Solved Help securing laptop

Hurriken

Hurriken

Posts: 276   +0
If this is in the wrong place, my bad, I wasn't sure where to go with this.

To start off, the laptop appears to be fine as far as viruses and malware go. I just want to secure my system. I'll explain. I inherited my daughters old laptop (rode hard put away wet) and it has become my wifes. My wife is a computer novice, "how do I close the browser window again?" but she is learning quickly. I have been helped here on a few of my computers and especially like the final steps that secure the system for future use. Because I'm usually here with a system stifling infection I'm not sure where to start with this system.

Right before she gave it to us she was having problems with Avast. Her friend, meaning well, removed it completely but installed no replacement. It has been like this for a month. I checked that it truly was removed and then downloaded the latest version of Avast and installed it. I ran malwarebytes(updated first) and found about 50 something bugs. Since it isn't really showing problems I decided to stop there and ask.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.31.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Melissa :: MELISSA-PC [administrator]

1/31/2012 10:34:46 AM
mbam-log-2012-01-31 (10-34-46).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 416885
Time elapsed: 1 hour(s), 39 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.FBApi (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Creator (Adware.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 29
C:\Program Files\RewardsArcade (PUP.RewardsArcade) -> Delete on reboot.
C:\Users\Melissa\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Files Detected: 109
C:\Program Files\RewardsArcade\RewardsArcade.dll (PUP.RewardsArcade) -> Delete on reboot.
C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\qjy.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FB56WYB\SoftonicDownloader_for_ac97-audio-codec[1].exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VERTZULD\sh[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4COL4H3Z\PDFCreatorSetup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\fb.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\appAPIinternalWrapper.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\jquery.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\json.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\RewardsArcade.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\Uninstall.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\UserConfirmation.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

(end)
 
