TechSpot

Deleted AVG software and won't let me access antivirus sites

Solved
By sumbanana
Feb 1, 2012
  1. Hi. I'm in much need of help! This virus has deleted my avg software and won't let me access any other antivirus sites. I have downloaded OTL and ran the quick scan, now I need advice on what to do next. I have the OTL.Txt and the Extras.Txt files but they are too big for here. Which parts do I post for a start? Thanks.
  2. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    I can't download any of the antivirus software that was published and the avg antivirus software I was running, has been removed.
  4. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Use the computer you're posting from to download stuff and move it to bad computer using USB flash drive.
  5. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    Managed to get a copy of avast onto my pc which has made a big difference as I can now access antivirus websites and the likes. Here is my log after running malwarebyts;

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.05.02

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 7.0.6001.18000
    John :: JOHN-PC [administrator]

    Protection: Enabled

    05/02/2012 15:19:21
    mbam-log-2012-02-05 (15-19-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 186069
    Time elapsed: 9 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Detected: 4
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: a·¸+߬H»à¼À:›; -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Users\John\AppData\Roaming\5245E\4D5CA.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|27B.exe (Backdoor.CycBot.Gen) -> Data: C:\Users\John\AppData\Roaming\Microsoft\CA75\27B.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\John\AppData\Local\Temp\0.45611871576328344.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    C:\Users\John\AppData\Local\Temp\byfjmybo.sys (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
  6. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Very well :)

    Go on.....
  7. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    MER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-05 21:14:40
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAJS-22B4A0 rev.01.03A01
    Running: gc5iihlh.exe; Driver: C:\Users\John\AppData\Local\Temp\kgldypog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E626FC4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E629456]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E6294AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E6295C4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E6293AC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E6294FE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E629400]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E629572]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E626FE8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E626DB2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E62700C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E6299BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E627AA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E629486]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E6294D6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E6295EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E6293D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E62953E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E62942E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E62959C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E62796A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E627030]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E627054]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E626E0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E626F48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E626F24]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E626F6C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E627078]

    INT 0x61 ? 84F5ABF8
    INT 0x71 ? 84F5ABF8
    INT 0x72 ? 86202F00
    INT 0x72 ? 86202F00
    INT 0x72 ? 86202F00
    INT 0x81 ? 84F5ABF8
    INT 0x91 ? 86202F00
    INT 0x91 ? 86202F00
    INT 0x91 ? 86202F00

