Hi. I'm in much need of help! This virus has deleted my avg software and won't let me access any other antivirus sites. I have downloaded OTL and ran the quick scan, now I need advice on what to do next. I have the OTL.Txt and the Extras.Txt files but they are too big for here. Which parts do I post for a start? Thanks.
Solved Deleted AVG software and won't let me access antivirus sites
- Thread starter sumbanana
- Start date
Broni
Posts: 56,041 +516
Welcome aboard
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Managed to get a copy of avast onto my pc which has made a big difference as I can now access antivirus websites and the likes. Here is my log after running malwarebyts;
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.05.02
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
John :: JOHN-PC [administrator]
Protection: Enabled
05/02/2012 15:19:21
mbam-log-2012-02-05 (15-19-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186069
Time elapsed: 9 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: a·¸+߬H»à¼À:›; -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Users\John\AppData\Roaming\5245E\4D5CA.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|27B.exe (Backdoor.CycBot.Gen) -> Data: C:\Users\John\AppData\Roaming\Microsoft\CA75\27B.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\John\AppData\Local\Temp\0.45611871576328344.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
C:\Users\John\AppData\Local\Temp\byfjmybo.sys (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.05.02
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
John :: JOHN-PC [administrator]
Protection: Enabled
05/02/2012 15:19:21
mbam-log-2012-02-05 (15-19-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186069
Time elapsed: 9 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: a·¸+߬H»à¼À:›; -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Users\John\AppData\Roaming\5245E\4D5CA.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|27B.exe (Backdoor.CycBot.Gen) -> Data: C:\Users\John\AppData\Roaming\Microsoft\CA75\27B.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\John\AppData\Local\Temp\0.45611871576328344.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
C:\Users\John\AppData\Local\Temp\byfjmybo.sys (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
MER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-05 21:14:40
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAJS-22B4A0 rev.01.03A01
Running: gc5iihlh.exe; Driver: C:\Users\John\AppData\Local\Temp\kgldypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E626FC4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E629456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E6294AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E6295C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E6293AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E6294FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E629400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E629572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E626FE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E626DB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E62700C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E6299BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E627AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E629486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E6294D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E6295EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E6293D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E62953E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E62942E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E62959C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E62796A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E627030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E627054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E626E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E626F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E626F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E626F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E627078]
INT 0x61 ? 84F5ABF8
INT 0x71 ? 84F5ABF8
INT 0x72 ? 86202F00
INT 0x72 ? 86202F00
INT 0x72 ? 86202F00
INT 0x81 ? 84F5ABF8
INT 0x91 ? 86202F00
INT 0x91 ? 86202F00
INT 0x91 ? 86202F00
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EA257A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 340 826FF964 4 Bytes [C4, 6F, 62, 8E]
.text ntkrnlpa.exe!KeSetTimerEx + 404 826FFA28 8 Bytes [56, 94, 62, 8E, AE, 94, 62, ...] {PUSH ESI; XCHG ESP, EAX; BOUND ECX, [ESI-0x719d6b52]}
.text ntkrnlpa.exe!KeSetTimerEx + 410 826FFA34 4 Bytes [C4, 95, 62, 8E]
.text ntkrnlpa.exe!KeSetTimerEx + 428 826FFA4C 4 Bytes [AC, 93, 62, 8E]
.text ntkrnlpa.exe!KeSetTimerEx + 448 826FFA6C 8 Bytes [FE, 94, 62, 8E, 00, 94, 62, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82826D5E 5 Bytes JMP 8EA2269C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82863666 4 Bytes CALL 8E628025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82872FC9 4 Bytes CALL 8E62803B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 8288F872 5 Bytes JMP 8EA2415C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 828DB776 7 Bytes JMP 8EA257A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\Drivers\sppb.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8D60C000, 0x1F875A, 0xE8000020]
.text USBPORT.SYS!DllUnload 879EE46F 5 Bytes JMP 862024E0
.text apj1k8t4.SYS 8779D000 22 Bytes [26, B2, 61, 82, 10, B1, 61, ...]
.text apj1k8t4.SYS 8779D017 145 Bytes [00, 32, 97, 71, 80, 3D, 95, ...]
.text apj1k8t4.SYS 8779D0A9 35 Bytes [A0, 69, 82, 60, 97, 69, 82, ...]
.text apj1k8t4.SYS 8779D0CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text apj1k8t4.SYS 8779D0DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\wininit.exe[692] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[692] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[692] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[692] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000603FC
.text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[692] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00060A08
.text C:\Windows\system32\csrss.exe[700] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\services.exe[736] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[736] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[736] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[736] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[736] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[748] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[748] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[748] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[748] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[748] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsm.exe[764] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[764] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[764] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[808] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[808] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[808] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[836] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000603FC
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWindowsHookEx
Rootkit scan 2012-02-05 21:14:40
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAJS-22B4A0 rev.01.03A01
Running: gc5iihlh.exe; Driver: C:\Users\John\AppData\Local\Temp\kgldypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E626FC4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E629456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E6294AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E6295C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E6293AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E6294FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E629400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E629572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E626FE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E626DB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E62700C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E6299BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E627AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E629486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E6294D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E6295EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E6293D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E62953E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E62942E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E62959C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E62796A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E627030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E627054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E626E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E626F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E626F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E626F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E627078]
INT 0x61 ? 84F5ABF8
INT 0x71 ? 84F5ABF8
INT 0x72 ? 86202F00
INT 0x72 ? 86202F00
INT 0x72 ? 86202F00
INT 0x81 ? 84F5ABF8
INT 0x91 ? 86202F00
INT 0x91 ? 86202F00
INT 0x91 ? 86202F00
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EA257A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 340 826FF964 4 Bytes [C4, 6F, 62, 8E]
.text ntkrnlpa.exe!KeSetTimerEx + 404 826FFA28 8 Bytes [56, 94, 62, 8E, AE, 94, 62, ...] {PUSH ESI; XCHG ESP, EAX; BOUND ECX, [ESI-0x719d6b52]}
.text ntkrnlpa.exe!KeSetTimerEx + 410 826FFA34 4 Bytes [C4, 95, 62, 8E]
.text ntkrnlpa.exe!KeSetTimerEx + 428 826FFA4C 4 Bytes [AC, 93, 62, 8E]
.text ntkrnlpa.exe!KeSetTimerEx + 448 826FFA6C 8 Bytes [FE, 94, 62, 8E, 00, 94, 62, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82826D5E 5 Bytes JMP 8EA2269C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82863666 4 Bytes CALL 8E628025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82872FC9 4 Bytes CALL 8E62803B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 8288F872 5 Bytes JMP 8EA2415C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 828DB776 7 Bytes JMP 8EA257A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\Drivers\sppb.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8D60C000, 0x1F875A, 0xE8000020]
.text USBPORT.SYS!DllUnload 879EE46F 5 Bytes JMP 862024E0
.text apj1k8t4.SYS 8779D000 22 Bytes [26, B2, 61, 82, 10, B1, 61, ...]
.text apj1k8t4.SYS 8779D017 145 Bytes [00, 32, 97, 71, 80, 3D, 95, ...]
.text apj1k8t4.SYS 8779D0A9 35 Bytes [A0, 69, 82, 60, 97, 69, 82, ...]
.text apj1k8t4.SYS 8779D0CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text apj1k8t4.SYS 8779D0DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\wininit.exe[692] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[692] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[692] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[692] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000603FC
.text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[692] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00060A08
.text C:\Windows\system32\csrss.exe[700] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\services.exe[736] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[736] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[736] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[736] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[736] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[748] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[748] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[748] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[748] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[748] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsm.exe[764] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[764] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[764] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[808] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[808] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[808] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[808] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[808] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[836] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000603FC
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWindowsHookEx
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000D0804
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000D01F8
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000D03FC
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000D0600
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000D0A08
.text C:\Windows\system32\Ati2evxx.exe[1172] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Windows\system32\Ati2evxx.exe[1172] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Windows\system32\Ati2evxx.exe[1172] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 005F0804
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 005F01F8
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 005F03FC
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 005F0600
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 005F0A08
.text C:\Windows\System32\svchost.exe[1220] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00C50804
.text C:\Windows\System32\svchost.exe[1220] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 00C501F8
.text C:\Windows\System32\svchost.exe[1220] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 00C503FC
.text C:\Windows\System32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00C50600
.text C:\Windows\System32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00C50A08
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00150804
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001501F8
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001503FC
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00150A08
.text C:\Windows\system32\AUDIODG.EXE[1352] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00600804
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 006001F8
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 006003FC
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00600600
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00600A08
.text C:\Windows\system32\svchost.exe[1540] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1540] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1540] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[1540] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[1540] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[1540] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[1540] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000C0A08
.text C:\Windows\system32\Ati2evxx.exe[1612] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Windows\system32\Ati2evxx.exe[1612] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Windows\system32\Ati2evxx.exe[1612] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1756] kernel32.dll!SetUnhandledExceptionFilter 7733700D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1756] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1808] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1808] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1808] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[1872] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[1872] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[1872] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[1872] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000C0804
.text C:\Windows\system32\Dwm.exe[1872] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000C01F8
.text C:\Windows\system32\Dwm.exe[1872] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000C03FC
.text C:\Windows\system32\Dwm.exe[1872] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000C0600
.text C:\Windows\system32\Dwm.exe[1872] USER32.dll!UnhookWindowsHookEx
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000D0804
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000D01F8
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000D03FC
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000D0600
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000D0A08
.text C:\Windows\system32\Ati2evxx.exe[1172] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Windows\system32\Ati2evxx.exe[1172] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Windows\system32\Ati2evxx.exe[1172] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Windows\system32\Ati2evxx.exe[1172] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Windows\system32\Ati2evxx.exe[1172] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 005F0804
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 005F01F8
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 005F03FC
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 005F0600
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 005F0A08
.text C:\Windows\System32\svchost.exe[1220] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00C50804
.text C:\Windows\System32\svchost.exe[1220] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 00C501F8
.text C:\Windows\System32\svchost.exe[1220] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 00C503FC
.text C:\Windows\System32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00C50600
.text C:\Windows\System32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00C50A08
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00150804
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001501F8
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001503FC
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00150A08
.text C:\Windows\system32\AUDIODG.EXE[1352] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00600804
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 006001F8
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 006003FC
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00600600
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00600A08
.text C:\Windows\system32\svchost.exe[1540] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1540] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1540] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[1540] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[1540] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[1540] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[1540] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000C0A08
.text C:\Windows\system32\Ati2evxx.exe[1612] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Windows\system32\Ati2evxx.exe[1612] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Windows\system32\Ati2evxx.exe[1612] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Windows\system32\Ati2evxx.exe[1612] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Windows\system32\Ati2evxx.exe[1612] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1756] kernel32.dll!SetUnhandledExceptionFilter 7733700D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1756] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1808] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1808] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1808] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1808] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[1872] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[1872] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[1872] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[1872] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[1872] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000C0804
.text C:\Windows\system32\Dwm.exe[1872] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000C01F8
.text C:\Windows\system32\Dwm.exe[1872] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000C03FC
.text C:\Windows\system32\Dwm.exe[1872] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000C0600
.text C:\Windows\system32\Dwm.exe[1872] USER32.dll!UnhookWindowsHookEx
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
.text C:\Windows\Explorer.EXE[1928] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[1928] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[1928] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[1928] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[1928] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[1928] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[1928] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[1928] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Windows\System32\spoolsv.exe[2092] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[2092] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[2092] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00230804
.text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 002301F8
.text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 002303FC
.text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00230600
.text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00230A08
.text C:\Windows\system32\taskeng.exe[2124] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2124] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2124] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2124] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2124] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2124] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2124] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2124] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[2152] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2152] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2152] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2152] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000F0804
.text C:\Windows\system32\svchost.exe[2152] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000F01F8
.text C:\Windows\system32\svchost.exe[2152] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000F03FC
.text C:\Windows\system32\svchost.exe[2152] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[2152] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000F0A08
.text C:\Windows\RtHDVCpl.exe[2180] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[2180] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[2180] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
.text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
.text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
.text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2200] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2236] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2236] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2236] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2236] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2236] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2236] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2236] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2236] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\WUDFHost.exe[2372] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\WUDFHost.exe[2372] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\WUDFHost.exe[2372] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00070804
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000701F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000703FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00070600
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00070A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000803FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00080600
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00081014
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00080804
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00080A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00080C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00080E10
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000801F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 002803FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00280600
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00281014
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00280804
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00280A08
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00280C0C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00280E10
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 002801F8
.text C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe[2796] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001903FC
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00190600
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00191014
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00190804
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00190A08
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00190C0C
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00190E10
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
.text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[1924] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
.text C:\Windows\Explorer.EXE[1928] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[1928] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[1928] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[1928] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[1928] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[1928] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[1928] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[1928] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[1928] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Windows\System32\spoolsv.exe[2092] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[2092] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[2092] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[2092] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00230804
.text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 002301F8
.text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 002303FC
.text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00230600
.text C:\Windows\System32\spoolsv.exe[2092] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00230A08
.text C:\Windows\system32\taskeng.exe[2124] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2124] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2124] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2124] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2124] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2124] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2124] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2124] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2124] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[2152] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2152] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2152] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2152] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2152] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000F0804
.text C:\Windows\system32\svchost.exe[2152] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000F01F8
.text C:\Windows\system32\svchost.exe[2152] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000F03FC
.text C:\Windows\system32\svchost.exe[2152] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[2152] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000F0A08
.text C:\Windows\RtHDVCpl.exe[2180] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[2180] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[2180] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Windows\RtHDVCpl.exe[2180] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
.text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
.text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
.text C:\Windows\RtHDVCpl.exe[2180] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2200] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2236] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2236] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2236] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2236] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2236] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2236] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2236] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2236] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2236] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\WUDFHost.exe[2372] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\WUDFHost.exe[2372] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\WUDFHost.exe[2372] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WUDFHost.exe[2372] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\WUDFHost.exe[2372] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00070804
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000701F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000703FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00070600
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00070A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000803FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00080600
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00081014
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00080804
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00080A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00080C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00080E10
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000801F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 002803FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00280600
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00281014
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00280804
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00280A08
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00280C0C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00280E10
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 002801F8
.text C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe[2796] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001903FC
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00190600
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00191014
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00190804
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00190A08
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00190C0C
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00190E10
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[2856] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2884] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001603FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00160600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00161014
