\comsrvr.exe" s --> c:\windows\system32\msapps\comsrvr.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S2 ifiiwgaxg;Windows Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11010.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [?]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-3-10 39424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasusb.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2010-9-15 386560]
S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2010-9-15 20992]
S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2010-9-15 33792]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== Created Last 30 ================
.
2012-04-12 03:30:14 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-12 03:28:12 41184 ----a-w- c:\windows\avastSS.scr
2012-04-12 03:26:36 -------- d-----w- c:\program files\AVAST Software
2012-04-12 03:26:36 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 10:56:02.50 ===============
 
>>>>>> DDS Logs --Attach.txt-- <<<<<<<<

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2005-06-08 10:12:44 AM
System Uptime: 2012-04-12 12:10:37 AM (10 hours ago)
.
Motherboard: Dell Inc. | | 0D4571
Processor: Intel(R) Pentium(R) M processor 2.00GHz | Microprocessor | 1995/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 7.526 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Standard
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 7.0
Adobe Reader 6.0.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
ALPS Touch Pad Driver
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AttachmentOptions
Audacity 1.2.6
avast! Free Antivirus
AVG Anti-Spyware 7.5
Beyond Compare Version 2.2.7
Bluetooth Stack for Windows by Toshiba
Bonjour
Business Contact Manager for Outlook 2003
CAIR2
ccCommon
Cisco Systems VPN Client 5.0.00.0340
Color Detector 2.0
Compatibility Pack for the 2007 Office system
Component Framework
Connect
eLicenser Control
First Step Guide
Google Chrome
Google Update Helper
Google Video Uploader
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB928388)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
ISO Recorder
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6
kuler
LiveUpdate (Symantec Corporation)
Logos
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.61.0.1400
mCore
mDrWiFi
MetaFrame Presentation Server Client
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual SourceSafe NetSetup
mIWA
mIWCA
mLogView
mMHouse
Mozilla Firefox (3.6.26)
mPfMgr
mPfWiz
mProSafe
mSSO
mToolkit
mWlsSafe
mXML
mZConfig
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
PDF Settings CS4
Pdf995
Photoshop Camera Raw
PowerDVD 5.1
QuickSet
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Skype™ 4.2
Sony DVD Handycam USB Driver 2
SPBBC 32bit
Steinberg Cubase LE 4
Suite Shared Configuration CS4
SUPERAntiSpyware
Symantec Real Time Storage Protection Component
SymNet
TextPad 4.7
TFCleanup v2.3
Uninstall Startup Inspector
US-122 MKII / US-144 MKII
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
WinZip Self-Extractor
.
==== Event Viewer Messages From Past Week ========
.
2012-04-12 12:48:44 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
2012-04-12 12:16:23 AM, error: Service Control Manager [7023] - The Windows Helper service terminated with the following error: The specified module could not be found.
2012-04-11 10:41:05 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
2012-04-11 10:37:15 PM, error: Service Control Manager [7023] - The Windows Helper service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
2012-04-11 10:35:24 PM, error: NETLOGON [5719] - No Domain Controller is available for domain CVILLE due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
2012-04-11 10:32:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2012-04-11 10:31:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV AVG Anti-Spyware Driver eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SPBBCDrv SRTSPX SYMTDI Tcpip
2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2012-04-11 10:31:08 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================
 
Hi,

Worried that the GMER is the "show all" scan, though I did not check the box. The scan seemed to hang when I received a rootkit warning. I clicked start again and it continued. Let me know if this step needs to be re-executed.

Again, thanks!

-Ted
 
Hi Ted! I would say 'welcome back but this is probably the last forum anyone want to be in! Let's hope we can fix this one. There are some extra entries In GMER I'll remove so the thread isn't so long.
-------------------------------
You've ended up with 2 AV though- so please remove one of them. Reboot when finished please.
AV: Norton Internet Security *Enabled/
AV: avast! Antivirus *Enabled/
=========================================
The Delayed Write Failure is most likely coming from the Rogue SYSTEM RESTORE: AKA Data Recovery So let's work on that. We'll let Combofix help us:

Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=======================================
This malware is a fake computer analysis and optimization program that displays fake information in order to scare you into believing that there is an issue with your computer and you need their program to fix it.
  • It will display numerous error messages when you attempt to launch programs or delete files.
  • It will scan your computer, which will then find a variety of errors that it states it cannot fix until you purchase the program. so-called defragment tool.
  • Folder, icons, programs may appear to be missing their content.
  • It may terminate a program you launch stating that "the program or hard drive is corrupted".
  • The messages that you will see when you attempt run a program are:
    [o]Hard Drive Failure
    [o]System ot Critical Error
    [o]Closing these messages will then bring 'notice' of Windows Recovery Diagnostics and/or Fix Disk
  • When running it will also display fake alerts from your Windows taskbar of various "Critical Errors" and other fake warnings.
  • . The malware may prevent downloads directly to the infected computer. In that case, programs can be loaded onto a flash drive, then transferred to the problem system to run.
===================================
1. Boot into Safe Mode with Networking
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.
=======================================
2. To end the processes that belong to the rogue program:
Please click on RKill
  • At the download page, click on Download now button for iExplore.exe download link and save to the desktop
  • Double click on the iExplore.exe icon
  • Please be patient- it may take a bit.
  • The black Window will close when through and you can continue.
Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
=======================================
Do not reboot your computer after runningRKilll as the malware programs will start again.
================================
3. This malware frequently comes with the TDSSrootkit, so do the following:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43 Save log and post in next reply.
  • After clicking Next, the utility applies selected actions and outputs the result.
  • A reboot is required after disinfection.
====================================
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
4. Update and rescan with Malwarebytes:
  • Select Perform Full Scan on the Scanner tab
  • Click on the Scan button.
  • When scan has finished, you will see this image:
    scan-finished.jpg
  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheck Word Wrap before copying the log to paste in your next reply.
==============================
Note: If #5 and/or #6 don't apply, you can skip those steps.
5.Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:
  • Click on Start> Control Panel> Appearance & Personalization
  • Select Change Theme or Change Desktop Background
=====================================
6.Some items may not show on the Start menu. To add them back:
  • Right click on Start> Properties
  • Taskbar and Start Menu Properties screen appears
  • choose Start Menu tab> Click on Customize
  • For Windows XP> Choose Advanced tab
  • Check the items you want back on the Start Menu
  • When finished> click on OK> Apply and close.
=====================================
You can now reboot back into Normal Mode.
(Note: If programs, icons, files, etc. appear to be missing, you can run #3 first, then continue with RKill)
=====================================
Please leave the logs from Combofix and TDSSKiller in the next reply.
 