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/12/2008 5:52:15 AM
System Uptime: 1/31/2012 1:51:48 PM (7 hours ago)
.
Motherboard: Quanta | | 30CF
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket S1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 37.592 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.98 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0018
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0018
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0025
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #10
PNP Device ID: ROOT\*6TO4MP\0025
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0032
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #15
PNP Device ID: ROOT\*6TO4MP\0032
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0036
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #19
PNP Device ID: ROOT\*6TO4MP\0036
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0038
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #21
PNP Device ID: ROOT\*6TO4MP\0038
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0039
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #22
PNP Device ID: ROOT\*6TO4MP\0039
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0041
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #24
PNP Device ID: ROOT\*6TO4MP\0041
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0044
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #26
PNP Device ID: ROOT\*6TO4MP\0044
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0046
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #28
PNP Device ID: ROOT\*6TO4MP\0046
Service: tunnel
.
==== System Restore Points ===================
.
RP785: 9/14/2011 1:00:17 AM - Windows Update
RP786: 9/14/2011 5:19:03 PM - Scheduled Checkpoint
RP787: 9/17/2011 2:05:06 AM - Windows Update
RP788: 9/18/2011 10:46:15 PM - Scheduled Checkpoint
RP789: 9/20/2011 8:21:03 AM - Scheduled Checkpoint
RP790: 11/25/2011 5:51:56 PM - Windows Update
RP791: 11/26/2011 1:57:28 PM - Windows Update
RP792: 11/26/2011 2:39:24 PM - Installed Java(TM) 6 Update 29
RP793: 11/26/2011 2:41:45 PM - Installed Java Runtime Environment
RP794: 12/14/2011 5:54:41 PM - Windows Update
RP795: 12/14/2011 10:01:30 PM - Windows Update
RP796: 12/17/2011 10:22:32 PM - Windows Update
RP797: 12/22/2011 10:30:00 PM - Windows Update
RP798: 12/24/2011 8:19:51 PM - Installed HP Product Detection
RP799: 12/24/2011 8:21:25 PM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.
RP800: 12/24/2011 8:24:16 PM - Windows Update
RP801: 12/24/2011 8:29:25 PM - avast! Free Antivirus Setup
RP802: 1/28/2012 8:03:08 PM - Windows Update
RP803: 1/31/2012 9:26:52 AM - Windows Update
RP804: 1/31/2012 9:35:58 AM - Removed Ask Toolbar.
RP805: 1/31/2012 9:36:43 AM - Removed Ask Toolbar.
RP806: 1/31/2012 9:39:09 AM - Windows Update
RP807: 1/31/2012 2:11:51 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
AIM 6
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Auf geht's! 1.7
avast! Free Antivirus
Bonjour
Cards_Calendar_OrderGift_DoMorePlugout
CHOIDY USB PC Camera
Compatibility Pack for the 2007 Office system
Conexant HD Audio
DVD Suite
DyKnow Tablet Runtime 5.2 SP1
EA Link
Goombah Partner COM Server
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard ACLM.NET v1.1.0.0
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
HP Photosmart Essential 2.5
HP Product Detection
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
iTunes
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 29
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LabelPrint
Last.fm 1.5.2.38918
LightScribe System Software 1.10.13.1
Malwarebytes Anti-Malware version 1.60.1.1000
MediaWidget 6.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Ruckus Player
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Sibelius Scorch (ActiveX Only)
Skype™ 4.0
Slingbox Flash Tour
SlingPlayer
Synaptics Pointing Device Driver
The Sims™ Life Stories
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Viewpoint Media Player
Visual Studio Tools for the Office system 3.0 Runtime
WeatherBug Gadget
Windows Media Encoder 9 Series
.
==== End Of File ===========================
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170
Run by Melissa at 20:03:02 on 2012-01-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1157 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [BSDAppUpdater] c:\program files\common files\bsd\appupdater\BSDChecker.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\melissa\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{289E86F5-D5D7-4F6D-A0C9-EB3CB4F2B692} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C09F4A64-DE2B-4588-8E97-539B9F2EBDD0} : DhcpNameServer = 192.168.178.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-31 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-31 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-31 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-31 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-31 44768]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2010-3-19 252416]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2010-3-19 398720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-31 20:13:30 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-31 20:13:29 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-31 20:12:40 41184 ----a-w- c:\windows\avastSS.scr
2012-01-31 20:12:13 -------- d-----w- c:\programdata\AVAST Software
2012-01-31 20:12:13 -------- d-----w- c:\program files\AVAST Software
2012-01-31 15:40:00 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ba131242-f0e5-47aa-8b5f-0c3b9ea65cd1}\mpengine.dll
.
==================== Find3M ====================
.
2011-12-25 02:46:50 319488 ----a-w- c:\windows\HideWin.exe
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 12:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll
2011-11-17 06:48:37 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-16 16:23:44 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 16:23:08 72704 ----a-w- c:\windows\system32\secur32.dll
2011-11-16 16:23:05 278528 ----a-w- c:\windows\system32\schannel.dll
2011-11-16 16:21:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-16 14:12:25 9728 ----a-w- c:\windows\system32\lsass.exe
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 20:03:35.44 ===============
 
GMER tried to give me some trouble but here it is finally.
-----------------------------------------------------------------------------------------------------


GMER 1.0.15.15641 - httpwww.gmer.net
Rootkit scan 2012-02-01 113451
Windows 6.0.6002 Service Pack 2 Harddisk0DR0 - DeviceIdeIdeDeviceP2T0L0-3 FUJITSU_MHZ2160BH_G2 rev.8909
Running r1thux4x.exe; Driver CUsersMelissaAppDataLocalTempkwliifod.sys


---- System - GMER 1.0.15 ----

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwAddBootEntry [0x8FE14FC4]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateEvent [0x8FE17456]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateEventPair [0x8FE174AE]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateIoCompletion [0x8FE175C4]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateMutant [0x8FE173AC]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateSection [0x8FE174FE]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateSemaphore [0x8FE17400]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateTimer [0x8FE17572]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwDeleteBootEntry [0x8FE14FE8]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwLoadDriver [0x8FE14DB2]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwModifyBootEntry [0x8FE1500C]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwNotifyChangeKey [0x8FE179BC]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwNotifyChangeMultipleKeys [0x8FE15AA4]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenEvent [0x8FE17486]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenEventPair [0x8FE174D6]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenIoCompletion [0x8FE175EE]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenMutant [0x8FE173D8]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenSection [0x8FE1753E]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenSemaphore [0x8FE1742E]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenTimer [0x8FE1759C]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwQueryObject [0x8FE1596A]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSetBootEntryOrder [0x8FE15030]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSetBootOptions [0x8FE15054]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSetSystemInformation [0x8FE14E0C]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSetSystemPowerState [0x8FE14F48]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwShutdownSystem [0x8FE14F24]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSystemDebugControl [0x8FE14F6C]
SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwVdmControl [0x8FE15078]