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EA257A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetTimerEx + 340 826FF964 4 Bytes [C4, 6F, 62, 8E]
    .text ntkrnlpa.exe!KeSetTimerEx + 404 826FFA28 8 Bytes [56, 94, 62, 8E, AE, 94, 62, ...] {PUSH ESI; XCHG ESP, EAX; BOUND ECX, [ESI-0x719d6b52]}
    .text ntkrnlpa.exe!KeSetTimerEx + 410 826FFA34 4 Bytes [C4, 95, 62, 8E]
    .text ntkrnlpa.exe!KeSetTimerEx + 428 826FFA4C 4 Bytes [AC, 93, 62, 8E]
    .text ntkrnlpa.exe!KeSetTimerEx + 448 826FFA6C 8 Bytes [FE, 94, 62, 8E, 00, 94, 62, ...]
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82826D5E 5 Bytes JMP 8EA2269C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82863666 4 Bytes CALL 8E628025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82872FC9 4 Bytes CALL 8E62803B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 8288F872 5 Bytes JMP 8EA2415C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 828DB776 7 Bytes JMP 8EA257A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ? System32\Drivers\sppb.sys The system cannot find the path specified. !
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8D60C000, 0x1F875A, 0xE8000020]
    .text USBPORT.SYS!DllUnload 879EE46F 5 Bytes JMP 862024E0
    .text apj1k8t4.SYS 8779D000 22 Bytes [26, B2, 61, 82, 10, B1, 61, ...]
    .text apj1k8t4.SYS 8779D017 145 Bytes [00, 32, 97, 71, 80, 3D, 95, ...]
    .text apj1k8t4.SYS 8779D0A9 35 Bytes [A0, 69, 82, 60, 97, 69, 82, ...]
    .text apj1k8t4.SYS 8779D0CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
    .text apj1k8t4.SYS 8779D0DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[692] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[692] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[692] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00050600
    .text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00051014
    .text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00050804
    .text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00050A08
    .text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00060804
    .text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000601F8
    .text C:\Windows\system32\wininit.exe[692] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000603FC
    .text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00060600
    .text C:\Windows\system32\wininit.exe[692] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00060A08
    .text C:\Windows\system32\csrss.exe[700] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\services.exe[736] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\services.exe[736] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\services.exe[736] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\services.exe[736] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\services.exe[736] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\services.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\services.exe[736] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\services.exe[736] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
    .text C:\Windows\system32\services.exe[736] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
    .text C:\Windows\system32\services.exe[736] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
    .text C:\Windows\system32\services.exe[736] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
    .text C:\Windows\system32\services.exe[736] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
    .text C:\Windows\system32\lsass.exe[748] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsass.exe[748] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsass.exe[748] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
    .text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
    .text C:\Windows\system32\lsass.exe[748] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
    .text C:\Windows\system32\lsass.exe[748] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
    .text C:\Windows\system32\lsm.exe[764] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsm.exe[764] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsm.exe[764] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\SearchIndexer.exe[808] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\SearchIndexer.exe[808] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\SearchIndexer.exe[808] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
    .text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
    .text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
    .text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
    .text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
    .text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[836] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000503FC
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00050600
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00051014
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00050804
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00050A08
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000501F8
    .text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00060804
    .text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000601F8
    .text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000603FC
    .text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00060600
    .text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWindowsHookEx
  8. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
    .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
    .text C:\Windows\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000D0804
    .text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000D01F8
    .text C:\Windows\system32\svchost.exe[1040] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000D03FC
    .text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000D0600
    .text C:\Windows\system32\svchost.exe[1040] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000D0A08
    .text C:\Windows\system32\Ati2evxx.exe[1172] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
    .text C:\Windows\system32\Ati2evxx.exe[1172] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
    .text C:\Windows\system32\Ati2evxx.exe[1172] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
    .text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
    .text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
    .text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
    .text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
    .text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
    .text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
    .text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
    .text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
    .text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
    .text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
    .text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
    .text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
    .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
    .text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 005F0804
    .text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 005F01F8
    .text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 005F03FC
    .text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 005F0600
    .text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 005F0A08
    .text C:\Windows\System32\svchost.exe[1220] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00C50804
    .text C:\Windows\System32\svchost.exe[1220] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 00C501F8
    .text C:\Windows\System32\svchost.exe[1220] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 00C503FC
    .text C:\Windows\System32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00C50600
    .text C:\Windows\System32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00C50A08
    .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1232] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00150804
    .text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001501F8
    .text C:\Windows\system32\svchost.exe[1232] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001503FC
    .text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00150600
    .text C:\Windows\system32\svchost.exe[1232] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00150A08
    .text C:\Windows\system32\AUDIODG.EXE[1352] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00600804
    .text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 006001F8
    .text C:\Windows\system32\svchost.exe[1436] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 006003FC
    .text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00600600
    .text C:\Windows\system32\svchost.exe[1436] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00600A08
    .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00080600
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00081014
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00080804
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00080A08
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000801F8
    .text C:\Windows\system32\svchost.exe[1540] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000C0804
    .text C:\Windows\system32\svchost.exe[1540] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\svchost.exe[1540] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\svchost.exe[1540] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000C0600
    .text C:\Windows\system32\svchost.exe[1540] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\Ati2evxx.exe[1612] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
    .text C:\Windows\system32\Ati2evxx.exe[1612] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
    .text C:\Windows\system32\Ati2evxx.exe[1612] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
    .text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
    .text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
    .text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
    .text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
    .text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
    .text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
    .text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
    .text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
    .text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
    .text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
    .text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
    .text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1756] kernel32.dll!SetUnhandledExceptionFilter 7733700D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1756] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1808] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1808] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1808] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\Dwm.exe[1872] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\Dwm.exe[1872] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\Dwm.exe[1872] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\Dwm.exe[1872] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000C0804
    .text C:\Windows\system32\Dwm.exe[1872] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\Dwm.exe[1872] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\Dwm.exe[1872] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000C0600
    .text C:\Windows\system32\Dwm.exe[1872] USER32.dll!UnhookWindowsHookEx
  9. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
    .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
    .text C:\Windows\Explorer.EXE[1928] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\Explorer.EXE[1928] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\Explorer.EXE[1928] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\Explorer.EXE[1928] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
    .text C:\Windows\Explorer.EXE[1928] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
    .text C:\Windows\Explorer.EXE[1928] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
    .text C:\Windows\Explorer.EXE[1928] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
    .text C:\Windows\Explorer.EXE[1928] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
    .text C:\Windows\System32\spoolsv.exe[2092] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\System32\spoolsv.exe[2092] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\System32\spoolsv.exe[2092] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00230804
    .text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 002301F8
    .text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 002303FC
    .text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00230600
    .text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00230A08
    .text C:\Windows\system32\taskeng.exe[2124] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[2124] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[2124] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[2124] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
    .text C:\Windows\system32\taskeng.exe[2124] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
    .text C:\Windows\system32\taskeng.exe[2124] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
    .text C:\Windows\system32\taskeng.exe[2124] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
    .text C:\Windows\system32\taskeng.exe[2124] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
    .text C:\Windows\system32\svchost.exe[2152] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[2152] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[2152] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[2152] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000F0804
    .text C:\Windows\system32\svchost.exe[2152] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000F01F8
    .text C:\Windows\system32\svchost.exe[2152] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000F03FC
    .text C:\Windows\system32\svchost.exe[2152] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000F0600
    .text C:\Windows\system32\svchost.exe[2152] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000F0A08
    .text C:\Windows\RtHDVCpl.exe[2180] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Windows\RtHDVCpl.exe[2180] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Windows\RtHDVCpl.exe[2180] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
    .text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
    .text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
    .text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
    .text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
    .text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
    .text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
    .text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
    .text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
    .text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
    .text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
    .text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
    .text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2200] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2236] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[2236] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[2236] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[2236] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
    .text C:\Windows\system32\taskeng.exe[2236] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
    .text C:\Windows\system32\taskeng.exe[2236] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
    .text C:\Windows\system32\taskeng.exe[2236] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
    .text C:\Windows\system32\taskeng.exe[2236] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
    .text C:\Windows\system32\WUDFHost.exe[2372] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\WUDFHost.exe[2372] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\WUDFHost.exe[2372] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
    .text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
    .text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
    .text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
    .text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00070804
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000701F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000703FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00070600
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00070A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000803FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00080600
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00081014
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00080804
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00080A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00080C0C
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00080E10
    .text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000801F8
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 002803FC
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00280600
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00281014
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00280804
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00280A08
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00280C0C
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00280E10
    .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 002801F8
    .text C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe[2796] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001903FC
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00190600
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00191014
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00190804
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00190A08
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00190C0C
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00190E10
    .text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001901F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
  10. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
    .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001603FC
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00160600
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00161014
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00160804
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00160A08
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00160C0C
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00160E10
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001601F8
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
    .text C:\Program Files\Acer\Empowering Technology\Service\ETService.exe[3140] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 003903FC
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00390600
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00391014
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00390804
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00390A08
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00390C0C
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00390E10
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 003901F8
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 003A0804
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 003A01F8
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 003A03FC
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 003A0600
    .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 003A0A08
    .text C:\Windows\system32\svchost.exe[3256] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[3256] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[3256] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[3256] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00550804
    .text C:\Windows\system32\svchost.exe[3256] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 005501F8
    .text C:\Windows\system32\svchost.exe[3256] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 005503FC
    .text C:\Windows\system32\svchost.exe[3256] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00550600
    .text C:\Windows\system32\svchost.exe[3256] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00550A08
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001601F8
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001603FC
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00190804
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001901F8
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001903FC
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00190600
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00190A08
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001A03FC
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 001A0600
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 001A1014
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 001A0804
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 001A0A08
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 001A0C0C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 001A0E10
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001A01F8
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
    .text C:\Windows\System32\svchost.exe[3380] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[3380] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[3380] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[3380] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000B0804
    .text C:\Windows\System32\svchost.exe[3380] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000B01F8
    .text C:\Windows\System32\svchost.exe[3380] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000B03FC
    .text C:\Windows\System32\svchost.exe[3380] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000B0600
    .text C:\Windows\System32\svchost.exe[3380] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000B0A08
    .text C:\Windows\autoclk.exe[3388] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
    .text C:\Windows\autoclk.exe[3388] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
    .text C:\Windows\autoclk.exe[3388] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\autoclk.exe[3388] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
    .text C:\Windows\autoclk.exe[3388] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
    .text C:\Windows\autoclk.exe[3388] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
    .text C:\Windows\autoclk.exe[3388] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
    .text C:\Windows\autoclk.exe[3388] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
    .text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
    .text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
    .text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
    .text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
    .text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
    .text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
    .text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
    .text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
    .text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 003803FC
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00380600
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00381014
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00380804
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00380A08
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00380C0C
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00380E10
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 003801F8
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00390804
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 003901F8
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 003903FC
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00390600
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00390A08
    .text C:\Program Files\Acer\Empowering Technology\SysMonitor.exe[3452] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3476] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00070804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000701F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000703FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00070600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00070A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000803FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00080600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00081014
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00080804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00080A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00080C0C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00080E10
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000801F8
    .text C:\Windows\ehome\ehtray.exe[3520] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000801F8
    .text C:\Windows\ehome\ehtray.exe[3520] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000803FC
  11. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    .text C:\Windows\ehome\ehtray.exe[3520] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000A03FC
    .text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 000A0600
    .text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 000A1014
    .text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 000A0804
    .text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 000A0A08
    .text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 000A0C0C
    .text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 000A0E10
    .text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000A01F8
    .text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000B0804
    .text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000B01F8
    .text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000B03FC
    .text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000B0600
    .text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000B0A08
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
    .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00270804
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 002701F8
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 002703FC
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00270600
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00270A08
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 002803FC
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00280600
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00281014
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00280804
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00280A08
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00280C0C
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00280E10
    .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 002801F8
    .text C:\Windows\ehome\ehmsas.exe[3704] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000401F8
    .text C:\Windows\ehome\ehmsas.exe[3704] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000403FC
    .text C:\Windows\ehome\ehmsas.exe[3704] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000603FC
    .text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00060600
    .text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00061014
    .text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00060804
    .text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00060A08
    .text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00060C0C
    .text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00060E10
    .text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000601F8
    .text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00070804
    .text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000701F8
    .text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000703FC
    .text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00070600
    .text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00070A08
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
    .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
    .text C:\Windows\System32\svchost.exe[3792] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[3792] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[3792] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000B03FC
    .text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 000B0600
    .text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 000B1014
    .text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 000B0804
    .text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 000B0A08
    .text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 000B0C0C
    .text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 000B0E10
    .text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000B01F8
    .text C:\Windows\System32\svchost.exe[3792] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 003A0804
    .text C:\Windows\System32\svchost.exe[3792] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 003A01F8
    .text C:\Windows\System32\svchost.exe[3792] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 003A03FC
    .text C:\Windows\System32\svchost.exe[3792] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 003A0600
    .text C:\Windows\System32\svchost.exe[3792] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 003A0A08
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
    .text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
    .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00320804
    .text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 003201F8
    .text C:\Windows\system32\svchost.exe[3832] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 003203FC
    .text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00320600
    .text C:\Windows\system32\svchost.exe[3832] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00320A08
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001603FC
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00160600
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00161014
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00160804
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00160A08
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00160C0C
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00160E10
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001601F8
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
    .text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
    .text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
    .text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
    .text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001603FC
    .text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00160600
    .text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00161014
    .text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00160804
    .text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00160A08
    .text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00160C0C
    .text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00160E10
    .text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001601F8
    .text C:\Windows\system32\svchost.exe[3984] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[3984] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[3984] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00F90804
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 00F901F8
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 00F903FC
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00F90600
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00F90A08
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 00FA03FC
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00FA0600
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00FA1014
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00FA0804
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00FA0A08
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00FA0C0C
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00FA0E10
    .text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 00FA01F8
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4036] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[4176] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[4176] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[4176] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[4176] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00270804
    .text C:\Windows\system32\svchost.exe[4176] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 002701F8
    .text C:\Windows\system32\svchost.exe[4176] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 002703FC
    .text C:\Windows\system32\svchost.exe[4176] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00270600
    .text C:\Windows\system32\svchost.exe[4176] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00270A08
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
    .text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
    .text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000C0804
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000C01F8
     