ComboFix Log:


ComboFix 12-04-12.03 - tcorcoran 2012-04-12 20:43:14.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.606 [GMT -4:00]
Running from: c:\documents and settings\tcorcoran\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\tcorcoran\g2mdlhlpx.exe
c:\documents and settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}
c:\documents and settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\chrome.manifest
c:\documents and settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\chrome\content\_cfg.js
c:\documents and settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\chrome\content\overlay.xul
c:\documents and settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\install.rdf
c:\documents and settings\tcorcoran\WINDOWS
c:\program files\Common Files\fwzu
c:\program files\Common Files\fwzu\fwzua.lck
c:\program files\Common Files\fwzu\fwzud\class-barrel
c:\program files\Common Files\fwzu\fwzul.lck
c:\program files\Common Files\fwzu\fwzum.lck
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\jierrfba.ini
c:\windows\system32\setb6.tmp
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSERVER
-------\Service_COMServer
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-13 00:57 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\proquota.exe
2012-04-13 00:57 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2012-04-13 00:15 . 2012-04-13 00:15 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2012-04-12 03:30 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-12 03:30 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-12 03:30 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-04-12 03:30 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-12 03:30 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-12 03:30 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-04-12 03:30 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-04-12 03:30 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-04-12 03:28 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-12 03:28 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-12 03:26 . 2012-04-12 03:26 -------- d-----w- c:\program files\AVAST Software
2012-04-12 03:26 . 2012-04-12 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-03-20 19:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^tcorcoran^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\tcorcoran\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^tcorcoran^Start Menu^Programs^Startup^Konfabulator.lnk]
path=c:\documents and settings\tcorcoran\Start Menu\Programs\Startup\Konfabulator.lnk
backup=c:\windows\pss\Konfabulator.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-03-04 16:26 606208 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-02-15 20:02 126976 ------w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-02-15 20:02 155648 ------w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 06:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\1XConfig.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2007-02-24 18110]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-04-11 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-04-11 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2010-02-17 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 2:41 PM 67656]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2007-02-24 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2007-02-24 423454]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-04-11 20696]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2005-06-03 5:52 PM 80384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 5:58 PM 135664]
S2 ifiiwgaxg;Windows Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-08-11 6:00 PM 14336]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-03-10 4:55 PM 39424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 5:58 PM 135664]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2010-09-15 6:08 PM 386560]
S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2010-09-15 6:08 PM 20992]
S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2010-09-15 6:08 PM 33792]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ifiiwgaxg
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 21:58]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 21:58]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-484061587-1417001333-1130Core.job
- c:\documents and settings\tcorcoran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-17 23:52]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-484061587-1417001333-1130UA.job
- c:\documents and settings\tcorcoran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-17 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\tcorcoran\Application Data\Mozilla\Firefox\Profiles\fyctq6of.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
Notify-ckpNotify - (no file)
Notify-NavLogon - (no file)
SafeBoot-AVG Anti-Spyware Driver
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DSS - c:\windows\BBSTORE\DSS\DSSAGENT.EXE
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-HijackThis - c:\documents and settings\tcorcoran\Desktop\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-12 21:10
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\wbem\Performance\WmiApRpl.ini 3824 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ifiiwgaxg]
"ServiceDll"="c:\windows\system32\eqyhh.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1612)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3104)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\BIB.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Alex Feinman\ISO Recorder\ISORecorder.dll
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
c:\progra~1\WINZIP\WZSHLSTB.DLL
c:\program files\WinRAR\rarext.dll
c:\program files\Beyond Compare 2\BCShellEx.dll
c:\program files\Grisoft\AVG Anti-Spyware 7.5\context.dll
c:\windows\system32\browselc.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\shdoclc.dll
c:\progra~1\TEXTPA~1\System\shellext.dll
c:\program files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\program files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UAService7.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Apoint\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\documents and settings\tcorcoran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2012-04-12 21:20:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-13 01:19
ComboFix2.txt 2008-01-06 12:00
ComboFix3.txt 2007-09-17 14:22
.
Pre-Run: 8,317,292,544 bytes free
Post-Run: 9,183,162,368 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /bootlogo /noguiboot /kernel=KERNEL01.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /bootlogo /noguiboot
.
- - End Of File - - 1108BA2A96435E193905F17EA929327B
 