Code SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ZwCreateProcessEx [0x904867A2]
Code SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ObInsertObject
Code SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 832B0890 4 Bytes [C4, 4F, E1, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1D1 832B0954 8 Bytes [56, 74, E1, 8F, AE, 74, E1, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 832B0960 4 Bytes [C4, 75, E1, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1F5 832B0978 4 Bytes [AC, 73, E1, 8F]
.text ntkrnlpa.exe!KeSetEvent + 215 832B0998 8 Bytes [FE, 74, E1, 8F, 00, 74, E1, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 833DB62F 5 Bytes JMP 9048369C SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 83434543 5 Bytes JMP 9048515C SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8343DE68 4 Bytes CALL 8FE16025 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 83441ADC 4 Bytes CALL 8FE1603B SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 83495DCA 7 Bytes JMP 904867A6 SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software)
.text CWindowssystem32DRIVERSnvlddmkm.sys section is writeable [0x8F20E340, 0x3FA057, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001703FC
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00170600
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00171014
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00170804
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00170A08
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00170C0C
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00170E10
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001701F8
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00180600
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00180804
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00180A08
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001801F8
.text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001803FC
.text CProgram FilesBonjourmDNSResponder.exe[320] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesBonjourmDNSResponder.exe[320] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesBonjourmDNSResponder.exe[320] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 002703FC
.text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00270600
.text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00271014
.text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00270804
.text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00270A08
.text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00270C0C
.text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00270E10
.text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 002701F8
.text CProgram FilesBonjourmDNSResponder.exe[320] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00280600
.text CProgram FilesBonjourmDNSResponder.exe[320] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00280804
.text CProgram FilesBonjourmDNSResponder.exe[320] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00280A08
.text CProgram FilesBonjourmDNSResponder.exe[320] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 002801F8
.text CProgram FilesBonjourmDNSResponder.exe[320] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 002803FC
.text CWindowssystem32svchost.exe[344] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32svchost.exe[344] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32svchost.exe[344] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32svchost.exe[344] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32svchost.exe[344] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32svchost.exe[344] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32svchost.exe[344] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32svchost.exe[344] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32svchost.exe[344] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32svchost.exe[344] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32svchost.exe[344] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001903FC
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00190600
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00191014
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00190804
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 3 Bytes JMP 00190A08
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!ChangeServiceConfigW + 4 77A06F85 1 Byte [88]
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00190C0C
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00190E10
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001901F8
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 001A0600
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 001A0804
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 001A0A08
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001A01F8
.text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001A03FC
.text CWindowssystem32csrss.exe[596] KERNEL32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32wininit.exe[648] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000301F8
.text CWindowssystem32wininit.exe[648] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000303FC
.text CWindowssystem32wininit.exe[648] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32wininit.exe[648] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000503FC
.text CWindowssystem32wininit.exe[648] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00050600
.text CWindowssystem32wininit.exe[648] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00051014
.text CWindowssystem32wininit.exe[648] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00050804
.text CWindowssystem32wininit.exe[648] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00050A08
.text CWindowssystem32wininit.exe[648] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00050C0C
.text CWindowssystem32wininit.exe[648] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00050E10
.text CWindowssystem32wininit.exe[648] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000501F8
.text CWindowssystem32wininit.exe[648] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00060600
.text CWindowssystem32wininit.exe[648] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00060804
.text CWindowssystem32wininit.exe[648] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00060A08
.text CWindowssystem32wininit.exe[648] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000601F8
.text CWindowssystem32wininit.exe[648] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000603FC
.text CWindowssystem32csrss.exe[660] KERNEL32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32services.exe[692] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32services.exe[692] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32services.exe[692] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32services.exe[692] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32services.exe[692] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32services.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32services.exe[692] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32services.exe[692] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32services.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32services.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32services.exe[692] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32services.exe[692] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
.text CWindowssystem32services.exe[692] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
.text CWindowssystem32services.exe[692] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
.text CWindowssystem32services.exe[692] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
.text CWindowssystem32services.exe[692] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
.text CWindowssystem32lsass.exe[708] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32lsass.exe[708] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32lsass.exe[708] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32lsass.exe[708] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32lsass.exe[708] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32lsass.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32lsass.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32lsass.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32lsass.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32lsass.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32lsass.exe[708] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32lsass.exe[708] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
.text CWindowssystem32lsass.exe[708] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
.text CWindowssystem32lsass.exe[708] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
.text CWindowssystem32lsass.exe[708] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
.text CWindowssystem32lsass.exe[708] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
.text CWindowssystem32lsm.exe[716] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32lsm.exe[716] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32lsm.exe[716] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32lsm.exe[716] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32lsm.exe[716] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32lsm.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32lsm.exe[716] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32lsm.exe[716] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32lsm.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32lsm.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32lsm.exe[716] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32winlogon.exe[788] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000301F8
.text CWindowssystem32winlogon.exe[788] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000303FC
.text CWindowssystem32winlogon.exe[788] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000503FC
.text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00050600
.text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00051014
.text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00050804
.text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00050A08
.text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00050C0C
.text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00050E10
.text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000501F8
.text CWindowssystem32winlogon.exe[788] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00060600
.text CWindowssystem32winlogon.exe[788] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00060804
.text CWindowssystem32winlogon.exe[788] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00060A08
.text CWindowssystem32winlogon.exe[788] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000601F8
.text CWindowssystem32winlogon.exe[788] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000603FC
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001601F8
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001603FC
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00190600
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00190804
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00190A08
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001901F8
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001903FC
.text CProgram FilesAVAST SoftwareAvastAvastUI.exe[868] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowsSystem32svchost.exe[880] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
 