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00160804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00160A08
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00160C0C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00160E10
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001601F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
.text C:\Program Files\Acer\Empowering Technology\Service\ETService.exe[3140] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 003903FC
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00390600
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00391014
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00390804
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00390A08
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00390C0C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00390E10
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 003901F8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 003A0804
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 003A01F8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 003A03FC
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 003A0600
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 003A0A08
.text C:\Windows\system32\svchost.exe[3256] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3256] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3256] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3256] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00550804
.text C:\Windows\system32\svchost.exe[3256] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 005501F8
.text C:\Windows\system32\svchost.exe[3256] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 005503FC
.text C:\Windows\system32\svchost.exe[3256] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00550600
.text C:\Windows\system32\svchost.exe[3256] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00550A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001601F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001603FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00190804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001901F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001903FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00190600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00190A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001A03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 001A0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 001A1014
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 001A0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 001A0C0C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 001A0E10
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001A01F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[3380] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3380] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3380] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[3380] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[3380] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[3380] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[3380] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[3380] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000B0A08
.text C:\Windows\autoclk.exe[3388] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Windows\autoclk.exe[3388] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Windows\autoclk.exe[3388] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\autoclk.exe[3388] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Windows\autoclk.exe[3388] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Windows\autoclk.exe[3388] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Windows\autoclk.exe[3388] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Windows\autoclk.exe[3388] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 003803FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00380600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00381014
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00380804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00380A08
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00380C0C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00380E10
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 003801F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00390804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 003901F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 003903FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00390600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00390A08
.text C:\Program Files\Acer\Empowering Technology\SysMonitor.exe[3452] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3476] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00080600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00081014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00080804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00080A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00080C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00080E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehtray.exe[3520] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehtray.exe[3520] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000803FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2912] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001603FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00160600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00161014
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00160804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00160A08
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00160C0C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00160E10
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001601F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2988] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[3028] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
.text C:\Program Files\Acer\Empowering Technology\Service\ETService.exe[3140] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 003903FC
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00390600
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00391014
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00390804
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00390A08
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00390C0C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00390E10
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 003901F8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 003A0804
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 003A01F8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 003A03FC
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 003A0600
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3224] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 003A0A08
.text C:\Windows\system32\svchost.exe[3256] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3256] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3256] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3256] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3256] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00550804
.text C:\Windows\system32\svchost.exe[3256] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 005501F8
.text C:\Windows\system32\svchost.exe[3256] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 005503FC
.text C:\Windows\system32\svchost.exe[3256] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00550600
.text C:\Windows\system32\svchost.exe[3256] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00550A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001601F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001603FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3312] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00190804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001901F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001903FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00190600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00190A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001A03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 001A0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 001A1014
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 001A0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 001A0C0C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 001A0E10
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001A01F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3336] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[3380] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3380] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3380] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[3380] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[3380] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[3380] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[3380] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[3380] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[3380] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000B0A08
.text C:\Windows\autoclk.exe[3388] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Windows\autoclk.exe[3388] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Windows\autoclk.exe[3388] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\autoclk.exe[3388] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Windows\autoclk.exe[3388] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Windows\autoclk.exe[3388] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Windows\autoclk.exe[3388] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Windows\autoclk.exe[3388] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Windows\autoclk.exe[3388] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3400] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe[3408] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 003803FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00380600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00381014
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00380804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00380A08
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00380C0C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00380E10
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 003801F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00390804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 003901F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 003903FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00390600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3436] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00390A08
.text C:\Program Files\Acer\Empowering Technology\SysMonitor.exe[3452] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3476] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00080600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00081014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00080804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00080A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00080C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00080E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3484] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehtray.exe[3520] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehtray.exe[3520] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000803FC
.text C:\Windows\ehome\ehtray.exe[3520] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000A03FC
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 000A0600
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 000A1014
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 000A0804
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 000A0A08
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 000A0C0C
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 000A0E10
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000A01F8
.text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000B0804
.text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000B01F8
.text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000B03FC
.text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000B0600
.text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000B0A08
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00270804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 002701F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 002703FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00270600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00270A08
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 002803FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00280600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00281014
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00280804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00280A08
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00280C0C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00280E10
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 002801F8
.text C:\Windows\ehome\ehmsas.exe[3704] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000401F8
.text C:\Windows\ehome\ehmsas.exe[3704] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000403FC
.text C:\Windows\ehome\ehmsas.exe[3704] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00070A08
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[3792] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3792] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3792] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 000B1014
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 000B0E10
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[3792] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 003A0804
.text C:\Windows\System32\svchost.exe[3792] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 003A01F8
.text C:\Windows\System32\svchost.exe[3792] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 003A03FC
.text C:\Windows\System32\svchost.exe[3792] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 003A0600
.text C:\Windows\System32\svchost.exe[3792] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 003A0A08
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[3832] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3832] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3832] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00320804
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 003201F8
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 003203FC
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00320600
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00320A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001603FC
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00160600
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00161014
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00160804
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00160A08
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00160C0C
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00160E10
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001601F8
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001603FC
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00160600
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00161014
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00160804
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00160A08
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00160C0C
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00160E10
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001601F8
.text C:\Windows\system32\svchost.exe[3984] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3984] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3984] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00F90804
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 00F901F8
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 00F903FC
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00F90600
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00F90A08
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 00FA03FC
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00FA0600
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00FA1014
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00FA0804
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00FA0A08
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00FA0C0C
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00FA0E10
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 00FA01F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4036] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4176] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[4176] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[4176] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[4176] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00270804
.text C:\Windows\system32\svchost.exe[4176] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 002701F8
.text C:\Windows\system32\svchost.exe[4176] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 002703FC
.text C:\Windows\system32\svchost.exe[4176] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00270600
.text C:\Windows\system32\svchost.exe[4176] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00270A08
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\iPod\bin\iPodService.exe[4240] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Windows\system32\wbem\unsecapp.exe[4512] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
.text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
.text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
.text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
.text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000C0804
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000C01F8
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000A03FC
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 000A0600
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 000A1014
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 000A0804
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 000A0A08
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 000A0C0C
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 000A0E10
.text C:\Windows\ehome\ehtray.exe[3520] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000A01F8
.text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000B0804
.text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000B01F8
.text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000B03FC
.text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000B0600
.text C:\Windows\ehome\ehtray.exe[3520] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000B0A08
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3620] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3656] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00270804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 002701F8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 002703FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00270600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00270A08
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 002803FC
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00280600
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00281014
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00280804
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00280A08
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00280C0C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00280E10
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3688] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 002801F8
.text C:\Windows\ehome\ehmsas.exe[3704] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000401F8
.text C:\Windows\ehome\ehmsas.exe[3704] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000403FC
.text C:\Windows\ehome\ehmsas.exe[3704] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehmsas.exe[3704] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehmsas.exe[3704] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00070A08
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3740] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[3792] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3792] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3792] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 000B1014
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 000B0E10
.text C:\Windows\System32\svchost.exe[3792] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[3792] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 003A0804
.text C:\Windows\System32\svchost.exe[3792] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 003A01F8
.text C:\Windows\System32\svchost.exe[3792] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 003A03FC
.text C:\Windows\System32\svchost.exe[3792] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 003A0600
.text C:\Windows\System32\svchost.exe[3792] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 003A0A08
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00160804
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001601F8
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001603FC
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00160600
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00160A08
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Users\John\AppData\Local\Akamai\netsession_win.exe[3824] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[3832] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3832] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3832] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00320804
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 003201F8
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 003203FC
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00320600
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00320A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3868] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001603FC
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00160600
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00161014
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00160804
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00160A08
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00160C0C
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00160E10
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001601F8
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\issc\IS89C35\wwu.exe[3920] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001401F8
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001603FC
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00160600
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00161014
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00160804
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00160A08
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00160C0C
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00160E10
.text C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe[3956] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001601F8
.text C:\Windows\system32\svchost.exe[3984] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3984] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3984] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3984] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00F90804
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 00F901F8
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 00F903FC
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00F90600
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00F90A08
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 00FA03FC
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00FA0600
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00FA1014
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00FA0804
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00FA0A08
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00FA0C0C
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00FA0E10
.text C:\ProgramData\TVersity\Media Server\MediaServer.exe[4020] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 00FA01F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4036] KERNEL32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4176] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[4176] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[4176] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[4176] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[4176] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00270804
.text C:\Windows\system32\svchost.exe[4176] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 002701F8
.text C:\Windows\system32\svchost.exe[4176] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 002703FC
.text C:\Windows\system32\svchost.exe[4176] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00270600
.text C:\Windows\system32\svchost.exe[4176] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00270A08
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\iPod\bin\iPodService.exe[4240] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Program Files\iPod\bin\iPodService.exe[4240] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00080804
.text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000801F8
.text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000803FC
.text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00080600
.text C:\Program Files\iPod\bin\iPodService.exe[4240] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Windows\system32\wbem\unsecapp.exe[4512] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Windows\system32\wbem\unsecapp.exe[4512] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
.text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
.text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
.text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
.text C:\Windows\system32\wbem\unsecapp.exe[4512] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 000C0804
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000C0600
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[5704] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5872] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Users\John\Desktop\gc5iihlh.exe[5924] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8060F6D6] \SystemRoot\System32\Drivers\sppb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8060F042] \SystemRoot\System32\Drivers\sppb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8060F800] \SystemRoot\System32\Drivers\sppb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8060F0C0] \SystemRoot\System32\Drivers\sppb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060F13E] \SystemRoot\System32\Drivers\sppb.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8061EE9C] \SystemRoot\System32\Drivers\sppb.sys
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortWritePortUchar] 83877C2F
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F877C00
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[736] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00140002
IAT C:\Windows\system32\services.exe[736] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00140000
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74708864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74749855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7470B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746FFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74707A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746FEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7473B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7470BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74700756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747006BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746F71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7478D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74727329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746FE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746F697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746F69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74702475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 84F5F1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{C9795B23-821A-4994-9D98-B77E1CB144B1} 86AAD1F8
Device \Driver\volmgr \Device\VolMgrControl 84F5C1F8
Device \Driver\usbohci \Device\USBPDO-0 862031F8
Device \Driver\usbohci \Device\USBPDO-1 862031F8
Device \Driver\usbehci \Device\USBPDO-2 862041F8
Device \Driver\usbohci \Device\USBPDO-3 862031F8
Device \Driver\usbohci \Device\USBPDO-4 862031F8
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbehci \Device\USBPDO-5 862041F8
Device \Driver\usbohci \Device\USBPDO-6 862031F8
Device \Driver\volmgr \Device\HarddiskVolume1 84F5C1F8
Device \Driver\sptd \Device\2110348712 sppb.sys
Device \Driver\volmgr \Device\HarddiskVolume2 84F5C1F8
Device \Driver\cdrom \Device\CdRom0 861FD1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84F5E1F8
Device \Driver\atapi \Device\Ide\IdePort0 84F5E1F8
Device \Driver\atapi \Device\Ide\IdePort1 84F5E1F8
Device \Driver\atapi \Device\Ide\IdePort2 84F5E1F8
Device \Driver\atapi \Device\Ide\IdePort3 84F5E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 84F5E1F8
Device \Driver\volmgr \Device\HarddiskVolume3 84F5C1F8
Device \Driver\cdrom \Device\CdRom1 861FD1F8
Device \Driver\volmgr \Device\HarddiskVolume4 84F5C1F8
Device \Driver\volmgr \Device\HarddiskVolume5 84F5C1F8
Device \Driver\volmgr \Device\HarddiskVolume6 84F5C1F8
Device \Driver\volmgr \Device\HarddiskVolume7 84F5C1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 86AAD1F8
Device \Driver\PCI_PNP0654 \Device\0000010b sppb.sys
Device \Driver\Smb \Device\NetbiosSmb 86AAE1F8
Device \Driver\iScsiPrt \Device\RaidPort0 8626D1F8
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbohci \Device\USBFDO-0 862031F8
Device \Driver\usbohci \Device\USBFDO-1 862031F8
Device \Driver\usbehci \Device\USBFDO-2 862041F8
Device \Driver\usbohci \Device\USBFDO-3 862031F8
Device \Driver\usbohci \Device\USBFDO-4 862031F8
Device \Driver\usbehci \Device\USBFDO-5 862041F8
Device \Driver\usbohci \Device\USBFDO-6 862031F8
Device \Driver\apj1k8t4 \Device\Scsi\apj1k8t41Port5Path0Target0Lun0 862401F8
Device \Driver\apj1k8t4 \Device\Scsi\apj1k8t41 862401F8
Device \FileSystem\cdfs \Cdfs 8608F1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD8 0xB8 0xA3 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0x9A 0x2D 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x33 0xBD 0xC9 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD8 0xB8 0xA3 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0x9A 0x2D 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x33 0xBD 0xC9 0xA8 ...