>>>>>>>>>>>> TDSSKiller <<<<<<<<<<<<


22:20:15.0265 0836 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
22:20:15.0265 0836 ============================================================
22:20:15.0265 0836 Current date / time: 2012/04/12 22:20:15.0265
22:20:15.0265 0836 SystemInfo:
22:20:15.0265 0836
22:20:15.0265 0836 OS Version: 5.1.2600 ServicePack: 2.0
22:20:15.0265 0836 Product type: Workstation
22:20:15.0265 0836 ComputerName: TCORCORAN03
22:20:15.0265 0836 UserName: tcorcoran
22:20:15.0265 0836 Windows directory: C:\WINDOWS
22:20:15.0265 0836 System windows directory: C:\WINDOWS
22:20:15.0265 0836 Processor architecture: Intel x86
22:20:15.0265 0836 Number of processors: 1
22:20:15.0265 0836 Page size: 0x1000
22:20:15.0265 0836 Boot type: Safe boot with network
22:20:15.0265 0836 ============================================================
22:20:17.0281 0836 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:20:17.0281 0836 \Device\Harddisk0\DR0:
22:20:17.0281 0836 MBR used
22:20:17.0281 0836 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x4A5DF76
22:20:17.0328 0836 Initialize success
22:20:17.0328 0836 ============================================================
22:20:38.0390 1020 ============================================================
22:20:38.0390 1020 Scan started
22:20:38.0390 1020 Mode: Manual;
22:20:38.0390 1020 ============================================================
22:20:40.0015 1020 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:20:40.0015 1020 Aavmker4 - ok
22:20:40.0265 1020 Abiosdsk - ok
22:20:40.0531 1020 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:20:40.0531 1020 abp480n5 - ok
22:20:40.0875 1020 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:20:40.0875 1020 ACPI - ok
22:20:41.0140 1020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:20:41.0140 1020 ACPIEC - ok
22:20:41.0500 1020 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
22:20:41.0500 1020 adfs - ok
22:20:41.0859 1020 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:20:41.0859 1020 adpu160m - ok
22:20:42.0203 1020 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
22:20:42.0203 1020 aec - ok
22:20:42.0515 1020 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:20:42.0515 1020 AegisP - ok
22:20:42.0843 1020 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
22:20:42.0843 1020 AFD - ok
22:20:43.0156 1020 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:20:43.0156 1020 agp440 - ok
22:20:43.0484 1020 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:20:43.0484 1020 agpCPQ - ok
22:20:43.0750 1020 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:20:43.0750 1020 Aha154x - ok
22:20:44.0046 1020 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:20:44.0046 1020 aic78u2 - ok
22:20:44.0328 1020 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:20:44.0328 1020 aic78xx - ok
22:20:44.0578 1020 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
22:20:44.0578 1020 Alerter - ok
22:20:44.0890 1020 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
22:20:44.0890 1020 ALG - ok
22:20:45.0171 1020 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:20:45.0171 1020 AliIde - ok
22:20:45.0468 1020 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:20:45.0468 1020 alim1541 - ok
22:20:45.0765 1020 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:20:45.0765 1020 amdagp - ok
22:20:46.0046 1020 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:20:46.0046 1020 amsint - ok
22:20:46.0375 1020 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:20:46.0375 1020 ApfiltrService - ok
22:20:46.0703 1020 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
22:20:46.0703 1020 APPDRV - ok
22:20:46.0921 1020 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:20:46.0921 1020 Apple Mobile Device - ok
22:20:47.0250 1020 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
22:20:47.0250 1020 AppMgmt - ok
22:20:47.0562 1020 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:20:47.0562 1020 asc - ok
22:20:47.0875 1020 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:20:47.0875 1020 asc3350p - ok
22:20:48.0156 1020 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:20:48.0156 1020 asc3550 - ok
22:20:48.0468 1020 aspnet_state (4eabf511b1af176a971c3271e48fa3a8) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:20:48.0468 1020 aspnet_state - ok
22:20:48.0828 1020 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:20:48.0828 1020 aswFsBlk - ok
22:20:49.0171 1020 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
22:20:49.0171 1020 aswMon2 - ok
22:20:49.0453 1020 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
22:20:49.0453 1020 AswRdr - ok
22:20:49.0968 1020 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
22:20:49.0968 1020 aswSnx - ok
22:20:50.0406 1020 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
22:20:50.0406 1020 aswSP - ok
22:20:50.0750 1020 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
22:20:50.0750 1020 aswTdi - ok
22:20:51.0031 1020 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:20:51.0031 1020 AsyncMac - ok
22:20:51.0328 1020 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:20:51.0328 1020 atapi - ok
22:20:51.0578 1020 Atdisk - ok
22:20:51.0875 1020 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:20:51.0875 1020 Atmarpc - ok
22:20:52.0156 1020 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
22:20:52.0156 1020 AudioSrv - ok
22:20:52.0437 1020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:20:52.0437 1020 audstub - ok
22:20:52.0765 1020 Automatic LiveUpdate Scheduler (de220dcea74e13e659ff6192c3afe49c) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
22:20:52.0765 1020 Automatic LiveUpdate Scheduler - ok
22:20:52.0921 1020 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:20:52.0921 1020 avast! Antivirus - ok
22:20:53.0062 1020 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
22:20:53.0062 1020 AVG Anti-Spyware Driver - ok
22:20:53.0234 1020 AVG Anti-Spyware Guard (5dcd235c061022bcda9aa48670b64211) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
22:20:53.0234 1020 AVG Anti-Spyware Guard - ok
22:20:53.0578 1020 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
22:20:53.0578 1020 AvgAsCln - ok
22:20:53.0906 1020 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:20:53.0906 1020 b57w2k - ok
22:20:54.0187 1020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:20:54.0187 1020 Beep - ok
22:20:54.0609 1020 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
22:20:54.0609 1020 BITS - ok
22:20:54.0953 1020 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
22:20:54.0953 1020 Bonjour Service - ok
22:20:55.0312 1020 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:20:55.0312 1020 Bridge - ok
22:20:55.0359 1020 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:20:55.0359 1020 BridgeMP - ok
22:20:55.0656 1020 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
22:20:55.0656 1020 Browser - ok
22:20:55.0671 1020 catchme - ok
22:20:55.0953 1020 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:20:55.0953 1020 cbidf - ok
22:20:56.0218 1020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:20:56.0218 1020 cbidf2k - ok
22:20:56.0500 1020 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:20:56.0500 1020 cd20xrnt - ok
22:20:56.0765 1020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:20:56.0765 1020 Cdaudio - ok
22:20:57.0093 1020 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:20:57.0093 1020 Cdfs - ok
22:20:57.0390 1020 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:20:57.0390 1020 Cdrom - ok
22:20:57.0609 1020 Changer - ok
22:20:57.0890 1020 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
22:20:57.0890 1020 CiSvc - ok
22:20:58.0125 1020 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
22:20:58.0125 1020 ClipSrv - ok
22:20:58.0406 1020 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:20:58.0406 1020 clr_optimization_v2.0.50727_32 - ok
22:20:58.0765 1020 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:20:58.0765 1020 CmBatt - ok
22:20:59.0046 1020 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:20:59.0046 1020 CmdIde - ok
22:20:59.0296 1020 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:20:59.0296 1020 Compbatt - ok
22:20:59.0515 1020 COMSysApp - ok
22:20:59.0843 1020 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:20:59.0843 1020 Cpqarray - ok
22:21:00.0140 1020 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
22:21:00.0140 1020 CryptSvc - ok
22:21:00.0500 1020 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
22:21:00.0500 1020 CVirtA - ok
22:21:01.0406 1020 CVPND (08d8fa119f2ad6ac0377fb667523482e) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
22:21:01.0421 1020 CVPND - ok
22:21:01.0843 1020 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
22:21:01.0843 1020 CVPNDRVA - ok
22:21:02.0265 1020 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:21:02.0265 1020 dac2w2k - ok
22:21:02.0562 1020 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:21:02.0562 1020 dac960nt - ok
22:21:03.0015 1020 DcomLaunch (419899803ca479b73b02390318c787c0) C:\WINDOWS\system32\rpcss.dll