  12. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000C0600
    .text C:\Windows\system32\wbem\wmiprvse.exe[4712] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\svchost.exe[5704] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5872] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Users\John\Desktop\gc5iihlh.exe[5924] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8060F6D6] \SystemRoot\System32\Drivers\sppb.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8060F042] \SystemRoot\System32\Drivers\sppb.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8060F800] \SystemRoot\System32\Drivers\sppb.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8060F0C0] \SystemRoot\System32\Drivers\sppb.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060F13E] \SystemRoot\System32\Drivers\sppb.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8061EE9C] \SystemRoot\System32\Drivers\sppb.sys
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortNotification] CC358B04
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortWritePortUchar] 83877C2F
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F877C00
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortStallExecution] 54771129
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortInitialize] B18D0502
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
    IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\services.exe[736] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00140002
    IAT C:\Windows\system32\services.exe[736] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00140000
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74708864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74749855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7470B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746FFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74707A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746FEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7473B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7470BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74700756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747006BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746F71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7478D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74727329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746FE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746F697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746F69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74702475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
    IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Ntfs \Ntfs 84F5F1F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{C9795B23-821A-4994-9D98-B77E1CB144B1} 86AAD1F8
    Device \Driver\volmgr \Device\VolMgrControl 84F5C1F8
    Device \Driver\usbohci \Device\USBPDO-0 862031F8
    Device \Driver\usbohci \Device\USBPDO-1 862031F8
    Device \Driver\usbehci \Device\USBPDO-2 862041F8
    Device \Driver\usbohci \Device\USBPDO-3 862031F8
    Device \Driver\usbohci \Device\USBPDO-4 862031F8

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\usbehci \Device\USBPDO-5 862041F8
    Device \Driver\usbohci \Device\USBPDO-6 862031F8
    Device \Driver\volmgr \Device\HarddiskVolume1 84F5C1F8
    Device \Driver\sptd \Device\2110348712 sppb.sys
    Device \Driver\volmgr \Device\HarddiskVolume2 84F5C1F8
    Device \Driver\cdrom \Device\CdRom0 861FD1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84F5E1F8
    Device \Driver\atapi \Device\Ide\IdePort0 84F5E1F8
    Device \Driver\atapi \Device\Ide\IdePort1 84F5E1F8
    Device \Driver\atapi \Device\Ide\IdePort2 84F5E1F8
    Device \Driver\atapi \Device\Ide\IdePort3 84F5E1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 84F5E1F8
    Device \Driver\volmgr \Device\HarddiskVolume3 84F5C1F8
    Device \Driver\cdrom \Device\CdRom1 861FD1F8
    Device \Driver\volmgr \Device\HarddiskVolume4 84F5C1F8
    Device \Driver\volmgr \Device\HarddiskVolume5 84F5C1F8
    Device \Driver\volmgr \Device\HarddiskVolume6 84F5C1F8
    Device \Driver\volmgr \Device\HarddiskVolume7 84F5C1F8
    Device \Driver\netbt \Device\NetBt_Wins_Export 86AAD1F8
    Device \Driver\PCI_PNP0654 \Device\0000010b sppb.sys
    Device \Driver\Smb \Device\NetbiosSmb 86AAE1F8
    Device \Driver\iScsiPrt \Device\RaidPort0 8626D1F8

    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\usbohci \Device\USBFDO-0 862031F8
    Device \Driver\usbohci \Device\USBFDO-1 862031F8
    Device \Driver\usbehci \Device\USBFDO-2 862041F8
    Device \Driver\usbohci \Device\USBFDO-3 862031F8
    Device \Driver\usbohci \Device\USBFDO-4 862031F8
    Device \Driver\usbehci \Device\USBFDO-5 862041F8
    Device \Driver\usbohci \Device\USBFDO-6 862031F8
    Device \Driver\apj1k8t4 \Device\Scsi\apj1k8t41Port5Path0Target0Lun0 862401F8
    Device \Driver\apj1k8t4 \Device\Scsi\apj1k8t41 862401F8
    Device \FileSystem\cdfs \Cdfs 8608F1F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD8 0xB8 0xA3 0x3E ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0x9A 0x2D 0x13 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x33 0xBD 0xC9 0xA8 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD8 0xB8 0xA3 0x3E ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0x9A 0x2D 0x13 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x33 0xBD 0xC9 0xA8 ...