---- EOF - GMER 1.0.15 ----
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 000C0600
.text C:\Windows\system32\wbem\wmiprvse.exe[4712] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[5704] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5748] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00181014
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5756] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5872] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Users\John\Desktop\gc5iihlh.exe[5924] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ntdll.dll!LdrLoadDll 775479B3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ntdll.dll!LdrUnloadDll 7755E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] kernel32.dll!GetBinaryTypeW + 70 77361CE8 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!CreateServiceW 764638FF 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!DeleteService 76463BEE 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!SetServiceObjectSecurity 764A66A9 5 Bytes JMP 00171014
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!ChangeServiceConfigA 764A67A9 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!ChangeServiceConfigW 764A6951 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!ChangeServiceConfig2A 764A6A69 5 Bytes JMP 00170C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!ChangeServiceConfig2W 764A6BB1 5 Bytes JMP 00170E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] ADVAPI32.dll!CreateServiceA 764A6C71 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!SetWindowsHookExW 776E7B69 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!SetWinEventHook 776E915C 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!UnhookWinEvent 776EB702 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!SetWindowsHookExA 7770BB0E 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6040] USER32.dll!UnhookWindowsHookEx 777108BE 5 Bytes JMP 00180A08
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8060F6D6] \SystemRoot\System32\Drivers\sppb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8060F042] \SystemRoot\System32\Drivers\sppb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8060F800] \SystemRoot\System32\Drivers\sppb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8060F0C0] \SystemRoot\System32\Drivers\sppb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060F13E] \SystemRoot\System32\Drivers\sppb.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8061EE9C] \SystemRoot\System32\Drivers\sppb.sys
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortWritePortUchar] 83877C2F
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F877C00
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\apj1k8t4.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[736] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00140002
IAT C:\Windows\system32\services.exe[736] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00140000
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74708864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74749855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7470B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746FFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74707A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746FEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7473B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7470BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74700756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747006BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746F71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7478D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74727329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746FE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746F697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746F69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74702475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 84F5F1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{C9795B23-821A-4994-9D98-B77E1CB144B1} 86AAD1F8
Device \Driver\volmgr \Device\VolMgrControl 84F5C1F8
Device \Driver\usbohci \Device\USBPDO-0 862031F8
Device \Driver\usbohci \Device\USBPDO-1 862031F8
Device \Driver\usbehci \Device\USBPDO-2 862041F8
Device \Driver\usbohci \Device\USBPDO-3 862031F8
Device \Driver\usbohci \Device\USBPDO-4 862031F8
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbehci \Device\USBPDO-5 862041F8
Device \Driver\usbohci \Device\USBPDO-6 862031F8
Device \Driver\volmgr \Device\HarddiskVolume1 84F5C1F8
Device \Driver\sptd \Device\2110348712 sppb.sys
Device \Driver\volmgr \Device\HarddiskVolume2 84F5C1F8
Device \Driver\cdrom \Device\CdRom0 861FD1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84F5E1F8
Device \Driver\atapi \Device\Ide\IdePort0 84F5E1F8
Device \Driver\atapi \Device\Ide\IdePort1 84F5E1F8
Device \Driver\atapi \Device\Ide\IdePort2 84F5E1F8
Device \Driver\atapi \Device\Ide\IdePort3 84F5E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 84F5E1F8
Device \Driver\volmgr \Device\HarddiskVolume3 84F5C1F8
Device \Driver\cdrom \Device\CdRom1 861FD1F8
Device \Driver\volmgr \Device\HarddiskVolume4 84F5C1F8
Device \Driver\volmgr \Device\HarddiskVolume5 84F5C1F8
Device \Driver\volmgr \Device\HarddiskVolume6 84F5C1F8
Device \Driver\volmgr \Device\HarddiskVolume7 84F5C1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 86AAD1F8
Device \Driver\PCI_PNP0654 \Device\0000010b sppb.sys
Device \Driver\Smb \Device\NetbiosSmb 86AAE1F8
Device \Driver\iScsiPrt \Device\RaidPort0 8626D1F8
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbohci \Device\USBFDO-0 862031F8
Device \Driver\usbohci \Device\USBFDO-1 862031F8
Device \Driver\usbehci \Device\USBFDO-2 862041F8
Device \Driver\usbohci \Device\USBFDO-3 862031F8
Device \Driver\usbohci \Device\USBFDO-4 862031F8
Device \Driver\usbehci \Device\USBFDO-5 862041F8
Device \Driver\usbohci \Device\USBFDO-6 862031F8
Device \Driver\apj1k8t4 \Device\Scsi\apj1k8t41Port5Path0Target0Lun0 862401F8
Device \Driver\apj1k8t4 \Device\Scsi\apj1k8t41 862401F8
Device \FileSystem\cdfs \Cdfs 8608F1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD8 0xB8 0xA3 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0x9A 0x2D 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x33 0xBD 0xC9 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD8 0xB8 0xA3 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0x9A 0x2D 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x33 0xBD 0xC9 0xA8 ...
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_26
Run by John at 21:34:40 on 2012-02-05
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1790.964 [GMT 0:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\autoclk.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\John\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Users\John\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\issc\IS89C35\wwu.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mytalktalk.co.uk
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1008&m=aspire_m3201
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1008&m=aspire_m3201
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:58444
uInternet Settings,ProxyOverride = 127.0.0.1:9421
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Akamai NetSession Interface] "c:\users\john\appdata\local\akamai\netsession_win.exe"
mRun: [eRecoveryService]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [autoclk] autoclk.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\wwu.lnk - c:\program files\issc\is89c35\wwu.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartc~1.lnk - c:\program files\northstar\smartcopy\SmartCopy.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartl~1.lnk - c:\program files\northstar\smartlauncher\SmartLauncher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{2C38D824-1B05-42DA-9298-171C4C0380F1} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{483E374A-135B-4D09-A563-2F3DE574A6FD} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C9795B23-821A-4994-9D98-B77E1CB144B1} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE68AE08-CA42-470C-9044-68D299269295} : DhcpNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\7wet55yc.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.moneysavingexpert.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58444
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2011-6-6 21728]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-2 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-2 314456]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-10-15 269448]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-2 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-2 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-2-2 44768]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-15 24576]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-8 652360]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
R2 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-9-30 51816]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2011-6-6 278528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-8 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c1f82a381350;Google Update Service (gupdate1c9c1f82a381350);c:\program files\google\update\GoogleUpdate.exe [2009-4-20 133104]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2011-6-6 699896]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-20 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-21 21504]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-6-6 50704]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 W35UNDW;W89C35 802.11bg WLAN USB Adapter Driver;c:\windows\system32\drivers\W35UNDW.SYS [2009-11-5 134656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-02 19:51:56 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-02 19:34:36 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-02 19:34:13 41184 ----a-w- c:\windows\avastSS.scr
2012-02-02 19:34:03 -------- d-----w- c:\programdata\Alwil Software
2012-01-31 21:14:19 -------- d-----w- c:\program files\LP
2012-01-30 20:43:14 -------- d-----w- c:\users\john\appdata\roaming\5E47C
2012-01-30 20:42:40 -------- d-----w- c:\users\john\appdata\roaming\118F0
2012-01-30 20:42:08 -------- d-----w- c:\users\john\appdata\roaming\5245E
2012-01-30 20:41:50 -------- d-----w- c:\users\john\appdata\local\lixoaiir
2012-01-20 16:58:13 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-20 16:58:12 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-20 16:58:12 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-20 16:58:12 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-17 21:45:01 -------- d-----w- c:\users\john\appdata\roaming\Autodesk
2012-01-17 21:41:53 -------- d-----w- C:\Autodesk
2012-01-17 19:34:08 -------- d-----w- c:\users\john\appdata\local\Akamai
.
==================== Find3M ====================
.