22:21:03.0015 1020 DcomLaunch - ok
22:21:03.0328 1020 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
22:21:03.0328 1020 Dhcp - ok
22:21:03.0640 1020 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:21:03.0656 1020 Disk - ok
22:21:03.0890 1020 dmadmin - ok
22:21:04.0500 1020 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
22:21:04.0500 1020 dmboot - ok
22:21:04.0859 1020 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
22:21:04.0859 1020 dmio - ok
22:21:05.0140 1020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:21:05.0140 1020 dmload - ok
22:21:05.0406 1020 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
22:21:05.0406 1020 dmserver - ok
22:21:05.0765 1020 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:21:05.0765 1020 DMusic - ok
22:21:06.0187 1020 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
22:21:06.0187 1020 DNE - ok
22:21:06.0468 1020 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
22:21:06.0468 1020 Dnscache - ok
22:21:06.0765 1020 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:21:06.0765 1020 dpti2o - ok
22:21:07.0078 1020 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:21:07.0078 1020 drmkaud - ok
22:21:07.0437 1020 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:21:07.0437 1020 E100B - ok
22:21:07.0593 1020 EraserUtilDrv11010 - ok
22:21:07.0875 1020 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
22:21:07.0875 1020 ERSvc - ok
22:21:08.0265 1020 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
22:21:08.0265 1020 Eventlog - ok
22:21:08.0640 1020 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\system32\es.dll
22:21:08.0640 1020 EventSystem - ok
22:21:08.0812 1020 EvtEng (d335183519e6814dfab4ed3dd806a943) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
22:21:08.0828 1020 EvtEng - ok
22:21:09.0203 1020 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
22:21:09.0203 1020 FANTOM - ok
22:21:09.0546 1020 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:21:09.0546 1020 Fastfat - ok
22:21:09.0859 1020 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
22:21:09.0859 1020 FastUserSwitchingCompatibility - ok
22:21:10.0218 1020 Fax (fcbd571fa0ee8dc238944ae5fab74461) C:\WINDOWS\system32\fxssvc.exe
22:21:10.0234 1020 Fax - ok
22:21:10.0562 1020 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:21:10.0562 1020 Fdc - ok
22:21:10.0859 1020 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
22:21:10.0859 1020 Fips - ok
22:21:11.0281 1020 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:21:11.0296 1020 FLEXnet Licensing Service - ok
22:21:11.0593 1020 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:21:11.0593 1020 Flpydisk - ok
22:21:11.0906 1020 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:21:11.0906 1020 FltMgr - ok
22:21:12.0218 1020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:21:12.0218 1020 Fs_Rec - ok
22:21:12.0531 1020 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:21:12.0531 1020 Ftdisk - ok
22:21:12.0828 1020 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:21:12.0843 1020 GEARAspiWDM - ok
22:21:13.0109 1020 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:21:13.0109 1020 Gpc - ok
22:21:13.0390 1020 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
22:21:13.0390 1020 GTIPCI21 - ok
22:21:13.0734 1020 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:21:13.0734 1020 gupdate - ok
22:21:13.0812 1020 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:21:13.0828 1020 gupdatem - ok
22:21:13.0984 1020 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:21:13.0984 1020 helpsvc - ok
22:21:14.0281 1020 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
22:21:14.0281 1020 HidServ - ok
22:21:14.0625 1020 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:21:14.0640 1020 HidUsb - ok
22:21:14.0921 1020 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:21:14.0921 1020 hpn - ok
22:21:15.0343 1020 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
22:21:15.0343 1020 HTTP - ok
22:21:15.0625 1020 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
22:21:15.0625 1020 HTTPFilter - ok
22:21:15.0906 1020 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:21:15.0906 1020 i2omgmt - ok
22:21:16.0203 1020 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:21:16.0203 1020 i2omp - ok
22:21:16.0515 1020 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:21:16.0515 1020 i8042prt - ok
22:21:17.0125 1020 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:21:17.0140 1020 ialm - ok
22:21:17.0421 1020 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:21:17.0421 1020 IDriverT - ok
22:21:17.0421 1020 Suspicious service (NoAccess): ifiiwgaxg
22:21:17.0671 1020 ifiiwgaxg ( LockedService.Multi.Generic ) - warning
22:21:17.0671 1020 ifiiwgaxg - detected LockedService.Multi.Generic (1)
22:21:18.0015 1020 IISADMIN (74b9fa2afaf60b7f4e2a952e77b9dc6c) C:\WINDOWS\system32\inetsrv\inetinfo.exe
22:21:18.0015 1020 IISADMIN - ok
22:21:18.0296 1020 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:21:18.0296 1020 Imapi - ok
22:21:18.0531 1020 Imapi Helper (1acad13923e467e473c3ec503223f983) C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
22:21:18.0531 1020 Imapi Helper - ok
22:21:18.0906 1020 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
22:21:18.0906 1020 ImapiService - ok
22:21:19.0265 1020 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:21:19.0265 1020 ini910u - ok
22:21:19.0546 1020 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:21:19.0546 1020 IntelIde - ok
22:21:19.0843 1020 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:21:19.0843 1020 intelppm - ok
22:21:20.0140 1020 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:21:20.0140 1020 Ip6Fw - ok
22:21:20.0468 1020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:21:20.0468 1020 IpFilterDriver - ok
22:21:20.0750 1020 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:21:20.0750 1020 IpInIp - ok
22:21:21.0125 1020 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:21:21.0125 1020 IpNat - ok
22:21:21.0625 1020 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe
22:21:21.0625 1020 iPod Service - ok
22:21:21.0968 1020 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:21:21.0984 1020 IPSec - ok
22:21:22.0250 1020 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:21:22.0250 1020 IRENUM - ok
22:21:22.0531 1020 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:21:22.0531 1020 isapnp - ok
22:21:22.0921 1020 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
22:21:22.0921 1020 IWCA - ok
22:21:23.0343 1020 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
22:21:23.0343 1020 JavaQuickStarterService - ok
22:21:23.0703 1020 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:21:23.0703 1020 Kbdclass - ok
22:21:24.0046 1020 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:21:24.0046 1020 kbdhid - ok
22:21:24.0390 1020 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
22:21:24.0390 1020 kmixer - ok
22:21:24.0687 1020 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
22:21:24.0687 1020 KSecDD - ok
22:21:25.0031 1020 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
22:21:25.0031 1020 lanmanserver - ok
22:21:25.0421 1020 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll
22:21:25.0421 1020 lanmanworkstation - ok
22:21:25.0671 1020 lbrtfdc - ok
22:21:27.0218 1020 LiveUpdate (63ed50a6ed61829c2def5b733d258a05) C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
22:21:27.0234 1020 LiveUpdate - ok
22:21:27.0484 1020 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
22:21:27.0484 1020 LmHosts - ok
22:21:27.0750 1020 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:21:27.0765 1020 MDM - ok
22:21:28.0078 1020 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
22:21:28.0078 1020 Messenger - ok
22:21:28.0375 1020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:21:28.0375 1020 mnmdd - ok
22:21:28.0640 1020 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
22:21:28.0640 1020 mnmsrvc - ok
22:21:29.0000 1020 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
22:21:29.0000 1020 Modem - ok
22:21:29.0281 1020 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:21:29.0281 1020 Mouclass - ok
22:21:29.0625 1020 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:21:29.0625 1020 mouhid - ok
22:21:29.0937 1020 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:21:29.0937 1020 MountMgr - ok
22:21:30.0250 1020 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:21:30.0250 1020 mraid35x - ok
22:21:30.0593 1020 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:21:30.0593 1020 MRxDAV - ok
22:21:31.0156 1020 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:21:31.0156 1020 MRxSmb - ok
22:21:31.0406 1020 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
22:21:31.0406 1020 MSDTC - ok
22:21:31.0734 1020 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:21:31.0734 1020 Msfs - ok
22:21:31.0968 1020 MSIServer - ok
22:21:32.0250 1020 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:21:32.0250 1020 MSKSSRV - ok
22:21:32.0546 1020 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:21:32.0546 1020 MSPCLOCK - ok