    ---- EOF - GMER 1.0.15 ----
  13. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_26
    Run by John at 21:34:40 on 2012-02-05
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1790.964 [GMT 0:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\Windows\autoclk.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\ProgramData\TVersity\Media Server\MediaServer.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\John\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Users\John\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\issc\IS89C35\wwu.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.mytalktalk.co.uk
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1008&m=aspire_m3201
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1008&m=aspire_m3201
    mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
    uInternet Settings,ProxyServer = http=127.0.0.1:58444
    uInternet Settings,ProxyOverride = 127.0.0.1:9421
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
    uRun: [Akamai NetSession Interface] "c:\users\john\appdata\local\akamai\netsession_win.exe"
    mRun: [eRecoveryService]
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
    mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [autoclk] autoclk.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\wwu.lnk - c:\program files\issc\is89c35\wwu.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartc~1.lnk - c:\program files\northstar\smartcopy\SmartCopy.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartl~1.lnk - c:\program files\northstar\smartlauncher\SmartLauncher.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{2C38D824-1B05-42DA-9298-171C4C0380F1} : DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{483E374A-135B-4D09-A563-2F3DE574A6FD} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{C9795B23-821A-4994-9D98-B77E1CB144B1} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FE68AE08-CA42-470C-9044-68D299269295} : DhcpNameServer = 10.0.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\7wet55yc.default\
    FF - prefs.js: browser.startup.homepage - hxxp://forums.moneysavingexpert.com/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 58444
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
    FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2011-6-6 21728]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-2 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-2 314456]
    R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-10-15 269448]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-2 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-2 55128]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-2-2 44768]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
    R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-15 24576]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-8 652360]
    R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
    R2 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-9-30 51816]
    R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2011-6-6 278528]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-8 20464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9c1f82a381350;Google Update Service (gupdate1c9c1f82a381350);c:\program files\google\update\GoogleUpdate.exe [2009-4-20 133104]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2011-6-6 699896]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-20 133104]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-21 21504]
    S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-6-6 50704]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 W35UNDW;W89C35 802.11bg WLAN USB Adapter Driver;c:\windows\system32\drivers\W35UNDW.SYS [2009-11-5 134656]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-02-02 19:51:56 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-02-02 19:34:36 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-02-02 19:34:13 41184 ----a-w- c:\windows\avastSS.scr
    2012-02-02 19:34:03 -------- d-----w- c:\programdata\Alwil Software
    2012-01-31 21:14:19 -------- d-----w- c:\program files\LP
    2012-01-30 20:43:14 -------- d-----w- c:\users\john\appdata\roaming\5E47C
    2012-01-30 20:42:40 -------- d-----w- c:\users\john\appdata\roaming\118F0
    2012-01-30 20:42:08 -------- d-----w- c:\users\john\appdata\roaming\5245E
    2012-01-30 20:41:50 -------- d-----w- c:\users\john\appdata\local\lixoaiir
    2012-01-20 16:58:13 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
    2012-01-20 16:58:12 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
    2012-01-20 16:58:12 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
    2012-01-20 16:58:12 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
    2012-01-17 21:45:01 -------- d-----w- c:\users\john\appdata\roaming\Autodesk
    2012-01-17 21:41:53 -------- d-----w- C:\Autodesk
    2012-01-17 19:34:08 -------- d-----w- c:\users\john\appdata\local\Akamai
    .
    ==================== Find3M ====================
    .
    2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-12 10:56:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 21:36:19.66 ===============
  14. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 15/10/2008 03:11:30
    System Uptime: 05/02/2012 21:16:29 (0 hours ago)
    .
    Motherboard: Acer | | RS780HVF
    Processor: AMD Phenom(tm) 9150e Quad-Core Processor | AM2 | 900/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 113 GiB total, 24.566 GiB free.
    D: is FIXED (NTFS) - 170 GiB total, 118.957 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0020
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0020
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0028
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0028
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0056
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0056
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0059
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0059
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0061
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0061
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0077
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0077
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0029
    Manufacturer: Microsoft
    Name: isatap.{80DEE989-467E-43DD-BF0A-4204CA45F1AF}
    PNP Device ID: ROOT\*ISATAP\0029
    Service: tunnel
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: USB Audio Device
    Device ID: USB\VID_046D&PID_08F6&MI_01\6&218ACC2&0&0001
    Manufacturer: (Generic USB Audio)
    Name: Camera
    PNP Device ID: USB\VID_046D&PID_08F6&MI_01\6&218ACC2&0&0001
    Service: usbaudio
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Deskjet F4500 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Deskjet F4500 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Deskjet F4500 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Deskjet F4500 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    32 Bit HP CIO Components Installer
    Acer Arcade Live Main Page
    Acer DV Magician
    Acer DVDivine
    Acer eDataSecurity Management
    Acer Empowering Technology
    Acer eRecovery Management
    Acer eSettings Management
    Acer HomeMedia
    Acer HomeMedia Connect
    Acer HomeMedia Trial Creator
    Acer ScreenSaver
    Acer SlideShow DVD
    Acer VideoMagician
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0
    Adobe Shockwave Player 11.5
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    µTorrent
    Audacity 1.2.6
    avast! Free Antivirus
    Betfair Poker
    Bluesoleil2.7.0.8 VoIP Release 070930
    BufferChm
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Click to Call with Skype
    Compatibility Pack for the 2007 Office system
    Copy
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DeviceDiscovery
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    DJ_AIO_06_F4500_SW_MIN
    eSobi v2
    F4500
    getPlus(R) for Adobe
    Google Earth
    Google Update Helper
    Google Updater
    GPBaseService2
    Graboid Video 1.73
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 13.0
    HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
    HP Imaging Device Functions 13.0
    HP Print Projects 1.0
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HP Update
    HPPhotoGadget
    hpPrintProjects
    HPProductAssistant
    hpWLPGInstaller
    ISSC WLAN
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Ladbrokes Poker
    LAME v3.98.3 for Audacity
    LightScribe 1.4.142.1
    LTYT MP3 Converter 1.1
    Malwarebytes Anti-Malware version 1.60.1.1000
    MarketResearch
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox 9.0.1 (x86 en-GB)
    MSVC80_x86
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NETGEAR WNA3100 wireless USB 2.0 adapter
    Network
    Nitro PDF Reader 2
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    OGA Notifier 2.0.0048.0
    PG583_32_inf
    PokerStars
    PrimoPDF -- brought to you by Nitro PDF Software
    PS3 Media Server
    QuickTime
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    SAGEM F@st 800-840
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Skins
    Skype™ 5.5
    SmartCopy
    SmartLauncher
    SmartWebPrinting
    SolutionCenter
    SopCast 3.2.4
    Spotify
    Status
    Toolbox
    Tournament Indicator 1.2.0
    TrayApp
    TVAnts 1.0
    TVersity Codec Pack 1.7
    TVersity Media Server 1.9.7
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    VC80CRTRedist - 8.0.50727.4053
    Veetle TV 0.9.18
    Virgin Poker
    VLC media player 1.1.11
    Vuze
    WebReg
    William Hill Poker
    Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Xiph.Org Open Codecs 0.85.17777
    Xvid 1.2.1 final uninstall
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/01/2012 21:17:03, Error: EventLog [6008] - The previous system shutdown at 21:14:50 on 31/01/2012 was unexpected.
    30/01/2012 07:22:20, Error: EventLog [6008] - The previous system shutdown at 01:11:32 on 30/01/2012 was unexpected.
    29/01/2012 15:05:44, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.0.0.5 for the Network Card with network address E091F545C049 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
    29/01/2012 13:37:16, Error: EventLog [6008] - The previous system shutdown at 13:35:26 on 29/01/2012 was unexpected.
    29/01/2012 07:55:42, Error: Service Control Manager [7031] - The TVersity Media Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    29/01/2012 07:55:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSWNA3100 service.
    29/01/2012 02:45:08, Error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    04/02/2012 11:07:18, Error: EventLog [6008] - The previous system shutdown at 23:11:13 on 03/02/2012 was unexpected.
    03/02/2012 06:34:35, Error: PlugPlayManager [10] - Error writing to server side install pipe
    02/02/2012 20:01:46, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    .
    ==== End Of File ===========================
  15. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  16. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-05 23:02:20
    -----------------------------
    23:02:20.872 OS Version: Windows 6.0.6001 Service Pack 1
    23:02:20.872 Number of processors: 4 586 0x203
    23:02:20.877 ComputerName: JOHN-PC UserName: John
    23:02:22.035 Initialize success
    23:02:22.638 AVAST engine defs: 12020503
    23:03:19.918 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    23:03:19.918 Disk 0 Vendor: WDC_WD3200AAJS-22B4A0 01.03A01 Size: 305245MB BusType: 3
    23:03:19.950 Disk 0 MBR read successfully
    23:03:19.965 Disk 0 MBR scan
    23:03:19.965 Disk 0 unknown MBR code
    23:03:19.981 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
    23:03:19.996 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 116076 MB offset 30734336
    23:03:20.012 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 174161 MB offset 268457984
    23:03:20.043 Disk 0 scanning sectors +625139712
    23:03:20.168 Disk 0 scanning C:\Windows\system32\drivers
    23:03:31.462 Service scanning
    23:03:33.100 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    23:03:33.802 Modules scanning
    23:03:38.342 Disk 0 trace - called modules:
    23:03:38.389 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84f5e1f8]<<
    23:03:38.404 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85069ac8]
    23:03:38.420 3 CLASSPNP.SYS[87ba8745] -> nt!IofCallDriver -> [0x850bd638]
    23:03:38.436 5 acpi.sys[807416a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b2648]
    23:03:38.436 \Driver\atapi[0x840b5f38] -> IRP_MJ_CREATE -> 0x84f5e1f8
    23:03:38.919 AVAST engine scan C:\Windows
    23:03:41.634 AVAST engine scan C:\Windows\system32
    23:06:15.278 AVAST engine scan C:\Windows\system32\drivers
    23:06:24.482 AVAST engine scan C:\Users\John
    23:18:15.889 File: C:\Users\John\AppData\Local\Temp\ltnvmktohvooxocd.exe **INFECTED** Win32:SmokeLoader-EG [Trj]
    23:18:59.506 File: C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\559c9977-1f015bf9 **INFECTED** Win32:SmokeLoader-EG [Trj]
    23:30:41.912 AVAST engine scan C:\ProgramData
    23:35:22.790 Scan finished successfully
    23:37:21.478 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
    23:37:21.492 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"
  17. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
    001), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`a9f00000
    Boot sector MD5 is: 08c6d97449fb1d8bcab9d003ed787166