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-12 10:56:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:36:19.66 ===============
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_26
Run by John at 21:34:40 on 2012-02-05
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1790.964 [GMT 0:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\autoclk.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\John\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Users\John\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\issc\IS89C35\wwu.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mytalktalk.co.uk
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1008&m=aspire_m3201
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1008&m=aspire_m3201
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:58444
uInternet Settings,ProxyOverride = 127.0.0.1:9421
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Akamai NetSession Interface] "c:\users\john\appdata\local\akamai\netsession_win.exe"
mRun: [eRecoveryService]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [autoclk] autoclk.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\wwu.lnk - c:\program files\issc\is89c35\wwu.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartc~1.lnk - c:\program files\northstar\smartcopy\SmartCopy.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartl~1.lnk - c:\program files\northstar\smartlauncher\SmartLauncher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{2C38D824-1B05-42DA-9298-171C4C0380F1} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{483E374A-135B-4D09-A563-2F3DE574A6FD} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C9795B23-821A-4994-9D98-B77E1CB144B1} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE68AE08-CA42-470C-9044-68D299269295} : DhcpNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\7wet55yc.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.moneysavingexpert.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58444
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2011-6-6 21728]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-2 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-2 314456]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-10-15 269448]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-2 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-2 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-2-2 44768]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-15 24576]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-8 652360]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
R2 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-9-30 51816]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2011-6-6 278528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-8 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c1f82a381350;Google Update Service (gupdate1c9c1f82a381350);c:\program files\google\update\GoogleUpdate.exe [2009-4-20 133104]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2011-6-6 699896]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-20 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-21 21504]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-6-6 50704]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 W35UNDW;W89C35 802.11bg WLAN USB Adapter Driver;c:\windows\system32\drivers\W35UNDW.SYS [2009-11-5 134656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-02 19:51:56 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-02 19:34:36 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-02 19:34:13 41184 ----a-w- c:\windows\avastSS.scr
2012-02-02 19:34:03 -------- d-----w- c:\programdata\Alwil Software
2012-01-31 21:14:19 -------- d-----w- c:\program files\LP
2012-01-30 20:43:14 -------- d-----w- c:\users\john\appdata\roaming\5E47C
2012-01-30 20:42:40 -------- d-----w- c:\users\john\appdata\roaming\118F0
2012-01-30 20:42:08 -------- d-----w- c:\users\john\appdata\roaming\5245E
2012-01-30 20:41:50 -------- d-----w- c:\users\john\appdata\local\lixoaiir
2012-01-20 16:58:13 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-20 16:58:12 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-20 16:58:12 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-20 16:58:12 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-17 21:45:01 -------- d-----w- c:\users\john\appdata\roaming\Autodesk
2012-01-17 21:41:53 -------- d-----w- C:\Autodesk
2012-01-17 19:34:08 -------- d-----w- c:\users\john\appdata\local\Akamai
.
==================== Find3M ====================
.
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-12 10:56:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:36:19.66 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15/10/2008 03:11:30
System Uptime: 05/02/2012 21:16:29 (0 hours ago)
.
Motherboard: Acer | | RS780HVF
Processor: AMD Phenom(tm) 9150e Quad-Core Processor | AM2 | 900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 113 GiB total, 24.566 GiB free.
D: is FIXED (NTFS) - 170 GiB total, 118.957 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0020
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0020
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0028
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0028
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0056
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0056
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0059
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0059
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0061
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0061
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0077
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0077
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0029
Manufacturer: Microsoft
Name: isatap.{80DEE989-467E-43DD-BF0A-4204CA45F1AF}
PNP Device ID: ROOT\*ISATAP\0029
Service: tunnel
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: USB Audio Device
Device ID: USB\VID_046D&PID_08F6&MI_01\6&218ACC2&0&0001
Manufacturer: (Generic USB Audio)
Name: Camera
PNP Device ID: USB\VID_046D&PID_08F6&MI_01\6&218ACC2&0&0001
Service: usbaudio
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Deskjet F4500 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
Acer Arcade Live Main Page
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer eRecovery Management
Acer eSettings Management
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
µTorrent
Audacity 1.2.6
avast! Free Antivirus
Betfair Poker
Bluesoleil2.7.0.8 VoIP Release 070930
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Click to Call with Skype
Compatibility Pack for the 2007 Office system
Copy
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DJ_AIO_06_F4500_SW_MIN
eSobi v2
F4500
getPlus(R) for Adobe
Google Earth
Google Update Helper
Google Updater
GPBaseService2
Graboid Video 1.73
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
ISSC WLAN
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Ladbrokes Poker
LAME v3.98.3 for Audacity
LightScribe 1.4.142.1
LTYT MP3 Converter 1.1
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 9.0.1 (x86 en-GB)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WNA3100 wireless USB 2.0 adapter
Network
Nitro PDF Reader 2
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OGA Notifier 2.0.0048.0
PG583_32_inf
PokerStars
PrimoPDF -- brought to you by Nitro PDF Software
PS3 Media Server
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
SAGEM F@st 800-840
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Skins
Skype™ 5.5
SmartCopy
SmartLauncher
SmartWebPrinting
SolutionCenter
SopCast 3.2.4
Spotify
Status
Toolbox
Tournament Indicator 1.2.0
TrayApp
TVAnts 1.0
TVersity Codec Pack 1.7
TVersity Media Server 1.9.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
Virgin Poker
VLC media player 1.1.11
Vuze
WebReg
William Hill Poker
Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
Xiph.Org Open Codecs 0.85.17777
Xvid 1.2.1 final uninstall
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
31/01/2012 21:17:03, Error: EventLog [6008] - The previous system shutdown at 21:14:50 on 31/01/2012 was unexpected.
30/01/2012 07:22:20, Error: EventLog [6008] - The previous system shutdown at 01:11:32 on 30/01/2012 was unexpected.
29/01/2012 15:05:44, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.0.0.5 for the Network Card with network address E091F545C049 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
29/01/2012 13:37:16, Error: EventLog [6008] - The previous system shutdown at 13:35:26 on 29/01/2012 was unexpected.
29/01/2012 07:55:42, Error: Service Control Manager [7031] - The TVersity Media Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
29/01/2012 07:55:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSWNA3100 service.
29/01/2012 02:45:08, Error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
04/02/2012 11:07:18, Error: EventLog [6008] - The previous system shutdown at 23:11:13 on 03/02/2012 was unexpected.
03/02/2012 06:34:35, Error: PlugPlayManager [10] - Error writing to server side install pipe
02/02/2012 20:01:46, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15/10/2008 03:11:30
System Uptime: 05/02/2012 21:16:29 (0 hours ago)
.
Motherboard: Acer | | RS780HVF
Processor: AMD Phenom(tm) 9150e Quad-Core Processor | AM2 | 900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 113 GiB total, 24.566 GiB free.
D: is FIXED (NTFS) - 170 GiB total, 118.957 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0020
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0020
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0028
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0028
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0056
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0056
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0059
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0059
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0061
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0061
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0077
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0077
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0029
Manufacturer: Microsoft
Name: isatap.{80DEE989-467E-43DD-BF0A-4204CA45F1AF}
PNP Device ID: ROOT\*ISATAP\0029
Service: tunnel
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: USB Audio Device
Device ID: USB\VID_046D&PID_08F6&MI_01\6&218ACC2&0&0001
Manufacturer: (Generic USB Audio)
Name: Camera
PNP Device ID: USB\VID_046D&PID_08F6&MI_01\6&218ACC2&0&0001
Service: usbaudio
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Deskjet F4500 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
Acer Arcade Live Main Page
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer eRecovery Management
Acer eSettings Management
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
µTorrent
Audacity 1.2.6
avast! Free Antivirus
Betfair Poker
Bluesoleil2.7.0.8 VoIP Release 070930
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Click to Call with Skype
Compatibility Pack for the 2007 Office system
Copy
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DJ_AIO_06_F4500_SW_MIN
eSobi v2
F4500
getPlus(R) for Adobe
Google Earth
Google Update Helper
Google Updater
GPBaseService2
Graboid Video 1.73
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
ISSC WLAN
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Ladbrokes Poker
LAME v3.98.3 for Audacity
LightScribe 1.4.142.1
LTYT MP3 Converter 1.1
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 9.0.1 (x86 en-GB)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WNA3100 wireless USB 2.0 adapter
Network
Nitro PDF Reader 2
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OGA Notifier 2.0.0048.0
PG583_32_inf
PokerStars
PrimoPDF -- brought to you by Nitro PDF Software
PS3 Media Server
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
SAGEM F@st 800-840
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Skins
Skype™ 5.5
SmartCopy
SmartLauncher
SmartWebPrinting
SolutionCenter
SopCast 3.2.4
Spotify
Status
Toolbox
Tournament Indicator 1.2.0
TrayApp
TVAnts 1.0
TVersity Codec Pack 1.7
TVersity Media Server 1.9.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
Virgin Poker
VLC media player 1.1.11
Vuze
WebReg
William Hill Poker
Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
Xiph.Org Open Codecs 0.85.17777
Xvid 1.2.1 final uninstall
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
31/01/2012 21:17:03, Error: EventLog [6008] - The previous system shutdown at 21:14:50 on 31/01/2012 was unexpected.
30/01/2012 07:22:20, Error: EventLog [6008] - The previous system shutdown at 01:11:32 on 30/01/2012 was unexpected.
29/01/2012 15:05:44, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.0.0.5 for the Network Card with network address E091F545C049 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
29/01/2012 13:37:16, Error: EventLog [6008] - The previous system shutdown at 13:35:26 on 29/01/2012 was unexpected.
29/01/2012 07:55:42, Error: Service Control Manager [7031] - The TVersity Media Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
29/01/2012 07:55:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSWNA3100 service.
29/01/2012 02:45:08, Error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
04/02/2012 11:07:18, Error: EventLog [6008] - The previous system shutdown at 23:11:13 on 03/02/2012 was unexpected.
03/02/2012 06:34:35, Error: PlugPlayManager [10] - Error writing to server side install pipe
02/02/2012 20:01:46, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================
Broni
Posts: 56,041 +516
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
============================================================
Download Bootkit Remover to your Desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
============================================================
Download Bootkit Remover to your Desktop.
- Unzip downloaded file to your Desktop.
- Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
- It will show a Black screen with some data on it.
- Right click on the screen and click Select All.
- Press CTRL+C
- Open a Notepad and press CTRL+V
- Post the output back here.
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-05 23:02:20
-----------------------------
23:02:20.872 OS Version: Windows 6.0.6001 Service Pack 1
23:02:20.872 Number of processors: 4 586 0x203
23:02:20.877 ComputerName: JOHN-PC UserName: John
23:02:22.035 Initialize success
23:02:22.638 AVAST engine defs: 12020503
23:03:19.918 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:03:19.918 Disk 0 Vendor: WDC_WD3200AAJS-22B4A0 01.03A01 Size: 305245MB BusType: 3
23:03:19.950 Disk 0 MBR read successfully
23:03:19.965 Disk 0 MBR scan
23:03:19.965 Disk 0 unknown MBR code
23:03:19.981 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
23:03:19.996 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 116076 MB offset 30734336
23:03:20.012 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 174161 MB offset 268457984
23:03:20.043 Disk 0 scanning sectors +625139712
23:03:20.168 Disk 0 scanning C:\Windows\system32\drivers
23:03:31.462 Service scanning
23:03:33.100 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
23:03:33.802 Modules scanning
23:03:38.342 Disk 0 trace - called modules:
23:03:38.389 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84f5e1f8]<<
23:03:38.404 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85069ac8]
23:03:38.420 3 CLASSPNP.SYS[87ba8745] -> nt!IofCallDriver -> [0x850bd638]
23:03:38.436 5 acpi.sys[807416a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b2648]
23:03:38.436 \Driver\atapi[0x840b5f38] -> IRP_MJ_CREATE -> 0x84f5e1f8
23:03:38.919 AVAST engine scan C:\Windows
23:03:41.634 AVAST engine scan C:\Windows\system32
23:06:15.278 AVAST engine scan C:\Windows\system32\drivers
23:06:24.482 AVAST engine scan C:\Users\John
23:18:15.889 File: C:\Users\John\AppData\Local\Temp\ltnvmktohvooxocd.exe **INFECTED** Win32:SmokeLoader-EG [Trj]
23:18:59.506 File: C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\559c9977-1f015bf9 **INFECTED** Win32:SmokeLoader-EG [Trj]
23:30:41.912 AVAST engine scan C:\ProgramData
23:35:22.790 Scan finished successfully
23:37:21.478 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
23:37:21.492 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"
Run date: 2012-02-05 23:02:20
-----------------------------
23:02:20.872 OS Version: Windows 6.0.6001 Service Pack 1
23:02:20.872 Number of processors: 4 586 0x203
23:02:20.877 ComputerName: JOHN-PC UserName: John
23:02:22.035 Initialize success
23:02:22.638 AVAST engine defs: 12020503
23:03:19.918 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:03:19.918 Disk 0 Vendor: WDC_WD3200AAJS-22B4A0 01.03A01 Size: 305245MB BusType: 3
23:03:19.950 Disk 0 MBR read successfully
23:03:19.965 Disk 0 MBR scan
23:03:19.965 Disk 0 unknown MBR code
23:03:19.981 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
23:03:19.996 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 116076 MB offset 30734336
23:03:20.012 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 174161 MB offset 268457984
23:03:20.043 Disk 0 scanning sectors +625139712
23:03:20.168 Disk 0 scanning C:\Windows\system32\drivers
23:03:31.462 Service scanning
23:03:33.100 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
23:03:33.802 Modules scanning
23:03:38.342 Disk 0 trace - called modules:
23:03:38.389 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84f5e1f8]<<
23:03:38.404 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85069ac8]
23:03:38.420 3 CLASSPNP.SYS[87ba8745] -> nt!IofCallDriver -> [0x850bd638]
23:03:38.436 5 acpi.sys[807416a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b2648]
23:03:38.436 \Driver\atapi[0x840b5f38] -> IRP_MJ_CREATE -> 0x84f5e1f8
23:03:38.919 AVAST engine scan C:\Windows
23:03:41.634 AVAST engine scan C:\Windows\system32
23:06:15.278 AVAST engine scan C:\Windows\system32\drivers
23:06:24.482 AVAST engine scan C:\Users\John
23:18:15.889 File: C:\Users\John\AppData\Local\Temp\ltnvmktohvooxocd.exe **INFECTED** Win32:SmokeLoader-EG [Trj]
23:18:59.506 File: C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\559c9977-1f015bf9 **INFECTED** Win32:SmokeLoader-EG [Trj]
23:30:41.912 AVAST engine scan C:\ProgramData
23:35:22.790 Scan finished successfully
23:37:21.478 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
23:37:21.492 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
001), 32-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`a9f00000
Boot sector MD5 is: 08c6d97449fb1d8bcab9d003ed787166
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code
Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
Done;
Press any key to quit...