22:21:32.0828 1020 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:21:32.0828 1020 MSPQM - ok
22:21:33.0093 1020 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:21:33.0109 1020 mssmbios - ok
22:21:33.0234 1020 MSSQL$MICROSOFTBCM - ok
22:21:33.0375 1020 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
22:21:33.0375 1020 MSSQLServerADHelper - ok
22:21:33.0718 1020 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
22:21:33.0718 1020 Mup - ok
22:21:34.0125 1020 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:21:34.0125 1020 NDIS - ok
22:21:34.0390 1020 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:21:34.0390 1020 NdisTapi - ok
22:21:34.0656 1020 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:21:34.0656 1020 Ndisuio - ok
22:21:34.0937 1020 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:21:34.0937 1020 NdisWan - ok
22:21:35.0234 1020 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:21:35.0234 1020 NDProxy - ok
22:21:35.0515 1020 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\WINDOWS\system32\HPZinw12.dll
22:21:35.0515 1020 Net Driver HPZ12 - ok
22:21:35.0781 1020 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:21:35.0781 1020 NetBIOS - ok
22:21:36.0140 1020 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:21:36.0140 1020 NetBT - ok
22:21:36.0437 1020 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
22:21:36.0437 1020 NetDDE - ok
22:21:36.0484 1020 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
22:21:36.0484 1020 NetDDEdsdm - ok
22:21:36.0781 1020 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:21:36.0781 1020 Netlogon - ok
22:21:37.0093 1020 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
22:21:37.0093 1020 Netman - ok
22:21:37.0421 1020 NICCONFIGSVC (f24bcfefe471f4d34a5786b7fcb9235c) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
22:21:37.0421 1020 NICCONFIGSVC - ok
22:21:37.0781 1020 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
22:21:37.0781 1020 Nla - ok
22:21:38.0078 1020 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:21:38.0078 1020 Npfs - ok
22:21:38.0593 1020 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
22:21:38.0593 1020 Ntfs - ok
22:21:38.0890 1020 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:21:38.0890 1020 NtLmSsp - ok
22:21:39.0281 1020 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
22:21:39.0281 1020 NtmsSvc - ok
22:21:39.0562 1020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:21:39.0562 1020 Null - ok
22:21:40.0625 1020 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:21:40.0640 1020 nv - ok
22:21:40.0953 1020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:21:40.0953 1020 NwlnkFlt - ok
22:21:41.0328 1020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:21:41.0328 1020 NwlnkFwd - ok
22:21:41.0609 1020 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
22:21:41.0609 1020 omci - ok
22:21:41.0796 1020 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:21:41.0796 1020 ose - ok
22:21:42.0140 1020 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
22:21:42.0140 1020 Parport - ok
22:21:42.0437 1020 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:21:42.0437 1020 PartMgr - ok
22:21:42.0687 1020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:21:42.0687 1020 ParVdm - ok
22:21:42.0968 1020 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
22:21:42.0968 1020 PCI - ok
22:21:43.0218 1020 PCIDump - ok
22:21:43.0500 1020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:21:43.0500 1020 PCIIde - ok
22:21:43.0812 1020 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:21:43.0812 1020 Pcmcia - ok
22:21:44.0078 1020 PDCOMP - ok
22:21:44.0343 1020 PDFRAME - ok
22:21:44.0625 1020 PDRELI - ok
22:21:44.0890 1020 PDRFRAME - ok
22:21:45.0203 1020 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:21:45.0203 1020 perc2 - ok
22:21:45.0484 1020 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:21:45.0484 1020 perc2hib - ok
22:21:45.0828 1020 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
22:21:45.0843 1020 PlugPlay - ok
22:21:46.0125 1020 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\WINDOWS\system32\HPZipm12.dll
22:21:46.0125 1020 Pml Driver HPZ12 - ok
22:21:46.0375 1020 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:21:46.0375 1020 PolicyAgent - ok
22:21:46.0703 1020 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:21:46.0703 1020 PptpMiniport - ok
22:21:46.0984 1020 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:21:46.0984 1020 ProtectedStorage - ok
22:21:47.0265 1020 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:21:47.0265 1020 PSched - ok
22:21:47.0531 1020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:21:47.0531 1020 Ptilink - ok
22:21:47.0796 1020 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:21:47.0796 1020 ql1080 - ok
22:21:48.0109 1020 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:21:48.0109 1020 Ql10wnt - ok
22:21:48.0390 1020 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:21:48.0390 1020 ql12160 - ok
22:21:48.0687 1020 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:21:48.0687 1020 ql1240 - ok
22:21:48.0984 1020 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:21:48.0984 1020 ql1280 - ok
22:21:49.0296 1020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:21:49.0296 1020 RasAcd - ok
22:21:49.0609 1020 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
22:21:49.0609 1020 RasAuto - ok
22:21:49.0906 1020 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:21:49.0906 1020 Rasl2tp - ok
22:21:50.0203 1020 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
22:21:50.0203 1020 RasMan - ok
22:21:50.0515 1020 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:21:50.0515 1020 RasPppoe - ok
22:21:50.0796 1020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:21:50.0796 1020 Raspti - ok
22:21:51.0234 1020 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:21:51.0234 1020 Rdbss - ok
22:21:51.0484 1020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:21:51.0484 1020 RDPCDD - ok
22:21:51.0859 1020 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:21:51.0859 1020 rdpdr - ok
22:21:52.0234 1020 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
22:21:52.0250 1020 RDPWD - ok
22:21:52.0562 1020 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
22:21:52.0562 1020 RDSessMgr - ok
22:21:52.0890 1020 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:21:52.0890 1020 redbook - ok
22:21:53.0109 1020 RegSrvc (15ba3bceeb32c4279b27f5c3389e4847) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
22:21:53.0109 1020 RegSrvc - ok
22:21:53.0421 1020 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
22:21:53.0421 1020 RemoteAccess - ok
22:21:53.0703 1020 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
22:21:53.0703 1020 RemoteRegistry - ok
22:21:54.0000 1020 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
22:21:54.0000 1020 RpcLocator - ok
22:21:54.0453 1020 RpcSs (419899803ca479b73b02390318c787c0) C:\WINDOWS\System32\rpcss.dll
22:21:54.0468 1020 RpcSs - ok
22:21:54.0750 1020 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:21:54.0765 1020 RSVP - ok
22:21:55.0062 1020 S24EventMonitor (79a647519ca3e700e9738153f788fb7d) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
22:21:55.0078 1020 S24EventMonitor - ok
22:21:55.0390 1020 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:21:55.0406 1020 s24trans - ok
22:21:55.0656 1020 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:21:55.0656 1020 SamSs - ok
22:21:55.0781 1020 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:21:55.0781 1020 SASDIFSV - ok
22:21:55.0906 1020 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:21:55.0906 1020 SASKUTIL - ok
22:21:56.0203 1020 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
22:21:56.0203 1020 SCardSvr - ok
22:21:56.0531 1020 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
22:21:56.0531 1020 Schedule - ok
22:21:56.0890 1020 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:21:56.0890 1020 Secdrv - ok
22:21:57.0156 1020 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
22:21:57.0156 1020 seclogon - ok
22:21:57.0453 1020 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
22:21:57.0453 1020 SENS - ok
22:21:57.0718 1020 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:21:57.0718 1020 serenum - ok
22:21:58.0000 1020 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
22:21:58.0000 1020 Serial - ok
22:21:58.0296 1020 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:21:58.0296 1020 Sfloppy - ok
22:21:58.0703 1020 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
22:21:58.0703 1020 SharedAccess - ok
22:21:59.0062 1020 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
22:21:59.0062 1020 ShellHWDetection - ok
22:21:59.0296 1020 Simbad - ok
22:21:59.0609 1020 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:21:59.0609 1020 sisagp - ok
22:21:59.0953 1020 SMTPSVC (74b9fa2afaf60b7f4e2a952e77b9dc6c) C:\WINDOWS\system32\inetsrv\inetinfo.exe
22:21:59.0953 1020 SMTPSVC - ok