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
  18. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
  19. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    ListParts by Farbar
    Ran by John on 06-02-2012 at 17:14:52
    Windows Vista (X86)
    Running From: C:\Users\John\Desktop
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 44%
    Total physical RAM: 1790.45 MB
    Available physical RAM: 985.87 MB
    Total Pagefile: 3829.44 MB
    Available Pagefile: 2759.39 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.21 MB

    ======================= Partitions =========================

    1 Drive c: (ACER) (Fixed) (Total:113.36 GB) (Free:24.59 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
    2 Drive d: (DATA) (Fixed) (Total:170.08 GB) (Free:118.96 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 15 GB 32 KB
    Partition 2 Primary 113 GB 15 GB
    Partition 3 Primary 170 GB 128 GB

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C ACER NTFS Partition 113 GB Healthy System (partition with boot components)

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D DATA NTFS Partition 170 GB Healthy



    ****** End Of Log ******
  20. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  21. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    ComboFix 12-02-06.02 - John 06/02/2012 21:39:26.1.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1790.947 [GMT 0:00]
    Running from: c:\users\John\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\LP
    c:\users\John\AppData\Local\aynqndqy.log
    c:\users\John\AppData\Local\hfqwfair.log
    c:\users\John\AppData\Local\jbktrymx.log
    c:\users\John\AppData\Local\npajtimv.log
    c:\users\John\AppData\Local\vgwgeheb.log
    c:\users\John\AppData\Local\wgmycohu.log
    c:\users\John\AppData\Roaming\.#
    c:\windows\~GLC0000.TMP
    c:\windows\~GLC0001.TMP
    c:\windows\~GLH0000.TMP
    c:\windows\~GLH0001.TMP
    c:\windows\~GLH0002.TMP
    c:\windows\~GLH0003.TMP
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-02 19:51 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-02-02 19:34 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-02-02 19:34 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-02-02 19:34 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-02-02 19:34 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-02-02 19:34 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-02-02 19:34 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
    2012-02-02 19:34 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2012-02-02 19:34 . 2012-02-02 19:34 -------- d-----w- c:\programdata\Alwil Software
    2012-02-02 19:34 . 2012-02-02 19:34 -------- d-----w- c:\program files\Alwil Software
    2012-01-30 20:43 . 2012-02-02 21:30 -------- d-----w- c:\users\John\AppData\Roaming\5E47C
    2012-01-30 20:42 . 2012-02-02 21:30 -------- d-----w- c:\users\John\AppData\Roaming\118F0
    2012-01-30 20:42 . 2012-02-02 21:30 -------- d-----w- c:\users\John\AppData\Roaming\5245E
    2012-01-30 20:41 . 2012-02-03 22:03 -------- d-----w- c:\users\John\AppData\Local\lixoaiir
    2012-01-20 16:58 . 2012-01-20 16:58 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2012-01-20 16:58 . 2012-01-20 16:58 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2012-01-20 16:58 . 2012-01-20 16:58 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2012-01-20 16:58 . 2012-01-20 16:58 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2012-01-17 21:45 . 2012-01-17 21:45 -------- d-----w- c:\users\John\AppData\Roaming\Autodesk
    2012-01-17 21:45 . 2012-01-17 21:45 -------- d-----w- c:\programdata\Autodesk
    2012-01-17 21:41 . 2012-01-17 21:41 -------- d-----w- C:\Autodesk
    2012-01-17 19:34 . 2012-01-25 17:49 -------- d-----w- c:\users\John\AppData\Local\Akamai
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-10 15:24 . 2009-10-08 15:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-12 10:56 . 2011-06-14 10:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-20 16:58 . 2011-05-13 17:02 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-07-30 00:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
    "Akamai NetSession Interface"="c:\users\John\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-21 204908]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-06-02 319488]
    "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "autoclk"="autoclk.exe" [2003-01-30 143360]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    WWU.lnk - c:\program files\issc\IS89C35\wwu.exe [2009-11-5 955392]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-12-30 962663]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-6-6 4562944]
    SmartCopy.lnk - c:\program files\Northstar\SmartCopy\SmartCopy.exe [2008-10-15 319488]
    SmartLauncher.lnk - c:\program files\Northstar\SmartLauncher\SmartLauncher.exe [2008-10-15 335872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1158918320-972893686-2015174526-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-21 269448]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-05 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-20 09:59]
    .
    2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 20:39]
    .
    2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 20:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.mytalktalk.co.uk
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1008&m=aspire_m3201
    uInternet Settings,ProxyServer = http=127.0.0.1:58444
    uInternet Settings,ProxyOverride = 127.0.0.1:9421
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 10.0.0.1
    FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7wet55yc.default\
    FF - prefs.js: browser.startup.homepage - hxxp://forums.moneysavingexpert.com/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 58444
    FF - prefs.js: network.proxy.type - 4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-eRecoveryService - (no file)
    AddRemove-ISSC WLAN - c:\progra~1\issc\IS89C35\UNWISE.EXE
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-06 21:54
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1772)
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    c:\program files\Acer\Empowering Technology\Service\ETService.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
    c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
    c:\programdata\TVersity\Media Server\MediaServer.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\program files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-06 22:04:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-06 22:04
    .
    Pre-Run: 25,385,607,168 bytes free
    Post-Run: 26,095,390,720 bytes free
    .
    - - End Of File - - E4D0D9E8B8A432636E285A9227EAF203
  22. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  23. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    OTL logfile created on: 07/02/2012 20:30:41 - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\John\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 65.78% Memory free
    3.74 Gb Paging File | 2.69 Gb Available in Paging File | 71.85% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 113.36 Gb Total Space | 25.61 Gb Free Space | 22.59% Space Free | Partition Type: NTFS
    Drive D: | 170.08 Gb Total Space | 118.96 Gb Free Space | 69.94% Space Free | Partition Type: NTFS

    Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/07 20:28:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/12/23 05:57:30 | 003,334,432 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\John\AppData\Local\Akamai\netsession_win.exe
    PRC - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/07/29 19:31:40 | 001,249,064 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
    PRC - [2011/06/21 17:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
    PRC - [2011/03/21 18:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
    PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/08/11 23:57:02 | 000,319,488 | ---- | M] () -- C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
    PRC - [2008/07/30 00:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2008/07/30 00:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    PRC - [2008/06/02 16:26:38 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    PRC - [2008/06/02 16:26:22 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    PRC - [2008/06/02 16:26:08 | 000,376,832 | ---- | M] (acer) -- C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
    PRC - [2008/06/02 16:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    PRC - [2008/05/21 00:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    PRC - [2008/05/20 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/09/30 09:16:40 | 000,166,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    PRC - [2007/09/30 09:16:38 | 000,051,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
    PRC - [2006/09/12 15:35:34 | 000,955,392 | ---- | M] (Integrated System Solution Corp.) -- C:\Program Files\issc\IS89C35\wwu.exe
    PRC - [2003/07/08 11:22:00 | 000,962,663 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    PRC - [2003/01/30 08:48:24 | 000,143,360 | ---- | M] () -- C:\Windows\autoclk.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/16 11:48:17 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
    MOD - [2011/06/16 11:45:30 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
    MOD - [2011/06/16 11:45:23 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
    MOD - [2011/06/16 11:45:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
    MOD - [2011/06/16 11:43:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
    MOD - [2011/06/16 11:42:52 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
    MOD - [2011/06/16 11:42:38 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
    MOD - [2011/06/16 11:41:15 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
    MOD - [2011/06/16 11:40:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
    MOD - [2011/03/21 18:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/03/21 18:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
    MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll
    MOD - [2008/10/15 02:36:52 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3009.0__739b31b1908c49e5\Framework.UIComponent.dll
    MOD - [2008/10/15 02:36:52 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
    MOD - [2008/10/15 02:36:52 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
    MOD - [2008/10/15 02:36:52 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
    MOD - [2008/10/15 02:36:52 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
    MOD - [2008/10/15 02:36:52 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
    MOD - [2008/10/15 02:10:11 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2990.36961__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2008/10/15 02:10:11 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2990.37179__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2008/10/15 02:10:11 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2990.36918__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2008/10/15 02:10:11 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2990.36974__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2008/10/15 02:10:11 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2990.37146__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2008/10/15 02:10:11 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2990.37110__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2008/10/15 02:10:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2990.36953__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2008/10/15 02:10:11 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2990.37068__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2008/10/15 02:10:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2990.36939__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2008/10/15 02:09:58 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2990.37118__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2008/10/15 02:09:58 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2990.37177__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
    MOD - [2008/10/15 02:09:58 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2990.37184__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2008/10/15 02:09:58 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2990.37125__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2008/10/15 02:09:58 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2990.36932__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2008/10/15 02:09:58 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2990.37118__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2008/10/15 02:09:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2990.37177__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
    MOD - [2008/10/15 02:09:57 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2990.37076__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2008/10/15 02:09:57 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2990.36986__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2008/10/15 02:09:57 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2990.37070__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2008/10/15 02:09:57 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2990.37062__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
    MOD - [2008/10/15 02:09:57 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2990.36940__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MOD - [2008/10/15 02:09:57 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2990.37138__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2008/10/15 02:09:57 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2990.36980__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2008/10/15 02:09:57 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2990.37090__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2008/10/15 02:09:57 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2990.37076__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2008/10/15 02:09:57 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2990.37068__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2008/10/15 02:09:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2990.36992__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2008/10/15 02:09:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2990.37075__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2008/10/15 02:09:57 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2990.37089__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2008/10/15 02:09:57 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2990.37103__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2008/10/15 02:09:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2008/10/15 02:09:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2008/10/15 02:09:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2008/10/15 02:09:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2008/10/15 02:09:56 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2008/10/15 02:09:56 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:56 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:56 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2008/10/15 02:09:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2008/10/15 02:09:56 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2008/10/15 02:09:56 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2008/10/15 02:09:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
    MOD - [2008/10/15 02:09:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2008/10/15 02:09:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2008/10/15 02:09:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
    MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
    MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2008/10/15 02:09:56 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2008/10/15 02:09:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:55 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
    MOD - [2008/10/15 02:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2008/10/15 02:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2008/10/15 02:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2008/10/15 02:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2008/10/15 02:09:51 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2990.36947__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2008/10/15 02:09:51 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2990.37161__90ba9c70f846762e\CLI.Component.Systemtray.dll
    MOD - [2008/10/15 02:09:51 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2990.37169__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2008/10/15 02:09:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2990.36911__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2008/10/15 02:09:51 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2990.37168__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2008/10/15 02:09:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2008/10/15 02:09:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2008/10/15 02:09:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2990.37194__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2008/10/15 02:09:51 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2008/10/15 02:09:51 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2008/10/15 02:09:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2008/10/15 02:09:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2008/10/15 02:09:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
    MOD - [2008/10/15 02:09:51 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2990.37205__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
    MOD - [2008/10/15 02:09:51 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2990.36910__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2008/10/15 02:09:50 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2990.36926__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2008/10/15 02:09:50 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2990.36911__90ba9c70f846762e\ATIDEMOS.dll
    MOD - [2008/10/15 02:09:50 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2990.36909__90ba9c70f846762e\APM.Server.dll
    MOD - [2008/10/15 02:09:50 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2990.36910__90ba9c70f846762e\AEM.Server.dll
    MOD - [2008/10/15 02:09:50 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2008/10/15 02:09:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2990.37169__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2008/10/15 02:09:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2008/10/15 02:09:50 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2008/08/11 23:57:02 | 000,319,488 | ---- | M] () -- C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
    MOD - [2008/07/30 00:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
    MOD - [2008/06/02 16:26:38 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    MOD - [2008/06/02 16:26:22 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    MOD - [2008/06/02 16:25:36 | 000,013,824 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Presenter.dll
    MOD - [2008/06/02 16:25:00 | 001,822,720 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.AppBar.dll
    MOD - [2008/04/28 16:49:18 | 000,002,560 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
    MOD - [2008/04/23 17:56:34 | 000,020,480 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.QuickMenu.dll
    MOD - [2008/03/09 14:01:08 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
    MOD - [2008/02/21 00:30:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    MOD - [2003/07/08 11:22:00 | 000,962,663 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    MOD - [2003/06/06 08:59:18 | 000,081,920 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\languages\english.dll
    MOD - [2003/01/30 08:48:24 | 000,143,360 | ---- | M] () -- C:\Windows\autoclk.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/07/29 19:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
    SRV - [2011/06/21 17:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
    SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/08/13 08:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2010/01/12 10:11:24 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
    SRV - [2008/07/30 00:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2008/06/02 16:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
    SRV - [2008/05/21 00:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
    SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/09/30 09:16:40 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
    SRV - [2007/09/30 09:16:38 | 000,051,816 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/11/28 17:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009/11/06 07:37:20 | 000,699,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
    DRV - [2009/05/08 15:08:54 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008/06/02 16:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2008/03/09 14:58:42 | 003,533,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/02/25 23:29:24 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
    DRV - [2008/02/25 23:29:24 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
    DRV - [2007/12/19 06:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
    DRV - [2007/06/24 21:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
    DRV - [2007/06/24 21:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
    DRV - [2007/03/05 20:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
    DRV - [2007/03/05 20:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
    DRV - [2007/03/05 20:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum)
    DRV - [2007/03/05 20:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
    DRV - [2007/03/05 20:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
    DRV - [2007/01/19 17:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP)
    DRV - [2006/12/26 13:20:22 | 000,134,656 | ---- | M] (Integrated System Solution Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\W35UNDW.SYS -- (W35UNDW)
    DRV - [2006/10/30 03:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
    DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvcm.sys -- (QCMerced)
    DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2003/07/17 16:48:44 | 000,046,167 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
    DRV - [2003/03/27 13:38:44 | 000,127,145 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adiusbaw.sys -- (adiusbaw)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1008&m=aspire_m3201