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
001), 32-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`a9f00000
Boot sector MD5 is: 08c6d97449fb1d8bcab9d003ed787166
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code
Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
Done;
Press any key to quit...
Broni
Posts: 56,041 +516
Please download and run ListParts by Farbar (for 32-bit system)
Please download and run ListParts64 by Farbar (for 64-bit system)
Click on Scan button.
Scan result will open in Notepad.
Post it in your next reply.
Please download and run ListParts64 by Farbar (for 64-bit system)
Click on Scan button.
Scan result will open in Notepad.
Post it in your next reply.
ListParts by Farbar
Ran by John on 06-02-2012 at 17:14:52
Windows Vista (X86)
Running From: C:\Users\John\Desktop
************************************************************
========================= Memory info ======================
Percentage of memory in use: 44%
Total physical RAM: 1790.45 MB
Available physical RAM: 985.87 MB
Total Pagefile: 3829.44 MB
Available Pagefile: 2759.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.21 MB
======================= Partitions =========================
1 Drive c: (ACER) (Fixed) (Total:113.36 GB) (Free:24.59 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (DATA) (Fixed) (Total:170.08 GB) (Free:118.96 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 15 GB 32 KB
Partition 2 Primary 113 GB 15 GB
Partition 3 Primary 170 GB 128 GB
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
There is no volume associated with this partition.
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C ACER NTFS Partition 113 GB Healthy System (partition with boot components)
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATA NTFS Partition 170 GB Healthy
****** End Of Log ******
Ran by John on 06-02-2012 at 17:14:52
Windows Vista (X86)
Running From: C:\Users\John\Desktop
************************************************************
========================= Memory info ======================
Percentage of memory in use: 44%
Total physical RAM: 1790.45 MB
Available physical RAM: 985.87 MB
Total Pagefile: 3829.44 MB
Available Pagefile: 2759.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.21 MB
======================= Partitions =========================
1 Drive c: (ACER) (Fixed) (Total:113.36 GB) (Free:24.59 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (DATA) (Fixed) (Total:170.08 GB) (Free:118.96 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 15 GB 32 KB
Partition 2 Primary 113 GB 15 GB
Partition 3 Primary 170 GB 128 GB
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
There is no volume associated with this partition.
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C ACER NTFS Partition 113 GB Healthy System (partition with boot components)
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATA NTFS Partition 170 GB Healthy
****** End Of Log ******
Broni
Posts: 56,041 +516
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode (How to...)
2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE 2. If Combofix asks you to update the program, always do so.- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode (How to...)
2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
ComboFix 12-02-06.02 - John 06/02/2012 21:39:26.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1790.947 [GMT 0:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\users\John\AppData\Local\aynqndqy.log
c:\users\John\AppData\Local\hfqwfair.log
c:\users\John\AppData\Local\jbktrymx.log
c:\users\John\AppData\Local\npajtimv.log
c:\users\John\AppData\Local\vgwgeheb.log
c:\users\John\AppData\Local\wgmycohu.log
c:\users\John\AppData\Roaming\.#
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\~GLH0000.TMP
c:\windows\~GLH0001.TMP
c:\windows\~GLH0002.TMP
c:\windows\~GLH0003.TMP
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-02 19:51 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-02 19:34 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-02 19:34 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-02 19:34 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-02 19:34 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-02 19:34 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-02 19:34 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-02 19:34 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-02 19:34 . 2012-02-02 19:34 -------- d-----w- c:\programdata\Alwil Software
2012-02-02 19:34 . 2012-02-02 19:34 -------- d-----w- c:\program files\Alwil Software
2012-01-30 20:43 . 2012-02-02 21:30 -------- d-----w- c:\users\John\AppData\Roaming\5E47C
2012-01-30 20:42 . 2012-02-02 21:30 -------- d-----w- c:\users\John\AppData\Roaming\118F0
2012-01-30 20:42 . 2012-02-02 21:30 -------- d-----w- c:\users\John\AppData\Roaming\5245E
2012-01-30 20:41 . 2012-02-03 22:03 -------- d-----w- c:\users\John\AppData\Local\lixoaiir
2012-01-20 16:58 . 2012-01-20 16:58 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-20 16:58 . 2012-01-20 16:58 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-20 16:58 . 2012-01-20 16:58 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-20 16:58 . 2012-01-20 16:58 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-17 21:45 . 2012-01-17 21:45 -------- d-----w- c:\users\John\AppData\Roaming\Autodesk
2012-01-17 21:45 . 2012-01-17 21:45 -------- d-----w- c:\programdata\Autodesk
2012-01-17 21:41 . 2012-01-17 21:41 -------- d-----w- C:\Autodesk
2012-01-17 19:34 . 2012-01-25 17:49 -------- d-----w- c:\users\John\AppData\Local\Akamai
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 15:24 . 2009-10-08 15:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-12 10:56 . 2011-06-14 10:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-20 16:58 . 2011-05-13 17:02 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Akamai NetSession Interface"="c:\users\John\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-21 204908]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-06-02 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"autoclk"="autoclk.exe" [2003-01-30 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WWU.lnk - c:\program files\issc\IS89C35\wwu.exe [2009-11-5 955392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-12-30 962663]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-6-6 4562944]
SmartCopy.lnk - c:\program files\Northstar\SmartCopy\SmartCopy.exe [2008-10-15 319488]
SmartLauncher.lnk - c:\program files\Northstar\SmartLauncher\SmartLauncher.exe [2008-10-15 335872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1158918320-972893686-2015174526-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-21 269448]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-20 09:59]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 20:39]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1008&m=aspire_m3201
uInternet Settings,ProxyServer = http=127.0.0.1:58444
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7wet55yc.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.moneysavingexpert.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58444
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-eRecoveryService - (no file)
AddRemove-ISSC WLAN - c:\progra~1\issc\IS89C35\UNWISE.EXE
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-06 21:54
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1772)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
.
**************************************************************************
.
Completion time: 2012-02-06 22:04:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-06 22:04
.
Pre-Run: 25,385,607,168 bytes free
Post-Run: 26,095,390,720 bytes free
.
- - End Of File - - E4D0D9E8B8A432636E285A9227EAF203
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1790.947 [GMT 0:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\users\John\AppData\Local\aynqndqy.log
c:\users\John\AppData\Local\hfqwfair.log
c:\users\John\AppData\Local\jbktrymx.log
c:\users\John\AppData\Local\npajtimv.log
c:\users\John\AppData\Local\vgwgeheb.log
c:\users\John\AppData\Local\wgmycohu.log
c:\users\John\AppData\Roaming\.#
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\~GLH0000.TMP
c:\windows\~GLH0001.TMP
c:\windows\~GLH0002.TMP
c:\windows\~GLH0003.TMP
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-02 19:51 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-02 19:34 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-02 19:34 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-02 19:34 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-02 19:34 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-02 19:34 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-02 19:34 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-02 19:34 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-02 19:34 . 2012-02-02 19:34 -------- d-----w- c:\programdata\Alwil Software
2012-02-02 19:34 . 2012-02-02 19:34 -------- d-----w- c:\program files\Alwil Software
2012-01-30 20:43 . 2012-02-02 21:30 -------- d-----w- c:\users\John\AppData\Roaming\5E47C
2012-01-30 20:42 . 2012-02-02 21:30 -------- d-----w- c:\users\John\AppData\Roaming\118F0
2012-01-30 20:42 . 2012-02-02 21:30 -------- d-----w- c:\users\John\AppData\Roaming\5245E
2012-01-30 20:41 . 2012-02-03 22:03 -------- d-----w- c:\users\John\AppData\Local\lixoaiir
2012-01-20 16:58 . 2012-01-20 16:58 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-20 16:58 . 2012-01-20 16:58 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-20 16:58 . 2012-01-20 16:58 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-20 16:58 . 2012-01-20 16:58 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-17 21:45 . 2012-01-17 21:45 -------- d-----w- c:\users\John\AppData\Roaming\Autodesk
2012-01-17 21:45 . 2012-01-17 21:45 -------- d-----w- c:\programdata\Autodesk
2012-01-17 21:41 . 2012-01-17 21:41 -------- d-----w- C:\Autodesk
2012-01-17 19:34 . 2012-01-25 17:49 -------- d-----w- c:\users\John\AppData\Local\Akamai
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 15:24 . 2009-10-08 15:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-12 10:56 . 2011-06-14 10:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-20 16:58 . 2011-05-13 17:02 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Akamai NetSession Interface"="c:\users\John\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-21 204908]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-06-02 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"autoclk"="autoclk.exe" [2003-01-30 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WWU.lnk - c:\program files\issc\IS89C35\wwu.exe [2009-11-5 955392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-12-30 962663]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-6-6 4562944]
SmartCopy.lnk - c:\program files\Northstar\SmartCopy\SmartCopy.exe [2008-10-15 319488]
SmartLauncher.lnk - c:\program files\Northstar\SmartLauncher\SmartLauncher.exe [2008-10-15 335872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1158918320-972893686-2015174526-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-21 269448]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-20 09:59]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 20:39]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1008&m=aspire_m3201
uInternet Settings,ProxyServer = http=127.0.0.1:58444
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7wet55yc.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.moneysavingexpert.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58444
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-eRecoveryService - (no file)
AddRemove-ISSC WLAN - c:\progra~1\issc\IS89C35\UNWISE.EXE
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-06 21:54
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1772)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
.
**************************************************************************
.
Completion time: 2012-02-06 22:04:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-06 22:04
.
Pre-Run: 25,385,607,168 bytes free
Post-Run: 26,095,390,720 bytes free
.
- - End Of File - - E4D0D9E8B8A432636E285A9227EAF203
Broni
Posts: 56,041 +516
Looks good.