22:22:00.0531 1020 sonypvf3 (f576ee7cc67a9b1e6a0f6a9ec1b1e6ab) C:\WINDOWS\system32\drivers\sonypvf3.sys
22:22:00.0546 1020 sonypvf3 - ok
22:22:00.0843 1020 sonypvl3 (9b70d51a35fe6230814d031e66f34651) C:\WINDOWS\system32\drivers\sonypvl3.sys
22:22:00.0843 1020 sonypvl3 - ok
22:22:01.0265 1020 sonypvt3 (6db72277b2d0db32d6b4a3882e966a97) C:\WINDOWS\system32\drivers\sonypvt3.sys
22:22:01.0281 1020 sonypvt3 - ok
22:22:01.0593 1020 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:22:01.0593 1020 SONYPVU1 - ok
22:22:01.0906 1020 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:22:01.0906 1020 Sparrow - ok
22:22:02.0234 1020 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
22:22:02.0234 1020 splitter - ok
22:22:02.0500 1020 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
22:22:02.0500 1020 Spooler - ok
22:22:02.0625 1020 SQLAgent$MICROSOFTBCM - ok
22:22:02.0984 1020 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
22:22:02.0984 1020 sr - ok
22:22:03.0296 1020 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
22:22:03.0312 1020 srservice - ok
22:22:03.0796 1020 Srv (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys
22:22:03.0796 1020 Srv - ok
22:22:04.0125 1020 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
22:22:04.0125 1020 SSDPSRV - ok
22:22:04.0531 1020 STAC97 (19fcec67aaffab07ba358860a602cb4a) C:\WINDOWS\system32\drivers\STAC97.sys
22:22:04.0546 1020 STAC97 - ok
22:22:04.0937 1020 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
22:22:04.0937 1020 stisvc - ok
22:22:05.0250 1020 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:22:05.0250 1020 swenum - ok
22:22:05.0546 1020 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:22:05.0562 1020 swmidi - ok
22:22:05.0796 1020 SwPrv - ok
22:22:06.0109 1020 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:22:06.0109 1020 symc810 - ok
22:22:06.0390 1020 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:22:06.0406 1020 symc8xx - ok
22:22:06.0671 1020 SymIM - ok
22:22:06.0937 1020 SymIMMP - ok
22:22:07.0234 1020 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:22:07.0234 1020 sym_hi - ok
22:22:07.0531 1020 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:22:07.0531 1020 sym_u3 - ok
22:22:07.0796 1020 SynasUSB - ok
22:22:08.0078 1020 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:22:08.0093 1020 sysaudio - ok
22:22:08.0343 1020 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
22:22:08.0359 1020 SysmonLog - ok
22:22:08.0687 1020 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
22:22:08.0687 1020 TapiSrv - ok
22:22:09.0140 1020 TASCAM_US122144 (6ca4684a6d0406487b334e20afbfda29) C:\WINDOWS\system32\Drivers\tascusb2.sys
22:22:09.0156 1020 TASCAM_US122144 - ok
22:22:09.0515 1020 TASCAM_US122L_MK2_MIDI (93147900549a9ab74212dea5234109f3) C:\WINDOWS\system32\drivers\tscusb2m.sys
22:22:09.0515 1020 TASCAM_US122L_MK2_MIDI - ok
22:22:09.0828 1020 TASCAM_US122L_MK2_WDM (248b76aeabb98356b283fdd603ef3d6c) C:\WINDOWS\system32\drivers\tscusb2a.sys
22:22:09.0828 1020 TASCAM_US122L_MK2_WDM - ok
22:22:10.0296 1020 Tcpip (88763a98a4c26c409741b4aa162720c9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:22:10.0296 1020 Tcpip - ok
22:22:10.0593 1020 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:22:10.0609 1020 TDPIPE - ok
22:22:10.0921 1020 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:22:10.0921 1020 TDTCP - ok
22:22:11.0203 1020 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:22:11.0203 1020 TermDD - ok
22:22:11.0578 1020 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
22:22:11.0578 1020 TermService - ok
22:22:11.0906 1020 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
22:22:11.0921 1020 Themes - ok
22:22:12.0187 1020 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
22:22:12.0187 1020 TlntSvr - ok
22:22:12.0500 1020 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:22:12.0500 1020 TosIde - ok
22:22:12.0875 1020 Tosrfbd (47bb36a3db94807bc26c280d1ce4a243) C:\WINDOWS\system32\Drivers\tosrfbd.sys
22:22:12.0875 1020 Tosrfbd - ok
22:22:13.0156 1020 Tosrfcom (d185be751021bcf1e5d58566d408314a) C:\WINDOWS\system32\drivers\Tosrfcom.sys
22:22:13.0156 1020 Tosrfcom - ok
22:22:13.0468 1020 Tosrfhid (341612b9758054e5965bcd6ae111b8f9) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
22:22:13.0468 1020 Tosrfhid - ok
22:22:13.0734 1020 Tosrfusb (ddb8a339e57d514768f45d33b11bdb50) C:\WINDOWS\system32\Drivers\tosrfusb.sys
22:22:13.0734 1020 Tosrfusb - ok
22:22:14.0062 1020 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
22:22:14.0078 1020 TrkWks - ok
22:22:14.0421 1020 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:22:14.0421 1020 Udfs - ok
22:22:14.0703 1020 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:22:14.0703 1020 ultra - ok
22:22:15.0031 1020 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
22:22:15.0031 1020 UMWdf - ok
22:22:15.0390 1020 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
22:22:15.0390 1020 Update - ok
22:22:15.0734 1020 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
22:22:15.0734 1020 upnphost - ok
22:22:16.0015 1020 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
22:22:16.0015 1020 UPS - ok
22:22:16.0390 1020 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:22:16.0390 1020 USBAAPL - ok
22:22:16.0687 1020 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:22:16.0687 1020 usbccgp - ok
22:22:16.0984 1020 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:22:16.0984 1020 usbehci - ok
22:22:17.0296 1020 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:22:17.0296 1020 usbhub - ok
22:22:17.0640 1020 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:22:17.0640 1020 usbprint - ok
22:22:17.0968 1020 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:22:17.0968 1020 usbscan - ok
22:22:18.0312 1020 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:22:18.0312 1020 USBSTOR - ok
22:22:18.0578 1020 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:22:18.0578 1020 usbuhci - ok
22:22:18.0906 1020 UserAccess7 (0edfe36e05a62888eff6d97ae494b2a5) C:\WINDOWS\system32\UAService7.exe
22:22:18.0906 1020 UserAccess7 - ok
22:22:19.0203 1020 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:22:19.0203 1020 VgaSave - ok
22:22:19.0484 1020 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:22:19.0484 1020 viaagp - ok
22:22:19.0781 1020 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:22:19.0781 1020 ViaIde - ok
22:22:20.0062 1020 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
22:22:20.0062 1020 VolSnap - ok
22:22:20.0484 1020 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
22:22:20.0484 1020 vsdatant - ok
22:22:20.0812 1020 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
22:22:20.0812 1020 VSS - ok
22:22:22.0468 1020 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
22:22:22.0484 1020 w29n51 - ok
22:22:22.0796 1020 w32time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
22:22:22.0796 1020 w32time - ok
22:22:23.0218 1020 W3SVC (74b9fa2afaf60b7f4e2a952e77b9dc6c) C:\WINDOWS\system32\inetsrv\inetinfo.exe
22:22:23.0218 1020 W3SVC - ok
22:22:23.0546 1020 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:22:23.0546 1020 Wanarp - ok
22:22:23.0781 1020 WDICA - ok
22:22:24.0109 1020 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
22:22:24.0109 1020 wdmaud - ok
22:22:24.0390 1020 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
22:22:24.0390 1020 WebClient - ok
22:22:24.0734 1020 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:22:24.0750 1020 winmgmt - ok
22:22:25.0062 1020 WLANKEEPER (43ed73f10de96e0a23244bd9cf04f5c2) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
22:22:25.0062 1020 WLANKEEPER - ok
22:22:25.0390 1020 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
22:22:25.0390 1020 WmdmPmSN - ok
22:22:25.0921 1020 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS\System32\advapi32.dll
22:22:25.0921 1020 Wmi - ok
22:22:26.0234 1020 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:22:26.0234 1020 WmiApSrv - ok
22:22:26.0515 1020 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:22:26.0515 1020 WS2IFSL - ok
22:22:26.0843 1020 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
22:22:26.0843 1020 wscsvc - ok
22:22:27.0125 1020 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
22:22:27.0125 1020 wuauserv - ok
22:22:27.0515 1020 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
22:22:27.0515 1020 WZCSVC - ok
22:22:27.0812 1020 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
22:22:27.0812 1020 xmlprov - ok
22:22:27.0890 1020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:22:28.0203 1020 \Device\Harddisk0\DR0 - ok
22:22:28.0218 1020 Boot (0x1200) (ec4963500b5466684c5ce25d1aeb1a02) \Device\Harddisk0\DR0\Partition0
22:22:28.0234 1020 \Device\Harddisk0\DR0\Partition0 - ok
22:22:28.0250 1020 ============================================================
22:22:28.0250 1020 Scan finished
22:22:28.0250 1020 ============================================================
22:22:28.0281 0840 Detected object count: 1
22:22:28.0281 0840 Actual detected object count: 1
22:22:46.0562 0840 ifiiwgaxg ( LockedService.Multi.Generic ) - User select action: Quarantine
 