.text CWindowsSystem32svchost.exe[880] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowsSystem32svchost.exe[880] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32svchost.exe[900] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32svchost.exe[900] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32svchost.exe[900] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32svchost.exe[900] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32svchost.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32svchost.exe[900] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32nvvsvc.exe[956] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CWindowssystem32nvvsvc.exe[956] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CWindowssystem32nvvsvc.exe[956] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32nvvsvc.exe[956] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00170600
.text CWindowssystem32nvvsvc.exe[956] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00170804
.text CWindowssystem32nvvsvc.exe[956] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00170A08
.text CWindowssystem32nvvsvc.exe[956] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001701F8
.text CWindowssystem32nvvsvc.exe[956] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001703FC
.text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
.text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
.text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
.text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
.text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
.text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
.text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
.text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
.text CWindowssystem32svchost.exe[980] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32svchost.exe[980] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32svchost.exe[980] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32svchost.exe[980] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32svchost.exe[980] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32svchost.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32svchost.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32svchost.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32svchost.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32svchost.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32svchost.exe[980] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32svchost.exe[980] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 000B0600
.text CWindowssystem32svchost.exe[980] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 000B0804
.text CWindowssystem32svchost.exe[980] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 000B0A08
.text CWindowssystem32svchost.exe[980] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000B01F8
.text CWindowssystem32svchost.exe[980] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000B03FC
.text CWindowssystem32svchost.exe[984] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32svchost.exe[984] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32svchost.exe[984] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32svchost.exe[984] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32svchost.exe[984] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32svchost.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32svchost.exe[984] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32svchost.exe[984] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00180600
.text CWindowssystem32svchost.exe[984] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00180804
.text CWindowssystem32svchost.exe[984] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00180A08
.text CWindowssystem32svchost.exe[984] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001801F8
.text CWindowssystem32svchost.exe[984] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001803FC
.text CWindowsSystem32svchost.exe[1024] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowsSystem32svchost.exe[1024] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowsSystem32svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowsSystem32svchost.exe[1024] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00100600
.text CWindowsSystem32svchost.exe[1024] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00100804
.text CWindowsSystem32svchost.exe[1024] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00100A08
.text CWindowsSystem32svchost.exe[1024] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001001F8
.text CWindowsSystem32svchost.exe[1024] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001003FC
.text CWindowsSystem32svchost.exe[1084] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowsSystem32svchost.exe[1084] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowsSystem32svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.
 