How is computer doing?
Download OTL to your Desktop.
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
How is computer doing?
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
OTL logfile created on: 07/02/2012 20:30:41 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 65.78% Memory free
3.74 Gb Paging File | 2.69 Gb Available in Paging File | 71.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.36 Gb Total Space | 25.61 Gb Free Space | 22.59% Space Free | Partition Type: NTFS
Drive D: | 170.08 Gb Total Space | 118.96 Gb Free Space | 69.94% Space Free | Partition Type: NTFS
Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/02/07 20:28:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/23 05:57:30 | 003,334,432 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\John\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/07/29 19:31:40 | 001,249,064 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2011/06/21 17:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2011/03/21 18:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/11 23:57:02 | 000,319,488 | ---- | M] () -- C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
PRC - [2008/07/30 00:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/30 00:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/06/02 16:26:38 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/06/02 16:26:22 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008/06/02 16:26:08 | 000,376,832 | ---- | M] (acer) -- C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
PRC - [2008/06/02 16:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/05/21 00:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/05/20 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/30 09:16:40 | 000,166,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2007/09/30 09:16:38 | 000,051,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
PRC - [2006/09/12 15:35:34 | 000,955,392 | ---- | M] (Integrated System Solution Corp.) -- C:\Program Files\issc\IS89C35\wwu.exe
PRC - [2003/07/08 11:22:00 | 000,962,663 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
PRC - [2003/01/30 08:48:24 | 000,143,360 | ---- | M] () -- C:\Windows\autoclk.exe
========== Modules (No Company Name) ==========
MOD - [2011/06/16 11:48:17 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011/06/16 11:45:30 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011/06/16 11:45:23 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/06/16 11:45:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/16 11:43:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/16 11:42:52 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/16 11:42:38 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/16 11:41:15 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/16 11:40:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/03/21 18:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 18:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2008/10/15 02:36:52 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3009.0__739b31b1908c49e5\Framework.UIComponent.dll
MOD - [2008/10/15 02:36:52 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008/10/15 02:36:52 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008/10/15 02:36:52 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
MOD - [2008/10/15 02:36:52 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008/10/15 02:36:52 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
MOD - [2008/10/15 02:10:11 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2990.36961__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/10/15 02:10:11 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2990.37179__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/10/15 02:10:11 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2990.36918__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/10/15 02:10:11 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2990.36974__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/10/15 02:10:11 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2990.37146__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/10/15 02:10:11 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2990.37110__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/10/15 02:10:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2990.36953__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/10/15 02:10:11 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2990.37068__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/10/15 02:10:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2990.36939__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:58 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2990.37118__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:58 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2990.37177__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:58 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2990.37184__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:58 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2990.37125__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/10/15 02:09:58 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2990.36932__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:58 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2990.37118__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2990.37177__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:57 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2990.37076__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:57 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2990.36986__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:57 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2990.37070__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:57 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2990.37062__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:57 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2990.36940__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:57 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2990.37138__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/10/15 02:09:57 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2990.36980__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:57 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2990.37090__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:57 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2990.37076__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:57 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2990.37068__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2990.36992__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2990.37075__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:57 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2990.37089__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:57 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2990.37103__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/10/15 02:09:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/10/15 02:09:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/10/15 02:09:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/10/15 02:09:56 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/10/15 02:09:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/10/15 02:09:56 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/10/15 02:09:56 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/10/15 02:09:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/10/15 02:09:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/10/15 02:09:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/10/15 02:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/10/15 02:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/10/15 02:09:51 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2990.36947__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/10/15 02:09:51 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2990.37161__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008/10/15 02:09:51 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2990.37169__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/10/15 02:09:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2990.36911__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/10/15 02:09:51 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2990.37168__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/10/15 02:09:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/10/15 02:09:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/10/15 02:09:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2990.37194__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/10/15 02:09:51 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/10/15 02:09:51 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/10/15 02:09:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/10/15 02:09:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/10/15 02:09:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008/10/15 02:09:51 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2990.37205__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008/10/15 02:09:51 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2990.36910__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/10/15 02:09:50 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2990.36926__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/10/15 02:09:50 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2990.36911__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/10/15 02:09:50 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2990.36909__90ba9c70f846762e\APM.Server.dll
MOD - [2008/10/15 02:09:50 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2990.36910__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/10/15 02:09:50 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/10/15 02:09:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2990.37169__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/10/15 02:09:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/10/15 02:09:50 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/08/11 23:57:02 | 000,319,488 | ---- | M] () -- C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
MOD - [2008/07/30 00:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008/06/02 16:26:38 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
MOD - [2008/06/02 16:26:22 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
MOD - [2008/06/02 16:25:36 | 000,013,824 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Presenter.dll
MOD - [2008/06/02 16:25:00 | 001,822,720 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.AppBar.dll
MOD - [2008/04/28 16:49:18 | 000,002,560 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2008/04/23 17:56:34 | 000,020,480 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.QuickMenu.dll
MOD - [2008/03/09 14:01:08 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/02/21 00:30:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2003/07/08 11:22:00 | 000,962,663 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
MOD - [2003/06/06 08:59:18 | 000,081,920 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\languages\english.dll
MOD - [2003/01/30 08:48:24 | 000,143,360 | ---- | M] () -- C:\Windows\autoclk.exe
========== Win32 Services (SafeList) ==========
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/29 19:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2011/06/21 17:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/08/13 08:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/01/12 10:11:24 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2008/07/30 00:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/06/02 16:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/05/21 00:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/30 09:16:40 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2007/09/30 09:16:38 | 000,051,816 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
========== Driver Services (SafeList) ==========
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 17:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/06 07:37:20 | 000,699,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
DRV - [2009/05/08 15:08:54 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/06/02 16:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/09 14:58:42 | 003,533,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/02/25 23:29:24 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2008/02/25 23:29:24 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/12/19 06:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/06/24 21:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/06/24 21:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/03/05 20:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/05 20:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 20:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/05 20:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 20:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2007/01/19 17:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP)
DRV - [2006/12/26 13:20:22 | 000,134,656 | ---- | M] (Integrated System Solution Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\W35UNDW.SYS -- (W35UNDW)
DRV - [2006/10/30 03:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/07/17 16:48:44 | 000,046,167 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2003/03/27 13:38:44 | 000,127,145 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adiusbaw.sys -- (adiusbaw)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1008&m=aspire_m3201
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58444
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://forums.moneysavingexpert.com/"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58444
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 18:43:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/14 12:57:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/14 12:57:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/20 16:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/17 19:19:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 18:43:24 | 000,000,000 | ---D | M]
[2008/12/30 19:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2011/10/14 11:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7wet55yc.default\extensions
[2011/10/14 11:31:15 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7wet55yc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/09/18 16:30:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7wet55yc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/23 16:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/30 21:54:23 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/20 16:58:16 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/20 16:58:09 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/20 16:58:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/20 16:58:09 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/20 16:58:09 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/20 16:58:09 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 65.78% Memory free
3.74 Gb Paging File | 2.69 Gb Available in Paging File | 71.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.36 Gb Total Space | 25.61 Gb Free Space | 22.59% Space Free | Partition Type: NTFS
Drive D: | 170.08 Gb Total Space | 118.96 Gb Free Space | 69.94% Space Free | Partition Type: NTFS
Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/02/07 20:28:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/23 05:57:30 | 003,334,432 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\John\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/07/29 19:31:40 | 001,249,064 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2011/06/21 17:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2011/03/21 18:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/11 23:57:02 | 000,319,488 | ---- | M] () -- C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
PRC - [2008/07/30 00:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/30 00:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/06/02 16:26:38 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/06/02 16:26:22 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008/06/02 16:26:08 | 000,376,832 | ---- | M] (acer) -- C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
PRC - [2008/06/02 16:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/05/21 00:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/05/20 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/30 09:16:40 | 000,166,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2007/09/30 09:16:38 | 000,051,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
PRC - [2006/09/12 15:35:34 | 000,955,392 | ---- | M] (Integrated System Solution Corp.) -- C:\Program Files\issc\IS89C35\wwu.exe
PRC - [2003/07/08 11:22:00 | 000,962,663 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
PRC - [2003/01/30 08:48:24 | 000,143,360 | ---- | M] () -- C:\Windows\autoclk.exe
========== Modules (No Company Name) ==========
MOD - [2011/06/16 11:48:17 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011/06/16 11:45:30 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011/06/16 11:45:23 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/06/16 11:45:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/16 11:43:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/16 11:42:52 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/16 11:42:38 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/16 11:41:15 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/16 11:40:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/03/21 18:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 18:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2008/10/15 02:36:52 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3009.0__739b31b1908c49e5\Framework.UIComponent.dll
MOD - [2008/10/15 02:36:52 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008/10/15 02:36:52 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008/10/15 02:36:52 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
MOD - [2008/10/15 02:36:52 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008/10/15 02:36:52 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