Hi,

Please see Combofix and TDSSKiller logs above.

A few notes:

-- Was unable to connect to the Internet while in Safe Mode. Rebooted normally, downloaded RKill and TDSSKiller then rebooted and ran them from Safe Mode.

-- On the Malwarebytes full scan, in Safe Mode, received a Delayed Write Failed alert after the scan had finished, saying Windows was unable to save all data for the file

C:\$Mft

- Ted
 
Thank you for answering my question about which Safe Mode! Ted, are you a Comcast Customer?

Hosts modified sending searches to a Russion Site>> That's why the redirect.
Have you intentionally edited the Host files bypass Apple's signature server?
===============================================
There are multiple antivirus programs running:
Noted in my Reply #11:
You've ended up with 2 AV though- so please remove one of them. Reboot when finished please.
AV: Norton Internet Security *Enabled/
AV: avast! Antivirus *Enabled/
Click to expand...

Current AV processes in Combofix:
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

Please get that down to one antivirus. Reboot after removing one AV.
===================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
c:\windows\system32\eqyhh.dll
FileLook::
c:\progra~1\TEXTPA~1\System\shellext.dll
DDS::
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
Hosts: 94.232.248.66 antivirprotection.com
Hosts: 94.232.248.66 www.antivirprotection.com
Folder::
c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^tcorcoran^Start Menu^Programs^Startup^Konfabulator.lnk]
path=c:\documents and settings\tcorcoran\Start Menu\Programs\Startup\Konfabulator.lnk
backup=c:\windows\pss\Konfabulator.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
"FirewallOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

Clearjavacache::
Driver::
ifiiwgaxg
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
===================
I'd like you to boot into Normal Mode so you can run the Eset Online Virus scan:
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=======================================
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
=====================================
Open Firefox> Tools> Addons> Extensions> Remove any entries for:
Search Toolbar
Zugo
====================================
Please leave logs in next reply.
 
>>>>>>>>>> ComboFix.txt <<<<<<<<<<<<

ComboFix 12-04-12.03 - tcorcoran 2012-04-12 20:43:14.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.606 [GMT -4:00]
Running from: C:\Documents and Settings\tcorcoran\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\tcorcoran\g2mdlhlpx.exe
C:\Documents and Settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}
C:\Documents and Settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\chrome.manifest
C:\Documents and Settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\chrome\content\_cfg.js
C:\Documents and Settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\chrome\content\overlay.xul
C:\Documents and Settings\tcorcoran\Local Settings\Application Data\{A70A2E3C-5A18-426E-9A6C-DE16AAE4AFF5}\install.rdf
C:\Documents and Settings\tcorcoran\WINDOWS
C:\Program Files\Common Files\fwzu
C:\Program Files\Common Files\fwzu\fwzua.lck
C:\Program Files\Common Files\fwzu\fwzud\class-barrel
C:\Program Files\Common Files\fwzu\fwzul.lck
C:\Program Files\Common Files\fwzu\fwzum.lck
C:\Program Files\Search Toolbar
C:\Program Files\Search Toolbar\icon.ico
C:\Program Files\Search Toolbar\SearchToolbar.dll
C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe
C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe
C:\WINDOWS\system32\jierrfba.ini
C:\WINDOWS\system32\setb6.tmp

C:\WINDOWS\system32\proquota.exe was missing
Restored copy from - C:\I386\proquota.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COMSERVER
-------\Service_COMServer


