Inactive Please help me review & clean

Status
Not open for further replies.
necee99

necee99

Posts: 156   +1
I am concerned about the security of my computer. here is the story. some time ago (about 6-8months) i had a crazy virus that cause blue screen. with your help it was removed. computer was working great ever since. lately had a issue with sonic/roxio cd burning software where it gave a blue screen error. i ran my avast antivirus and it came up with 1 virus threat. i deleted it. and ran a couple cleaning tools. i am still a little worried about my security. can you please help. thanks. here are all the logs.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6057

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/14/2011 9:25:11 PM
mbam-log-2011-03-14 (21-25-10).txt

Scan type: Quick scan
Objects scanned: 142631
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-14 22:23:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014A rev.8.16
Running: lx5vetnz.exe; Driver: C:\DOCUME~1\Bernice\LOCALS~1\Temp\kxtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEDE629CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEDEB7A68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEDE82AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEDE64EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEDE64F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEDE6501A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEDE824A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEDE64E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEDE64F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEDE64E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEDE64FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEDE629EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEDE831BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEDE83471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEDE6529E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEDE83026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEDE82E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEDEB7B18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEDE627B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEDE62A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEDE65412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEDE634AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEDE64EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEDE64F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEDE65044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEDE82805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEDE64E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEDE650D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEDE64F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEDE64E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEDE651BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEDE64FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEDEB7BB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEDE82D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEDE63370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEDE82B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEDEBFE26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEDE81B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEDE62A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEDE62A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEDE62812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEDE6294E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEDE832C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEDE6292A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEDE62972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEDE62A7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEDECC8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 228 804E2894 8 Bytes CALL 669C5786
.text ntoskrnl.exe!_abnormal_termination + 34D 804E29B9 3 Bytes [FE, EB, ED]
PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP EDEC9D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL EDE63E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP EDECC8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP EDEC829E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF8B12760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7054F80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\spoolsv.exe[188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\spoolsv.exe[188] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\spoolsv.exe[188] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\spoolsv.exe[188] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\spoolsv.exe[188] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\spoolsv.exe[188] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\spoolsv.exe[188] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\spoolsv.exe[188] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\spoolsv.exe[188] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\spoolsv.exe[188] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\spoolsv.exe[188] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\spoolsv.exe[188] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\spoolsv.exe[188] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\spoolsv.exe[188] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[216] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D00E4
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0120
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D00A8
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D0030
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D006C
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E01D4
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E00E4
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0120
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E015C
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0198
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E0030
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E006C
.text C:\WINDOWS\system32\dla\tfswctrl.exe[308] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E00A8
.text C:\WINDOWS\system32\hkcmd.exe[328] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\hkcmd.exe[328] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\hkcmd.exe[328] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\hkcmd.exe[328] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\hkcmd.exe[328] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\hkcmd.exe[328] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\hkcmd.exe[328] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\hkcmd.exe[328] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\WINDOWS\system32\hkcmd.exe[328] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\hkcmd.exe[328] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\hkcmd.exe[328] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\WINDOWS\system32\hkcmd.exe[328] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\WINDOWS\system32\hkcmd.exe[328] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\hkcmd.exe[328] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\WINDOWS\system32\hkcmd.exe[328] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\igfxpers.exe[348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\igfxpers.exe[348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\igfxpers.exe[348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\igfxpers.exe[348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\igfxpers.exe[348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\igfxpers.exe[348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\igfxpers.exe[348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\igfxpers.exe[348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\WINDOWS\system32\igfxpers.exe[348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\igfxpers.exe[348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\igfxpers.exe[348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\WINDOWS\system32\igfxpers.exe[348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\WINDOWS\system32\igfxpers.exe[348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\igfxpers.exe[348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\WINDOWS\system32\igfxpers.exe[348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\svchost.exe[420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[420] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[420] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[420] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[420] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[420] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[504] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\WINDOWS\vVX3000.exe[520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\WINDOWS\vVX3000.exe[520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\WINDOWS\vVX3000.exe[520] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\WINDOWS\vVX3000.exe[520] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\WINDOWS\vVX3000.exe[520] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\WINDOWS\vVX3000.exe[520] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\WINDOWS\vVX3000.exe[520] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\WINDOWS\vVX3000.exe[520] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\WINDOWS\vVX3000.exe[520] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\WINDOWS\vVX3000.exe[520] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
 