.text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowsSystem32svchost.exe[1084] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 000C0600
.text CWindowsSystem32svchost.exe[1084] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 000C0804
.text CWindowsSystem32svchost.exe[1084] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 000C0A08
.text CWindowsSystem32svchost.exe[1084] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000C01F8
.text CWindowsSystem32svchost.exe[1084] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000C03FC
.text CWindowsSystem32svchost.exe[1112] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowsSystem32svchost.exe[1112] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowsSystem32svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowsSystem32svchost.exe[1112] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00C50600
.text CWindowsSystem32svchost.exe[1112] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00C50804
.text CWindowsSystem32svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00C50A08
.text CWindowsSystem32svchost.exe[1112] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 00C501F8
.text CWindowsSystem32svchost.exe[1112] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 00C503FC
.text CWindowssystem32svchost.exe[1124] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32svchost.exe[1124] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32svchost.exe[1124] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 001A0600
.text CWindowssystem32svchost.exe[1124] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 001A0804
.text CWindowssystem32svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 001A0A08
.text CWindowssystem32svchost.exe[1124] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001A01F8
.text CWindowssystem32svchost.exe[1124] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001A03FC
.text CWindowssystem32AUDIODG.EXE[1192] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32svchost.exe[1204] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32svchost.exe[1204] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00190600
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00190804
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00190A08
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001901F8
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001903FC
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001A03FC
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 001A0600
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 001A1014
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 001A0804
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 001A0A08
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 001A0C0C
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 001A0E10
.text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001A01F8
.text CWindowssystem32svchost.exe[1272] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32svchost.exe[1272] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32svchost.exe[1272] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00C10600
.text CWindowssystem32svchost.exe[1272] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00C10804
.text CWindowssystem32svchost.exe[1272] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00C10A08
.text CWindowssystem32svchost.exe[1272] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 00C101F8
.text CWindowssystem32svchost.exe[1272] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 00C103FC
.text CProgram FilesSkypePhoneSkype.exe[1296] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesSkypePhoneSkype.exe[1296] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesSkypePhoneSkype.exe[1296] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesSkypePhoneSkype.exe[1296] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00170600
.text CProgram FilesSkypePhoneSkype.exe[1296] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00170804
.text CProgram FilesSkypePhoneSkype.exe[1296] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00170A08
.text CProgram FilesSkypePhoneSkype.exe[1296] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001701F8
.text CProgram FilesSkypePhoneSkype.exe[1296] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001703FC
.text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
.text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
.text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
.text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
.text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
.text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
.text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
.text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
.text CWindowssystem32svchost.exe[1388] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32svchost.exe[1388] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32svchost.exe[1388] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32svchost.exe[1388] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00180600
.text CWindowssystem32svchost.exe[1388] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00180804
.text CWindowssystem32svchost.exe[1388] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00180A08
.text CWindowssystem32svchost.exe[1388] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001801F8
.text CWindowssystem32svchost.exe[1388] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001803FC
.text CProgram FilesAVAST SoftwareAvastAvastSvc.exe[1512] kernel32.dll!SetUnhandledExceptionFilter 7682A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text CProgram FilesAVAST SoftwareAvastAvastSvc.exe[1512] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 003A03FC
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 003A0600
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 003A1014
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 003A0804
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 003A0A08
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 003A0C0C
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 003A0E10
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 003A01F8
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 003B0600
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 003B0804
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 003B0A08
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 003B01F8
.text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 003B03FC
.text CWindowsSystem32spoolsv.exe[1864] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowsSystem32spoolsv.exe[1864] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowsSystem32spoolsv.exe[1864] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowsSystem32spoolsv.exe[1864] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00120600
.text CWindowsSystem32spoolsv.exe[1864] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00120804
.text CWindowsSystem32spoolsv.exe[1864] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00120A08
.text CWindowsSystem32spoolsv.exe[1864] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001201F8
.text CWindowsSystem32spoolsv.exe[1864] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001203FC
.text CWindowssystem32svchost.exe[1888] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32svchost.exe[1888] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32svchost.exe[1888] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.
 