((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))


2012-04-13 00:57:38 . 2004-08-04 10:00:00 50176 ----a-w- C:\WINDOWS\system32\proquota.exe
2012-04-13 00:57:38 . 2004-08-04 10:00:00 50176 ----a-w- C:\WINDOWS\system32\dllcache\proquota.exe
2012-04-13 00:15:44 . 2012-04-13 00:15:44 -------- d-----w- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2012-04-12 03:30:42 . 2012-03-06 23:01:30 20696 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-04-12 03:30:41 . 2012-03-06 23:03:38 337880 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2012-04-12 03:30:19 . 2012-03-06 23:02:00 35672 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-04-12 03:30:17 . 2012-03-06 23:01:53 53848 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-04-12 03:30:14 . 2012-03-06 23:03:51 612184 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-04-12 03:30:09 . 2012-03-06 23:01:39 95704 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-04-12 03:30:09 . 2012-03-06 23:01:35 89048 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2012-04-12 03:30:07 . 2012-03-06 22:58:29 24920 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-04-12 03:28:12 . 2012-03-06 23:15:19 41184 ----a-w- C:\WINDOWS\avastSS.scr
2012-04-12 03:28:08 . 2012-03-06 23:15:14 201352 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2012-04-12 03:26:36 . 2012-04-12 03:26:36 -------- d-----w- C:\Program Files\AVAST Software
2012-04-12 03:26:36 . 2012-04-12 03:26:36 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVAST Software
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-04-04 19:56:40 . 2011-03-20 19:12:08 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15:06 123536 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 21:33:20 155648]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 19:59:54 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-11-18 01:59:04 421160]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25:42 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-09-08 16:17:42 421888]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-03-06 23:15:17 4241512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08:06 110592 ----a-w- C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^tcorcoran^Start Menu^Programs^Startup^Dropbox.lnk]
path=C:\Documents and Settings\tcorcoran\Start Menu\Programs\Startup\Dropbox.lnk
backup=C:\WINDOWS\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^tcorcoran^Start Menu^Programs^Startup^Konfabulator.lnk]
path=C:\Documents and Settings\tcorcoran\Start Menu\Programs\Startup\Konfabulator.lnk
backup=C:\WINDOWS\pss\Konfabulator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00:00 15360 ------w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-03-04 16:26:08 606208 ----a-w- C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-02-15 20:02:56 126976 ------w- C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-02-15 20:02:58 155648 ------w- C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24:37 1694208 ----a-w- C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17:42 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 06:27:46 26102056 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"C:\\Program Files\\Intel\\Wireless\\Bin\\1XConfig.exe"=
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2007-02-24 10:16:18 PM 18110]
R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [2012-04-11 11:30:14 PM 612184]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [2012-04-11 11:30:41 PM 337880]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2010-02-17 2:25:48 PM 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 2:41:30 PM 67656]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2007-02-24 10:16:17 PM 619390]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2007-02-24 10:16:18 PM 423454]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-04-11 11:30:42 PM 20696]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\drivers\gtipci21.sys [2005-06-03 5:52:42 PM 80384]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 5:58:31 PM 135664]
S2 ifiiwgaxg;Windows Helper;C:\WINDOWS\system32\svchost.exe -k netsvcs [2004-08-11 6:00:34 PM 14336]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;C:\WINDOWS\system32\drivers\fantom.sys [2006-03-10 4:55:18 PM 39424]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 5:58:31 PM 135664]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys --> C:\WINDOWS\system32\drivers\SynasUSB.sys [?]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\WINDOWS\system32\drivers\tascusb2.sys [2010-09-15 6:08:23 PM 386560]
S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;C:\WINDOWS\system32\drivers\tscusb2m.sys [2010-09-15 6:08:24 PM 20992]
S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;C:\WINDOWS\system32\drivers\tscusb2a.sys [2010-09-15 6:08:24 PM 33792]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ifiiwgaxg

Contents of the 'Scheduled Tasks' folder

2012-04-13 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 21:58:31 . 2010-02-03 21:58:26]

2012-04-12 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 21:58:31 . 2010-02-03 21:58:26]

2012-04-12 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-484061587-1417001333-1130Core.job
- C:\Documents and Settings\tcorcoran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-17 23:53:01 . 2011-09-17 23:52:58]

2012-04-13 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-484061587-1417001333-1130UA.job
- C:\Documents and Settings\tcorcoran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-17 23:53:01 . 2011-09-17 23:52:58]


------- Supplementary Scan -------

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - C:\Documents and Settings\tcorcoran\Application Data\Mozilla\Firefox\Profiles\fyctq6of.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF

- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\jre6\bin\jusched.exe
Notify-ckpNotify - (no file)
Notify-NavLogon - (no file)
SafeBoot-AVG Anti-Spyware Driver
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DSS - C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
MSConfigStartUp-osCheck - C:\Program Files\Norton Internet Security\osCheck.exe
MSConfigStartUp-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe
AddRemove-HijackThis - C:\Documents and Settings\tcorcoran\Desktop\HijackThis.exe
 
>>>>>>>> ESETScan.txt <<<<<<<<<<<<

C:\Documents and Settings\tcorcoran\Desktop\torrents\Windows 7 Ultimate Fully Activated Genuine x86 x64 - Team ! M-J-R !\Windows 7 Loader.zip a variant of Win32/HackKMS.A application


Note: I'm a little worried about the accuracy here. This log is from a second running of ESET, the first time I did not uncheck Remove Found Threats and check Scan Archives. When I realized my error, I stopped the scan. At that point it had found a decent list of threats -- and I figured they would be found again in the second scan. Not so. The second scan only found this one threat, though I looked at the quarantine and there were a number of threats there that seemed to correspond to those indicated in the first scan -- perhaps it had "removed" them to this quarantine.
 
>>>>>>>>>>>>> CKScanner Log <<<<<<<<<<<<<

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\tcorcoran\desktop\torrents\cool edit pro 2.1 with crack.zip
c:\documents and settings\tcorcoran\desktop\torrents\cool edit pro 2.1 with crack\cepsetup.exe
c:\documents and settings\tcorcoran\desktop\torrents\cool edit pro 2.1 with crack\crack\cd2003.txt
c:\documents and settings\tcorcoran\desktop\torrents\cool edit pro 2.1 with crack\crack\cep2reg.exe
c:\documents and settings\tcorcoran\desktop\torrents\cool edit pro 2.1 with crack\crack\keygen.nfo
scanner sequence 3.BC.11.XQLBAU
----- EOF -----
 
Answers to your questions:

-- I am a Comcast Customer
-- I have not intentionally edited Host files

Also, I had removed Norton using the Control Panel. The Symantec LiveUpdate was a different program, I guess. I removed it.

Thank you for the continued attention!

-Ted
 
Status
Not open for further replies.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back