MOD - [2008/10/15 02:10:11 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2990.36961__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/10/15 02:10:11 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2990.37179__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/10/15 02:10:11 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2990.36918__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/10/15 02:10:11 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2990.36974__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/10/15 02:10:11 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2990.37146__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/10/15 02:10:11 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2990.37110__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/10/15 02:10:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2990.36953__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/10/15 02:10:11 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2990.37068__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/10/15 02:10:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2990.36939__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:58 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2990.37118__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:58 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2990.37177__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:58 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2990.37184__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:58 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2990.37125__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/10/15 02:09:58 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2990.36932__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:58 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2990.37118__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2990.37177__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:57 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2990.37076__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:57 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2990.36986__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:57 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2990.37070__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:57 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2990.37062__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:57 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2990.36940__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:57 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2990.37138__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/10/15 02:09:57 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2990.36980__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:57 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2990.37090__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/10/15 02:09:57 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2990.37076__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:57 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2990.37068__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2990.36992__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2990.37075__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:57 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2990.37089__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:57 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2990.37103__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/10/15 02:09:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/10/15 02:09:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/10/15 02:09:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/10/15 02:09:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/10/15 02:09:56 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/10/15 02:09:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/10/15 02:09:56 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/10/15 02:09:56 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/10/15 02:09:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/10/15 02:09:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/10/15 02:09:56 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/10/15 02:09:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/10/15 02:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/10/15 02:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/10/15 02:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/10/15 02:09:51 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2990.36947__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/10/15 02:09:51 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2990.37161__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008/10/15 02:09:51 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2990.37169__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/10/15 02:09:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2990.36911__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/10/15 02:09:51 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2990.37168__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/10/15 02:09:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/10/15 02:09:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/10/15 02:09:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2990.37194__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/10/15 02:09:51 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/10/15 02:09:51 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/10/15 02:09:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/10/15 02:09:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/10/15 02:09:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008/10/15 02:09:51 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2990.37205__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008/10/15 02:09:51 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2990.36910__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/10/15 02:09:50 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2990.36926__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/10/15 02:09:50 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2990.36911__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/10/15 02:09:50 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2990.36909__90ba9c70f846762e\APM.Server.dll
MOD - [2008/10/15 02:09:50 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2990.36910__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/10/15 02:09:50 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/10/15 02:09:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2990.37169__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/10/15 02:09:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/10/15 02:09:50 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/08/11 23:57:02 | 000,319,488 | ---- | M] () -- C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
MOD - [2008/07/30 00:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008/06/02 16:26:38 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
MOD - [2008/06/02 16:26:22 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
MOD - [2008/06/02 16:25:36 | 000,013,824 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Presenter.dll
MOD - [2008/06/02 16:25:00 | 001,822,720 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.AppBar.dll
MOD - [2008/04/28 16:49:18 | 000,002,560 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2008/04/23 17:56:34 | 000,020,480 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.QuickMenu.dll
MOD - [2008/03/09 14:01:08 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/02/21 00:30:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2003/07/08 11:22:00 | 000,962,663 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
MOD - [2003/06/06 08:59:18 | 000,081,920 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\languages\english.dll
MOD - [2003/01/30 08:48:24 | 000,143,360 | ---- | M] () -- C:\Windows\autoclk.exe
========== Win32 Services (SafeList) ==========
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/29 19:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2011/06/21 17:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/08/13 08:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/01/12 10:11:24 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2008/07/30 00:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/06/02 16:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/05/21 00:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/30 09:16:40 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2007/09/30 09:16:38 | 000,051,816 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
========== Driver Services (SafeList) ==========
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 17:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/06 07:37:20 | 000,699,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
DRV - [2009/05/08 15:08:54 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/06/02 16:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/09 14:58:42 | 003,533,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/02/25 23:29:24 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2008/02/25 23:29:24 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/12/19 06:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/06/24 21:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/06/24 21:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/03/05 20:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/05 20:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 20:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/05 20:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 20:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2007/01/19 17:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP)
DRV - [2006/12/26 13:20:22 | 000,134,656 | ---- | M] (Integrated System Solution Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\W35UNDW.SYS -- (W35UNDW)
DRV - [2006/10/30 03:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/07/17 16:48:44 | 000,046,167 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2003/03/27 13:38:44 | 000,127,145 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adiusbaw.sys -- (adiusbaw)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1008&m=aspire_m3201
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
IE - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58444
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://forums.moneysavingexpert.com/"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58444
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 18:43:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/14 12:57:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/14 12:57:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/20 16:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/17 19:19:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 18:43:24 | 000,000,000 | ---D | M]
[2008/12/30 19:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2011/10/14 11:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7wet55yc.default\extensions
[2011/10/14 11:31:15 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7wet55yc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/09/18 16:30:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7wet55yc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/23 16:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/30 21:54:23 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/20 16:58:16 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/20 16:58:09 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/20 16:58:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/20 16:58:09 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/20 16:58:09 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/20 16:58:09 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2012/02/06 21:54:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [autoclk] C:\Windows\autoclk.exe ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000..\Run: [Akamai NetSession Interface] C:\Users\John\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WWU.lnk = C:\Program Files\issc\IS89C35\wwu.exe (Integrated System Solution Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C38D824-1B05-42DA-9298-171C4C0380F1}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{483E374A-135B-4D09-A563-2F3DE574A6FD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9795B23-821A-4994-9D98-B77E1CB144B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE68AE08-CA42-470C-9044-68D299269295}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/17 21:41:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/02/06 22:04:22 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\temp
[2012/02/06 21:54:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/06 21:36:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/06 21:36:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/06 21:36:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/06 21:36:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/06 21:36:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/06 21:33:43 | 004,397,604 | R--- | C] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2012/02/05 23:39:21 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\John\Desktop\boot_cleaner.exe
[2012/02/05 23:00:46 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/02/05 21:33:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2012/02/05 15:13:02 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/02 19:51:56 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/02 19:34:44 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/02 19:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/02 19:34:43 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/02 19:34:42 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/02/02 19:34:40 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/02 19:34:36 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/02 19:34:13 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/02 19:34:13 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/02 19:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/02/02 19:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/02/01 18:46:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/01/30 20:43:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\5E47C
[2012/01/30 20:42:40 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\118F0
[2012/01/30 20:42:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\5245E
[2012/01/30 20:41:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\lixoaiir
[2012/01/17 21:45:01 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Autodesk
[2012/01/17 21:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2012/01/17 21:41:53 | 000,000,000 | ---D | C] -- C:\Autodesk
[2012/01/17 19:34:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Akamai
[2008/07/22 08:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 30 Days ==========
[2012/02/07 20:28:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/02/07 20:25:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 20:25:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 19:54:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/07 18:32:18 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/07 18:32:18 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/07 18:25:52 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/02/07 18:25:52 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/02/07 18:25:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/07 18:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/06 21:54:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/06 21:34:06 | 004,397,604 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2012/02/06 17:14:12 | 000,303,059 | ---- | M] () -- C:\Users\John\Desktop\ListParts.exe
[2012/02/05 23:38:57 | 000,044,607 | ---- | M] () -- C:\Users\John\Desktop\bootkit_remover.zip
[2012/02/05 23:37:21 | 000,000,512 | ---- | M] () -- C:\Users\John\Desktop\MBR.dat
[2012/02/05 23:01:11 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/02/05 21:33:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2012/02/05 20:08:11 | 000,302,592 | ---- | M] () -- C:\Users\John\Desktop\gc5iihlh.exe
[2012/02/05 15:14:10 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/05 15:13:09 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/05 10:23:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/02 23:22:04 | 000,000,680 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2012/02/02 19:51:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/02 19:34:44 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/01 18:42:24 | 000,003,742 | ---- | M] () -- C:\Users\John\Desktop\blogin.g
[2012/01/31 21:48:21 | 000,000,000 | ---- | M] () -- C:\Users\John\Desktop\123.exe
[2012/01/30 20:42:00 | 000,000,692 | ---- | M] () -- C:\Users\John\Desktop\Internet Security.lnk
[2012/01/29 13:37:09 | 218,180,837 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/17 19:37:50 | 222,364,016 | ---- | M] () -- C:\Users\John\Desktop\SetupDWGTrueView2012_32bit.exe
[2012/01/17 19:33:14 | 008,449,616 | ---- | M] () -- C:\Users\John\Desktop\installer.exe
[2012/01/17 19:19:30 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
========== Files Created - No Company Name ==========
[2012/02/06 21:36:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/06 21:36:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/06 21:36:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/06 21:36:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/06 21:36:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/06 17:14:11 | 000,303,059 | ---- | C] () -- C:\Users\John\Desktop\ListParts.exe
[2012/02/05 23:38:55 | 000,044,607 | ---- | C] () -- C:\Users\John\Desktop\bootkit_remover.zip
[2012/02/05 23:37:21 | 000,000,512 | ---- | C] () -- C:\Users\John\Desktop\MBR.dat
[2012/02/05 20:08:10 | 000,302,592 | ---- | C] () -- C:\Users\John\Desktop\gc5iihlh.exe
[2012/02/05 15:14:10 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/02 19:34:44 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/01 18:42:23 | 000,003,742 | ---- | C] () -- C:\Users\John\Desktop\blogin.g
[2012/02/01 18:33:43 | 000,001,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/01 18:33:43 | 000,000,986 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DSLMON.lnk
[2012/02/01 18:33:43 | 000,000,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartLauncher.lnk
[2012/02/01 18:33:43 | 000,000,901 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WWU.lnk
[2012/02/01 18:33:43 | 000,000,898 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCopy.lnk
[2012/02/01 18:33:43 | 000,000,701 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2012/01/31 21:48:20 | 000,000,000 | ---- | C] () -- C:\Users\John\Desktop\123.exe
[2012/01/30 20:42:00 | 000,000,692 | ---- | C] () -- C:\Users\John\Desktop\Internet Security.lnk
[2012/01/17 19:34:38 | 222,364,016 | ---- | C] () -- C:\Users\John\Desktop\SetupDWGTrueView2012_32bit.exe
[2012/01/17 19:33:13 | 008,449,616 | ---- | C] () -- C:\Users\John\Desktop\installer.exe
[2012/01/17 19:19:30 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/17 19:19:30 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/08/30 21:33:23 | 001,317,152 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys
[2011/08/30 21:33:23 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/08/16 14:45:53 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/06/23 17:20:08 | 000,173,768 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/02/10 04:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/12/08 16:55:58 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/08 16:55:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/11 17:45:37 | 000,000,295 | ---- | C] () -- C:\Windows\wininit.ini
[2010/04/12 20:38:11 | 000,000,040 | ---- | C] () -- C:\Windows\ujf635.bin
[2010/01/12 20:36:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/12 18:30:49 | 000,193,413 | ---- | C] () -- C:\Windows\hpoins46.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/11 03:02:28 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/04/24 15:01:59 | 000,000,680 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2009/01/27 13:32:58 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/01/27 13:32:58 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/12/30 19:53:49 | 000,077,824 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/30 19:34:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/12/30 19:24:04 | 000,000,154 | ---- | C] () -- C:\Windows\adidsl.ini
[2008/12/30 19:24:04 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini
[2008/12/30 19:23:28 | 001,474,560 | ---- | C] () -- C:\Windows\adiras.exe
[2008/12/30 19:23:28 | 000,000,936 | ---- | C] () -- C:\Windows\adiras.ini
[2008/12/30 19:23:27 | 000,127,456 | ---- | C] () -- C:\Windows\System32\ipdetect.exe
[2008/12/30 19:23:25 | 000,126,976 | ---- | C] () -- C:\Windows\System32\coclassfast.dll
[2008/12/30 19:23:24 | 000,046,892 | ---- | C] () -- C:\Windows\System32\adadix16.dll
[2008/12/30 19:23:19 | 000,143,360 | ---- | C] () -- C:\Windows\autoclk.exe
[2008/12/30 19:23:19 | 000,022,395 | ---- | C] () -- C:\Windows\System32\drivers\fpga.bin
[2008/10/15 03:02:30 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/10/15 03:02:30 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/10/15 02:08:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/04/09 06:14:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/04/09 06:14:45 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/09 06:14:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/04/09 06:14:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/04/09 06:14:43 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/04/09 06:14:43 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/03/15 23:06:25 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/03/15 23:06:25 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/03/15 22:36:54 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/03/15 22:33:51 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/03/15 22:33:51 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/03/15 22:33:51 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,381,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== LOP Check ==========