logs continued

.text C:\WINDOWS\vVX3000.exe[520] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\WINDOWS\vVX3000.exe[520] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\WINDOWS\vVX3000.exe[520] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\WINDOWS\vVX3000.exe[520] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\WINDOWS\vVX3000.exe[520] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\WINDOWS\system32\ctfmon.exe[536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\ctfmon.exe[536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\ctfmon.exe[536] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\system32\ctfmon.exe[536] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\ctfmon.exe[536] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\ctfmon.exe[536] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\system32\ctfmon.exe[536] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\system32\ctfmon.exe[536] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\ctfmon.exe[536] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\ctfmon.exe[536] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\ctfmon.exe[536] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\WINDOWS\system32\ctfmon.exe[536] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\WINDOWS\system32\ctfmon.exe[536] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\WINDOWS\system32\ctfmon.exe[536] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\WINDOWS\system32\ctfmon.exe[536] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\Program Files\Skype\Phone\Skype.exe[544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Skype\Phone\Skype.exe[544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Skype\Phone\Skype.exe[544] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 04FB01D4
.text C:\Program Files\Skype\Phone\Skype.exe[544] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 04FB00E4
.text C:\Program Files\Skype\Phone\Skype.exe[544] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 04FB0120
.text C:\Program Files\Skype\Phone\Skype.exe[544] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 04FB015C
.text C:\Program Files\Skype\Phone\Skype.exe[544] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 04FB0198
.text C:\Program Files\Skype\Phone\Skype.exe[544] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 04FB0030
.text C:\Program Files\Skype\Phone\Skype.exe[544] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 04FB006C
.text C:\Program Files\Skype\Phone\Skype.exe[544] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 04FB00A8
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe[848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\winlogon.exe[868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00070030
.text C:\WINDOWS\system32\winlogon.exe[868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[868] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\winlogon.exe[868] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\winlogon.exe[868] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\winlogon.exe[868] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\winlogon.exe[868] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\winlogon.exe[868] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\winlogon.exe[868] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\winlogon.exe[868] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\winlogon.exe[868] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\winlogon.exe[868] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\winlogon.exe[868] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\winlogon.exe[868] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\winlogon.exe[868] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1364] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1364] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1364] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1364] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1364] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\svchost.exe[1428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[1428] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[1428] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\svchost.exe[1428] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\svchost.exe[1428] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[1428] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\svchost.exe[1428] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1528] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\WINDOWS\Explorer.EXE[1544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\Explorer.EXE[1544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\Explorer.EXE[1544] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\Explorer.EXE[1544] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\Explorer.EXE[1544] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\Explorer.EXE[1544] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\Explorer.EXE[1544] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\Explorer.EXE[1544] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\Explorer.EXE[1544] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\Explorer.EXE[1544] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\Explorer.EXE[1544] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\WINDOWS\Explorer.EXE[1544] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\WINDOWS\Explorer.EXE[1544] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\WINDOWS\Explorer.EXE[1544] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\WINDOWS\Explorer.EXE[1544] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D01D4
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D00E4
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0120
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D015C
 