.text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32svchost.exe[1888] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 000F0600
.text CWindowssystem32svchost.exe[1888] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 000F0804
.text CWindowssystem32svchost.exe[1888] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 000F0A08
.text CWindowssystem32svchost.exe[1888] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000F01F8
.text CWindowssystem32svchost.exe[1888] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000F03FC
.text CProgram FilesHewlett-PackardHP AdvisorHPAdvisor.exe[1912] KERNEL32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001401F8
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001403FC
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00160600
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00160804
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00160A08
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001601F8
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001603FC
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001703FC
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00170600
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00171014
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00170804
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00170A08
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00170C0C
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00170E10
.text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001701F8
.text CProgram FilesWindows Sidebarsidebar.exe[2128] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CProgram FilesWindows Sidebarsidebar.exe[2128] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CProgram FilesWindows Sidebarsidebar.exe[2128] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000C03FC
.text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 000C0600
.text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 000C1014
.text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 000C0804
.text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 000C0A08
.text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 000C0C0C
.text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 000C0E10
.text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000C01F8
.text CProgram FilesWindows Sidebarsidebar.exe[2128] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 000D0600
.text CProgram FilesWindows Sidebarsidebar.exe[2128] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 000D0804
.text CProgram FilesWindows Sidebarsidebar.exe[2128] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 000D0A08
.text CProgram FilesWindows Sidebarsidebar.exe[2128] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000D01F8
.text CProgram FilesWindows Sidebarsidebar.exe[2128] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000D03FC
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00270600
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00270804
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00270A08
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 002701F8
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 002703FC
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 002803FC
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00280600
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00281014
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00280804
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00280A08
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00280C0C
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00280E10
.text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 002801F8
.text CWindowssystem32svchost.exe[2200] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32svchost.exe[2200] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32svchost.exe[2200] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowsSystem32svchost.exe[2248] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowsSystem32svchost.exe[2248] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowsSystem32svchost.exe[2248] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowsehomeehtray.exe[2260] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowsehomeehtray.exe[2260] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowsehomeehtray.exe[2260] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowsehomeehtray.exe[2260] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
.text CWindowsehomeehtray.exe[2260] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
.text CWindowsehomeehtray.exe[2260] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
.text CWindowsehomeehtray.exe[2260] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
.text CWindowsehomeehtray.exe[2260] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
.text CWindowssystem32SearchIndexer.exe[2272] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32SearchIndexer.exe[2272] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32SearchIndexer.exe[2272] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32SearchIndexer.exe[2272] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
.text CWindowssystem32SearchIndexer.exe[2272] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
.text CWindowssystem32SearchIndexer.exe[2272] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
.text CWindowssystem32SearchIndexer.exe[2272] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
.text CWindowssystem32SearchIndexer.exe[2272] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
.text CWindowssystem32DRIVERSxaudio.exe[2420] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001401F8
.text CWindowssystem32DRIVERSxaudio.exe[2420] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001403FC
.text CWindowssystem32DRIVERSxaudio.exe[2420] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001603FC
.text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00160600
.text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00161014
.text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00160804
.text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00160A08
.text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00160C0C
.text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00160E10
.text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001601F8
.text CWindowssystem32DRIVERSxaudio.exe[2420] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00170600
.text CWindowssystem32DRIVERSxaudio.exe[2420] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00170804
.text CWindowssystem32DRIVERSxaudio.exe[2420] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00170A08
.text CWindowssystem32DRIVERSxaudio.exe[2420] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001701F8
.text CWindowssystem32DRIVERSxaudio.exe[2420] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001703FC
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00070600
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00070804
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00070A08
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000701F8
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000703FC
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000803FC
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00080600
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00081014
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00080804
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00080A08
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00080C0C
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00080E10
.text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000801F8
.text CWindowssystem32rundll32.exe[2596] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000601F8
.text CWindowssystem32rundll32.exe[2596] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000603FC
.text CWindowssystem32rundll32.exe[2596] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32rundll32.exe[2596] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00070600
.text CWindowssystem32rundll32.exe[2596] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00070804
.text CWindowssystem32rundll32.exe[2596] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00070A08
.text CWindowssystem32rundll32.exe[2596] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000701F8
.text CWindowssystem32rundll32.exe[2596] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000703FC
.text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000903FC
.text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00090600
.text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00091014
.text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00090804
.text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00090A08
.text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00090C0C
.text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00090E10
.text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000901F8
.text CWindowsehomeehmsas.exe[2756] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000401F8
.text CWindowsehomeehmsas.exe[2756] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000403FC
.text CWindowsehomeehmsas.exe[2756] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000603FC
.text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00060600
.text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00061014
.text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00060804
.text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00060A08
.text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00060C0C
.text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00060E10
.text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000601F8
.text CWindowsehomeehmsas.exe[2756] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00070600
.text CWindowsehomeehmsas.exe[2756] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00070804
.text CWindowsehomeehmsas.exe[2756] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00070A08
.text CWindowsehomeehmsas.exe[2756] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000701F8
.text CWindowsehomeehmsas.exe[2756] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000703FC
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001C03FC
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 001C0600
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 001C1014
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 001C0804
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 001C0A08
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 001C0C0C
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 001C0E10
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001C01F8
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 001D0600
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 001D0804
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 001D0A08
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001D01F8
.text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001D03FC
.text CProgram FilesWindows Sidebarsidebar.exe[3044] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CProgram FilesWindows Sidebarsidebar.exe[3044] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CProgram FilesWindows Sidebarsidebar.exe[3044] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000803FC
.text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00080600
.text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00081014
.text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00080804
.text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00080A08
.text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00080C0C
.text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00080E10
.text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000801F8
.text CProgram FilesWindows Sidebarsidebar.exe[3044] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00090600
.text CProgram FilesWindows Sidebarsidebar.exe[3044] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00090804
.text CProgram FilesWindows Sidebarsidebar.exe[3044] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00090A08
.text CProgram FilesWindows Sidebarsidebar.exe[3044] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000901F8
.text CProgram FilesWindows Sidebarsidebar.exe[3044] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000903FC
.text CWindowssystem32taskeng.exe[3072] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32taskeng.exe[3072] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32taskeng.exe[3072] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32taskeng.exe[3072] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
.text CWindowssystem32taskeng.exe[3072] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
.text CWindowssystem32taskeng.exe[3072] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
.text CWindowssystem32taskeng.exe[3072] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
.text CWindowssystem32taskeng.exe[3072] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
.text CProgram FilesiPodbiniPodService.exe[3132] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesiPodbiniPodService.exe[3132] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesiPodbiniPodService.exe[3132] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
.text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
.text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
.text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
.text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
.
 