[2012/02/02 21:30:57 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\118F0
[2012/02/02 21:30:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\5245E
[2012/02/02 21:30:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\5E47C
[2008/03/15 22:47:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer GameZone Console
[2012/01/17 21:45:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Autodesk
[2010/02/05 19:16:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Azureus
[2010/04/12 20:29:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Betfair
[2008/12/30 20:33:28 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/08 15:14:53 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
[2009/06/26 19:42:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\eSobi
[2011/10/14 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Garmin
[2010/11/22 19:41:38 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Microgaming
[2012/02/01 18:40:00 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nitro PDF
[2009/04/24 15:18:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nokia
[2011/08/16 14:45:53 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenCandy
[2009/04/24 15:18:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PC Suite
[2011/08/16 14:51:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PrimoPDF
[2012/02/06 19:35:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Spotify
[2011/11/28 22:45:37 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2012/02/07 07:27:40 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2008/03/15 22:42:09 | 000,091,973 | ---- | M] () -- C:\-20080315.log
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 02:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/03/15 07:19:11 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/02/06 22:04:16 | 000,012,888 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/02/07 18:25:29 | 2191,994,880 | -HS- | M] () -- C:\pagefile.sys
[2008/10/15 02:11:00 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
< %systemroot%\Fonts\*.com >
[2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 12:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 09:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\spool\prtprocs\w32x86\EP0NPP01.DLL
[2009/04/16 12:42:24 | 000,315,904 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp70w.dll
[2008/01/21 02:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/27 02:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2006/10/19 17:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Normal).scr
[2006/10/19 17:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Wide).scr
[2011/11/28 18:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/01/21 02:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2008/03/15 07:18:59 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/03/15 07:18:55 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/03/15 07:19:00 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/03/15 07:19:07 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/03/15 07:19:09 | 006,668,288 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/12/30 19:20:14 | 000,000,221 | -HS- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2012/01/31 21:48:21 | 000,000,000 | ---- | M] () -- C:\Users\John\Desktop\123.exe
[2012/02/05 23:01:11 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\John\Desktop\boot_cleaner.exe
[2012/02/06 21:34:06 | 004,397,604 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2012/02/05 20:08:11 | 000,302,592 | ---- | M] () -- C:\Users\John\Desktop\gc5iihlh.exe
[2009/04/20 20:37:18 | 001,075,864 | ---- | M] () -- C:\Users\John\Desktop\Google Updater.exe
[2012/01/17 19:33:14 | 008,449,616 | ---- | M] () -- C:\Users\John\Desktop\installer.exe
[2012/02/06 17:14:12 | 000,303,059 | ---- | M] () -- C:\Users\John\Desktop\ListParts.exe
[2012/02/05 15:13:09 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/07 20:28:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/01/17 19:37:50 | 222,364,016 | ---- | M] () -- C:\Users\John\Desktop\SetupDWGTrueView2012_32bit.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
[2008/10/15 02:08:49 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2008/10/15 02:08:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2008/10/15 02:08:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2008/10/15 02:08:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2008/10/15 02:08:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2008/10/15 02:08:19 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2008/12/30 19:13:40 | 000,000,402 | -HS- | M] () -- C:\Users\John\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2011/01/13 18:26:23 | 000,002,246 | ---- | M] () -- C:\ProgramData\hpzinstall.log
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [autoclk] C:\Windows\autoclk.exe ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000..\Run: [Akamai NetSession Interface] C:\Users\John\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WWU.lnk = C:\Program Files\issc\IS89C35\wwu.exe (Integrated System Solution Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1158918320-972893686-2015174526-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C38D824-1B05-42DA-9298-171C4C0380F1}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{483E374A-135B-4D09-A563-2F3DE574A6FD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9795B23-821A-4994-9D98-B77E1CB144B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE68AE08-CA42-470C-9044-68D299269295}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/17 21:41:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/02/06 22:04:22 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\temp
[2012/02/06 21:54:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/06 21:36:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/06 21:36:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/06 21:36:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/06 21:36:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/06 21:36:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/06 21:33:43 | 004,397,604 | R--- | C] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2012/02/05 23:39:21 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\John\Desktop\boot_cleaner.exe
[2012/02/05 23:00:46 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/02/05 21:33:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2012/02/05 15:13:02 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/02 19:51:56 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/02 19:34:44 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/02 19:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/02 19:34:43 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/02 19:34:42 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/02/02 19:34:40 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/02 19:34:36 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/02 19:34:13 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/02 19:34:13 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/02 19:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/02/02 19:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/02/01 18:46:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/01/30 20:43:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\5E47C
[2012/01/30 20:42:40 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\118F0
[2012/01/30 20:42:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\5245E
[2012/01/30 20:41:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\lixoaiir
[2012/01/17 21:45:01 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Autodesk
[2012/01/17 21:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2012/01/17 21:41:53 | 000,000,000 | ---D | C] -- C:\Autodesk
[2012/01/17 19:34:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Akamai
[2008/07/22 08:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 30 Days ==========
[2012/02/07 20:28:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/02/07 20:25:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 20:25:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 19:54:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/07 18:32:18 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/07 18:32:18 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/07 18:25:52 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/02/07 18:25:52 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/02/07 18:25:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/07 18:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/06 21:54:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/06 21:34:06 | 004,397,604 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2012/02/06 17:14:12 | 000,303,059 | ---- | M] () -- C:\Users\John\Desktop\ListParts.exe
[2012/02/05 23:38:57 | 000,044,607 | ---- | M] () -- C:\Users\John\Desktop\bootkit_remover.zip
[2012/02/05 23:37:21 | 000,000,512 | ---- | M] () -- C:\Users\John\Desktop\MBR.dat
[2012/02/05 23:01:11 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/02/05 21:33:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2012/02/05 20:08:11 | 000,302,592 | ---- | M] () -- C:\Users\John\Desktop\gc5iihlh.exe
[2012/02/05 15:14:10 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/05 15:13:09 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/05 10:23:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/02 23:22:04 | 000,000,680 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2012/02/02 19:51:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/02 19:34:44 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/01 18:42:24 | 000,003,742 | ---- | M] () -- C:\Users\John\Desktop\blogin.g
[2012/01/31 21:48:21 | 000,000,000 | ---- | M] () -- C:\Users\John\Desktop\123.exe
[2012/01/30 20:42:00 | 000,000,692 | ---- | M] () -- C:\Users\John\Desktop\Internet Security.lnk
[2012/01/29 13:37:09 | 218,180,837 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/17 19:37:50 | 222,364,016 | ---- | M] () -- C:\Users\John\Desktop\SetupDWGTrueView2012_32bit.exe
[2012/01/17 19:33:14 | 008,449,616 | ---- | M] () -- C:\Users\John\Desktop\installer.exe
[2012/01/17 19:19:30 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
========== Files Created - No Company Name ==========
[2012/02/06 21:36:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/06 21:36:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/06 21:36:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/06 21:36:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/06 21:36:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/06 17:14:11 | 000,303,059 | ---- | C] () -- C:\Users\John\Desktop\ListParts.exe
[2012/02/05 23:38:55 | 000,044,607 | ---- | C] () -- C:\Users\John\Desktop\bootkit_remover.zip
[2012/02/05 23:37:21 | 000,000,512 | ---- | C] () -- C:\Users\John\Desktop\MBR.dat
[2012/02/05 20:08:10 | 000,302,592 | ---- | C] () -- C:\Users\John\Desktop\gc5iihlh.exe
[2012/02/05 15:14:10 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/02 19:34:44 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/01 18:42:23 | 000,003,742 | ---- | C] () -- C:\Users\John\Desktop\blogin.g
[2012/02/01 18:33:43 | 000,001,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/01 18:33:43 | 000,000,986 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DSLMON.lnk
[2012/02/01 18:33:43 | 000,000,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartLauncher.lnk
[2012/02/01 18:33:43 | 000,000,901 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WWU.lnk
[2012/02/01 18:33:43 | 000,000,898 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCopy.lnk
[2012/02/01 18:33:43 | 000,000,701 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2012/01/31 21:48:20 | 000,000,000 | ---- | C] () -- C:\Users\John\Desktop\123.exe
[2012/01/30 20:42:00 | 000,000,692 | ---- | C] () -- C:\Users\John\Desktop\Internet Security.lnk
[2012/01/17 19:34:38 | 222,364,016 | ---- | C] () -- C:\Users\John\Desktop\SetupDWGTrueView2012_32bit.exe
[2012/01/17 19:33:13 | 008,449,616 | ---- | C] () -- C:\Users\John\Desktop\installer.exe
[2012/01/17 19:19:30 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/17 19:19:30 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/08/30 21:33:23 | 001,317,152 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys
[2011/08/30 21:33:23 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/08/16 14:45:53 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/06/23 17:20:08 | 000,173,768 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/02/10 04:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/12/08 16:55:58 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/08 16:55:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/11 17:45:37 | 000,000,295 | ---- | C] () -- C:\Windows\wininit.ini
[2010/04/12 20:38:11 | 000,000,040 | ---- | C] () -- C:\Windows\ujf635.bin
[2010/01/12 20:36:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/12 18:30:49 | 000,193,413 | ---- | C] () -- C:\Windows\hpoins46.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/11 03:02:28 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/04/24 15:01:59 | 000,000,680 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2009/01/27 13:32:58 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/01/27 13:32:58 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/12/30 19:53:49 | 000,077,824 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/30 19:34:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/12/30 19:24:04 | 000,000,154 | ---- | C] () -- C:\Windows\adidsl.ini
[2008/12/30 19:24:04 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini
[2008/12/30 19:23:28 | 001,474,560 | ---- | C] () -- C:\Windows\adiras.exe
[2008/12/30 19:23:28 | 000,000,936 | ---- | C] () -- C:\Windows\adiras.ini
[2008/12/30 19:23:27 | 000,127,456 | ---- | C] () -- C:\Windows\System32\ipdetect.exe
[2008/12/30 19:23:25 | 000,126,976 | ---- | C] () -- C:\Windows\System32\coclassfast.dll
[2008/12/30 19:23:24 | 000,046,892 | ---- | C] () -- C:\Windows\System32\adadix16.dll
[2008/12/30 19:23:19 | 000,143,360 | ---- | C] () -- C:\Windows\autoclk.exe
[2008/12/30 19:23:19 | 000,022,395 | ---- | C] () -- C:\Windows\System32\drivers\fpga.bin
[2008/10/15 03:02:30 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/10/15 03:02:30 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/10/15 02:08:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/04/09 06:14:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/04/09 06:14:45 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/09 06:14:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/04/09 06:14:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/04/09 06:14:43 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/04/09 06:14:43 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/03/15 23:06:25 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/03/15 23:06:25 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/03/15 22:36:54 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/03/15 22:33:51 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/03/15 22:33:51 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/03/15 22:33:51 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,381,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== LOP Check ==========
[2012/02/02 21:30:57 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\118F0
[2012/02/02 21:30:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\5245E
[2012/02/02 21:30:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\5E47C
[2008/03/15 22:47:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer GameZone Console
[2012/01/17 21:45:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Autodesk
[2010/02/05 19:16:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Azureus
[2010/04/12 20:29:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Betfair
[2008/12/30 20:33:28 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/08 15:14:53 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
[2009/06/26 19:42:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\eSobi
[2011/10/14 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Garmin
[2010/11/22 19:41:38 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Microgaming
[2012/02/01 18:40:00 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nitro PDF
[2009/04/24 15:18:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nokia
[2011/08/16 14:45:53 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenCandy
[2009/04/24 15:18:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PC Suite
[2011/08/16 14:51:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PrimoPDF
[2012/02/06 19:35:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Spotify
[2011/11/28 22:45:37 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2012/02/07 07:27:40 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2008/03/15 22:42:09 | 000,091,973 | ---- | M] () -- C:\-20080315.log
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 02:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/03/15 07:19:11 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/02/06 22:04:16 | 000,012,888 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/02/07 18:25:29 | 2191,994,880 | -HS- | M] () -- C:\pagefile.sys
[2008/10/15 02:11:00 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
< %systemroot%\Fonts\*.com >
[2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 12:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 09:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\spool\prtprocs\w32x86\EP0NPP01.DLL
[2009/04/16 12:42:24 | 000,315,904 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp70w.dll
[2008/01/21 02:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/27 02:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2006/10/19 17:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Normal).scr
[2006/10/19 17:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Wide).scr
[2011/11/28 18:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/01/21 02:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2008/03/15 07:18:59 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/03/15 07:18:55 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/03/15 07:19:00 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/03/15 07:19:07 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/03/15 07:19:09 | 006,668,288 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/12/30 19:20:14 | 000,000,221 | -HS- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2012/01/31 21:48:21 | 000,000,000 | ---- | M] () -- C:\Users\John\Desktop\123.exe
[2012/02/05 23:01:11 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\John\Desktop\boot_cleaner.exe
[2012/02/06 21:34:06 | 004,397,604 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2012/02/05 20:08:11 | 000,302,592 | ---- | M] () -- C:\Users\John\Desktop\gc5iihlh.exe
[2009/04/20 20:37:18 | 001,075,864 | ---- | M] () -- C:\Users\John\Desktop\Google Updater.exe
[2012/01/17 19:33:14 | 008,449,616 | ---- | M] () -- C:\Users\John\Desktop\installer.exe
[2012/02/06 17:14:12 | 000,303,059 | ---- | M] () -- C:\Users\John\Desktop\ListParts.exe
[2012/02/05 15:13:09 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/07 20:28:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/01/17 19:37:50 | 222,364,016 | ---- | M] () -- C:\Users\John\Desktop\SetupDWGTrueView2012_32bit.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
[2008/10/15 02:08:49 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2008/10/15 02:08:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2008/10/15 02:08:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2008/10/15 02:08:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2008/10/15 02:08:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2008/10/15 02:08:19 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2008/12/30 19:13:40 | 000,000,402 | -HS- | M] () -- C:\Users\John\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2011/01/13 18:26:23 | 000,002,246 | ---- | M] () -- C:\ProgramData\hpzinstall.log
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
Similar threads
Latest posts
-
Apple's impossibly think iPad Pro packs an M4 chip and tandem OLED technology- Shawn Knight replied
-
"CPUs Don't Matter For 4K Gaming"... Wrong!- JetFixxxer replied
-
Gamers hack classic Tetris on NES to run custom code without altering cartridges- GodisanAtheist replied