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
    IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
    IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58444

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://forums.moneysavingexpert.com/"
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 58444
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 18:43:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/14 12:57:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/14 12:57:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/20 16:58:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/17 19:19:30 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 18:43:24 | 000,000,000 | ---D | M]

    [2008/12/30 19:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
    [2011/10/14 11:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7wet55yc.default\extensions
    [2011/10/14 11:31:15 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7wet55yc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2010/09/18 16:30:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7wet55yc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/11/23 16:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/08/30 21:54:23 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/01/20 16:58:16 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/01/20 16:58:09 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/01/20 16:58:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/01/20 16:58:09 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/01/20 16:58:09 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/01/20 16:58:09 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
  24. sumbanana

    sumbanana TS Rookie Topic Starter Posts: 24

    O1 HOSTS File: ([2012/02/06 21:54:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
    O3 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
    O4 - HKLM..\Run: [autoclk] C:\Windows\autoclk.exe ()
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
    O4 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000..\Run: [Akamai NetSession Interface] C:\Users\John\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WWU.lnk = C:\Program Files\issc\IS89C35\wwu.exe (Integrated System Solution Corp.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C38D824-1B05-42DA-9298-171C4C0380F1}: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{483E374A-135B-4D09-A563-2F3DE574A6FD}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9795B23-821A-4994-9D98-B77E1CB144B1}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE68AE08-CA42-470C-9044-68D299269295}: DhcpNameServer = 10.0.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/01/17 21:41:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
    Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/06 22:04:22 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\temp
    [2012/02/06 21:54:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/02/06 21:36:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/06 21:36:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/06 21:36:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/06 21:36:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/06 21:36:23 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/06 21:33:43 | 004,397,604 | R--- | C] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
    [2012/02/05 23:39:21 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\John\Desktop\boot_cleaner.exe
    [2012/02/05 23:00:46 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
    [2012/02/05 21:33:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr
    [2012/02/05 15:13:02 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/02 19:51:56 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/02/02 19:34:44 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/02/02 19:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/02/02 19:34:43 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/02/02 19:34:42 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2012/02/02 19:34:40 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/02/02 19:34:36 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/02/02 19:34:13 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/02/02 19:34:13 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/02/02 19:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2012/02/02 19:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2012/02/01 18:46:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
    [2012/01/30 20:43:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\5E47C
    [2012/01/30 20:42:40 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\118F0
    [2012/01/30 20:42:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\5245E
    [2012/01/30 20:41:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\lixoaiir
    [2012/01/17 21:45:01 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Autodesk
    [2012/01/17 21:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
    [2012/01/17 21:41:53 | 000,000,000 | ---D | C] -- C:\Autodesk
    [2012/01/17 19:34:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Akamai
    [2008/07/22 08:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/02/07 20:28:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
    [2012/02/07 20:25:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/07 20:25:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/07 19:54:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/07 18:32:18 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/02/07 18:32:18 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/02/07 18:25:52 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2012/02/07 18:25:52 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
    [2012/02/07 18:25:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/07 18:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/06 21:54:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/02/06 21:34:06 | 004,397,604 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
    [2012/02/06 17:14:12 | 000,303,059 | ---- | M] () -- C:\Users\John\Desktop\ListParts.exe
    [2012/02/05 23:38:57 | 000,044,607 | ---- | M] () -- C:\Users\John\Desktop\bootkit_remover.zip
    [2012/02/05 23:37:21 | 000,000,512 | ---- | M] () -- C:\Users\John\Desktop\MBR.dat
    [2012/02/05 23:01:11 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
    [2012/02/05 21:33:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr
    [2012/02/05 20:08:11 | 000,302,592 | ---- | M] () -- C:\Users\John\Desktop\gc5iihlh.exe
    [2012/02/05 15:14:10 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/05 15:13:09 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/05 10:23:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/02/02 23:22:04 | 000,000,680 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
    [2012/02/02 19:51:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/02/02 19:34:44 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/02/01 18:42:24 | 000,003,742 | ---- | M] () -- C:\Users\John\Desktop\blogin.g
    [2012/01/31 21:48:21 | 000,000,000 | ---- | M] () -- C:\Users\John\Desktop\123.exe
    [2012/01/30 20:42:00 | 000,000,692 | ---- | M] () -- C:\Users\John\Desktop\Internet Security.lnk
    [2012/01/29 13:37:09 | 218,180,837 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/01/17 19:37:50 | 222,364,016 | ---- | M] () -- C:\Users\John\Desktop\SetupDWGTrueView2012_32bit.exe
    [2012/01/17 19:33:14 | 008,449,616 | ---- | M] () -- C:\Users\John\Desktop\installer.exe
    [2012/01/17 19:19:30 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