logs continued

.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0198
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D0030
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D006C
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D00A8
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1708] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\System32\svchost.exe[1964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[1964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[1964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\svchost.exe[1964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\svchost.exe[1964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[1964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\svchost.exe[1964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D01D4
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D00E4
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0120
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D015C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0198
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D0030
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D006C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D00A8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2092] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\svchost.exe[2172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[2172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[2172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[2172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[2172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[2172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[2172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2680] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\WINDOWS\system32\rundll32.exe[2932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\rundll32.exe[2932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\rundll32.exe[2932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\rundll32.exe[2932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\rundll32.exe[2932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\rundll32.exe[2932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\rundll32.exe[2932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\rundll32.exe[2932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\system32\rundll32.exe[2932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\rundll32.exe[2932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\rundll32.exe[2932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\system32\rundll32.exe[2932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\system32\rundll32.exe[2932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\rundll32.exe[2932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\rundll32.exe[2932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\alg.exe[3200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\alg.exe[3200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\alg.exe[3200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\alg.exe[3200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\alg.exe[3200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\alg.exe[3200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\alg.exe[3200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\alg.exe[3200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\System32\alg.exe[3200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\alg.exe[3200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\alg.exe[3200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\System32\alg.exe[3200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\System32\alg.exe[3200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\alg.exe[3200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\alg.exe[3200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A0030
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A006C
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[3820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00160030
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0016006C
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F00E4
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0120
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F00A8
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F0030
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F006C
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004C01D4
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004C00E4
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004C0120
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004C015C
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004C0198
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004C0030
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004C006C
.text C:\Documents and Settings\Bernice\Desktop\lx5vetnz.exe[5716] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004C00A8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat BA7A0D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/17/2010 10:51:56 PM
System Uptime: 3/14/2011 10:36:06 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel(R) Celeron(R) CPU 2.66GHz | Microprocessor | 2660/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 34 GiB total, 21.125 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Ativa Wireless G USB Network Adapter
Device ID: USB\VID_050D&PID_705C\5&2288B5EF&0&1
Manufacturer: Ativa
Name: Ativa Wireless G USB Network Adapter #4
PNP Device ID: USB\VID_050D&PID_705C\5&2288B5EF&0&1
Service: ODWGU(Ativa)
.
==== System Restore Points ===================
.
RP66: 12/6/2010 8:21:03 PM - System Checkpoint
RP67: 12/14/2010 8:21:21 PM - System Checkpoint
RP68: 12/14/2010 11:36:35 PM - Software Distribution Service 3.0
RP69: 12/17/2010 9:18:07 PM - System Checkpoint
RP70: 12/21/2010 11:52:52 PM - System Checkpoint
RP71: 12/24/2010 9:21:39 AM - Installed Java(TM) 6 Update 23
RP72: 12/24/2010 9:28:58 AM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP73: 12/27/2010 5:08:31 PM - System Checkpoint
RP74: 12/27/2010 6:52:35 PM - Installed Nokia Connectivity Cable Driver
RP75: 12/27/2010 6:55:06 PM - Installed Nokia Multimedia Player
RP76: 12/27/2010 6:56:38 PM - Installed Nokia PC Suite 5.8
RP77: 12/27/2010 6:59:03 PM - Configured Nokia Multimedia Player
RP78: 12/27/2010 7:02:58 PM - Configured Nokia Connectivity Cable Driver
RP79: 12/30/2010 1:41:47 PM - System Checkpoint
RP80: 1/11/2011 12:42:35 PM - Software Distribution Service 3.0
RP81: 1/12/2011 8:54:22 AM - Software Distribution Service 3.0
RP82: 2/4/2011 9:09:34 PM - System Checkpoint
RP83: 2/5/2011 3:55:52 PM - Installed Windows Media Player 10
RP84: 2/5/2011 4:03:28 PM - Software Distribution Service 3.0
RP85: 2/5/2011 5:37:23 PM - Software Distribution Service 3.0
RP86: 2/5/2011 8:59:14 PM - Installed DirectX
RP87: 2/5/2011 10:05:21 PM - Software Distribution Service 3.0
RP88: 2/7/2011 6:21:26 PM - Software Distribution Service 3.0
RP89: 2/10/2011 11:15:57 PM - Software Distribution Service 3.0
RP90: 2/14/2011 12:23:49 PM - Software Distribution Service 3.0
RP91: 2/14/2011 1:07:13 PM - Software Distribution Service 3.0
RP92: 2/28/2011 1:09:27 PM - System Checkpoint
RP93: 3/4/2011 11:48:49 PM - avast! Free Antivirus Setup
RP94: 3/9/2011 12:55:20 PM - Software Distribution Service 3.0
RP95: 3/9/2011 7:25:02 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Ativa Wireless USB Utility
avast! Free Antivirus
BufferChm
CCleaner
Copy
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
Destinations
DeviceDiscovery
DJ_AIO_06_F2400_SW_Min
F2400
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes' Anti-Malware
MarketResearch
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Default Manager
Microsoft LifeCam
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Event Monitor
Modem Helper
Modem On Hold
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
MyPoints Point Finder
OpenOffice.org 3.1
PowerDVD 5.3
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Shop for HP Supplies
Skype Toolbars
Skype™ 5.1
SmartWebPrinting
SolutionCenter
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Status
Suddenlink Toolbar
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Vivitar Experience Image Manager
Watchtower Library 2009 - English
Watchtower Library 2009 - español
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 12
.
==== Event Viewer Messages From Past Week ========
.
3/14/2011 9:30:25 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/14/2011 3:26:11 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 3:26:11 PM, error: Service Control Manager [7034] - The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 3:26:11 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 3:26:11 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 3:12:05 PM, error: System Error [1003] - Error code 00000050, parameter1 ff7cf000, parameter2 00000000, parameter3 804f3ccb, parameter4 00000000.
3/11/2011 3:29:52 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/11/2011 3:29:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
3/11/2011 3:29:03 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/11/2011 3:27:28 PM, error: Service Control Manager [7022] - The MSCamSvc service hung on starting.
3/11/2011 2:53:06 PM, error: Print [19] - Sharing printer failed + 1722, Printer HP Deskjet F2400 series share name HP Deskjet F2400 series.
.
==== End Of File ===========================

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Bernice at 22:45:16.23 on Mon 03/14/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.294 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Bernice\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.suddenlink.net/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {96b985b7-3cf9-456a-9db6-791710e60f5f} - c:\program files\mypoints point finder\Helper.dll
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: MyPoints Point Finder BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints point finder\Toolbar.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Suddenlink Toolbar: {a057a204-bacc-4d26-d298-35efc2a62dd7} - c:\progra~1\sudden~1\SUDDEN~1.DLL
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Suddenlink Toolbar: {a057a204-bacc-4d26-d298-35efc2a62dd7} - c:\progra~1\sudden~1\SUDDEN~1.DLL
TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints point finder\Toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ativaw~1.lnk - c:\program files\ativa\usb awgua54\wireless utility\Ativawcui.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266626922265
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-5 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-5 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-5 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-5 42184]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-2-25 88176]
S3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\system32\drivers\ODWGU.sys [2010-11-26 408064]
.
=============== Created Last 30 ================
.
2011-03-05 05:49:34 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-05 05:49:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-05 05:48:49 -------- d-----w- c:\program files\AVAST Software
2011-03-05 05:48:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-03-05 05:46:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-05 05:46:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-05 05:46:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 22:46:31.76 ===============
 
You're very welcome
smiley_says_hello.gif
 
Status
Not open for further replies.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back