    ========== Files Created - No Company Name ==========

    [2012/02/06 21:36:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/06 21:36:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/06 21:36:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/06 21:36:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/06 21:36:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/06 17:14:11 | 000,303,059 | ---- | C] () -- C:\Users\John\Desktop\ListParts.exe
    [2012/02/05 23:38:55 | 000,044,607 | ---- | C] () -- C:\Users\John\Desktop\bootkit_remover.zip
    [2012/02/05 23:37:21 | 000,000,512 | ---- | C] () -- C:\Users\John\Desktop\MBR.dat
    [2012/02/05 20:08:10 | 000,302,592 | ---- | C] () -- C:\Users\John\Desktop\gc5iihlh.exe
    [2012/02/05 15:14:10 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/02 19:34:44 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/02/01 18:42:23 | 000,003,742 | ---- | C] () -- C:\Users\John\Desktop\blogin.g
    [2012/02/01 18:33:43 | 000,001,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2012/02/01 18:33:43 | 000,000,986 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DSLMON.lnk
    [2012/02/01 18:33:43 | 000,000,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartLauncher.lnk
    [2012/02/01 18:33:43 | 000,000,901 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WWU.lnk
    [2012/02/01 18:33:43 | 000,000,898 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCopy.lnk
    [2012/02/01 18:33:43 | 000,000,701 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
    [2012/01/31 21:48:20 | 000,000,000 | ---- | C] () -- C:\Users\John\Desktop\123.exe
    [2012/01/30 20:42:00 | 000,000,692 | ---- | C] () -- C:\Users\John\Desktop\Internet Security.lnk
    [2012/01/17 19:34:38 | 222,364,016 | ---- | C] () -- C:\Users\John\Desktop\SetupDWGTrueView2012_32bit.exe
    [2012/01/17 19:33:13 | 008,449,616 | ---- | C] () -- C:\Users\John\Desktop\installer.exe
    [2012/01/17 19:19:30 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/01/17 19:19:30 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2011/08/30 21:33:23 | 001,317,152 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys
    [2011/08/30 21:33:23 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2011/08/16 14:45:53 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
    [2011/06/23 17:20:08 | 000,173,768 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2011/02/10 04:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
    [2010/12/08 16:55:58 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/12/08 16:55:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2010/11/11 17:45:37 | 000,000,295 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/04/12 20:38:11 | 000,000,040 | ---- | C] () -- C:\Windows\ujf635.bin
    [2010/01/12 20:36:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/01/12 18:30:49 | 000,193,413 | ---- | C] () -- C:\Windows\hpoins46.dat
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/06/11 03:02:28 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat
    [2009/04/24 15:01:59 | 000,000,680 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
    [2009/01/27 13:32:58 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009/01/27 13:32:58 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2008/12/30 19:53:49 | 000,077,824 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/30 19:34:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2008/12/30 19:24:04 | 000,000,154 | ---- | C] () -- C:\Windows\adidsl.ini
    [2008/12/30 19:24:04 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini
    [2008/12/30 19:23:28 | 001,474,560 | ---- | C] () -- C:\Windows\adiras.exe
    [2008/12/30 19:23:28 | 000,000,936 | ---- | C] () -- C:\Windows\adiras.ini
    [2008/12/30 19:23:27 | 000,127,456 | ---- | C] () -- C:\Windows\System32\ipdetect.exe
    [2008/12/30 19:23:25 | 000,126,976 | ---- | C] () -- C:\Windows\System32\coclassfast.dll
    [2008/12/30 19:23:24 | 000,046,892 | ---- | C] () -- C:\Windows\System32\adadix16.dll
    [2008/12/30 19:23:19 | 000,143,360 | ---- | C] () -- C:\Windows\autoclk.exe
    [2008/12/30 19:23:19 | 000,022,395 | ---- | C] () -- C:\Windows\System32\drivers\fpga.bin
    [2008/10/15 03:02:30 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
    [2008/10/15 03:02:30 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
    [2008/10/15 02:08:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2008/04/09 06:14:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2008/04/09 06:14:45 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2008/04/09 06:14:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
    [2008/04/09 06:14:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
    [2008/04/09 06:14:43 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2008/04/09 06:14:43 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
    [2008/03/15 23:06:25 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
    [2008/03/15 23:06:25 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
    [2008/03/15 22:36:54 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
    [2008/03/15 22:33:51 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2008/03/15 22:33:51 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2008/03/15 22:33:51 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
    [2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 12:47:37 | 000,381,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 10:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 10:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

    ========== LOP Check ==========

    [2012/02/02 21:30:57 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\118F0
    [2012/02/02 21:30:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\5245E
    [2012/02/02 21:30:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\5E47C
    [2008/03/15 22:47:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer GameZone Console
    [2012/01/17 21:45:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Autodesk
    [2010/02/05 19:16:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Azureus
    [2010/04/12 20:29:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Betfair
    [2008/12/30 20:33:28 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/05/08 15:14:53 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
    [2009/06/26 19:42:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\eSobi
    [2011/10/14 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Garmin
    [2010/11/22 19:41:38 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Microgaming
    [2012/02/01 18:40:00 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nitro PDF
    [2009/04/24 15:18:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nokia
    [2011/08/16 14:45:53 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenCandy
    [2009/04/24 15:18:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PC Suite
    [2011/08/16 14:51:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PrimoPDF
    [2012/02/06 19:35:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Spotify
    [2011/11/28 22:45:37 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
    [2012/02/07 07:27:40 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/03/15 22:42:09 | 000,091,973 | ---- | M] () -- C:\-20080315.log
    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2008/01/21 02:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2008/03/15 07:19:11 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2012/02/06 22:04:16 | 000,012,888 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/02/07 18:25:29 | 2191,994,880 | -HS- | M] () -- C:\pagefile.sys
    [2008/10/15 02:11:00 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 12:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 09:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\spool\prtprocs\w32x86\EP0NPP01.DLL
    [2009/04/16 12:42:24 | 000,315,904 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp70w.dll
    [2008/01/21 02:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/27 02:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2006/10/19 17:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Normal).scr
    [2006/10/19 17:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Wide).scr
    [2011/11/28 18:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/21 02:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/03/15 07:18:59 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/03/15 07:18:55 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/03/15 07:19:00 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2008/03/15 07:19:07 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2008/03/15 07:19:09 | 006,668,288 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/12/30 19:20:14 | 000,000,221 | -HS- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/01/31 21:48:21 | 000,000,000 | ---- | M] () -- C:\Users\John\Desktop\123.exe
    [2012/02/05 23:01:11 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\John\Desktop\boot_cleaner.exe
    [2012/02/06 21:34:06 | 004,397,604 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
    [2012/02/05 20:08:11 | 000,302,592 | ---- | M] () -- C:\Users\John\Desktop\gc5iihlh.exe
    [2009/04/20 20:37:18 | 001,075,864 | ---- | M] () -- C:\Users\John\Desktop\Google Updater.exe
    [2012/01/17 19:33:14 | 008,449,616 | ---- | M] () -- C:\Users\John\Desktop\installer.exe
    [2012/02/06 17:14:12 | 000,303,059 | ---- | M] () -- C:\Users\John\Desktop\ListParts.exe
    [2012/02/05 15:13:09 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/07 20:28:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
    [2012/01/17 19:37:50 | 222,364,016 | ---- | M] () -- C:\Users\John\Desktop\SetupDWGTrueView2012_32bit.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2008/10/15 02:08:49 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2008/10/15 02:08:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2008/10/15 02:08:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2008/10/15 02:08:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2008/10/15 02:08:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2008/10/15 02:08:19 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/12/30 19:13:40 | 000,000,402 | -HS- | M] () -- C:\Users\John\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/01/13 18:26:23 | 000,002,246 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  25. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    I still need Extras.txt log and....



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.