.text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
.text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
.text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
.text CProgram FilesiPodbiniPodService.exe[3132] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00190600
.text CProgram FilesiPodbiniPodService.exe[3132] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00190804
.text CProgram FilesiPodbiniPodService.exe[3132] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00190A08
.text CProgram FilesiPodbiniPodService.exe[3132] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001901F8
.text CProgram FilesiPodbiniPodService.exe[3132] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001903FC
.text CWindowssystem32taskeng.exe[3220] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000901F8
.text CWindowssystem32taskeng.exe[3220] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000903FC
.text CWindowssystem32taskeng.exe[3220] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 005303FC
.text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00530600
.text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00531014
.text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00530804
.text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00530A08
.text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00530C0C
.text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00530E10
.text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 005301F8
.text CWindowssystem32taskeng.exe[3220] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00540600
.text CWindowssystem32taskeng.exe[3220] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00540804
.text CWindowssystem32taskeng.exe[3220] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00540A08
.text CWindowssystem32taskeng.exe[3220] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 005401F8
.text CWindowssystem32taskeng.exe[3220] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 005403FC
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001401F8
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001403FC
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00170600
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00170804
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00170A08
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001701F8
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001703FC
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
.text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
.text CWindowssystem32Dwm.exe[3320] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32Dwm.exe[3320] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32Dwm.exe[3320] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32Dwm.exe[3320] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
.text CWindowssystem32Dwm.exe[3320] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
.text CWindowssystem32Dwm.exe[3320] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
.text CWindowssystem32Dwm.exe[3320] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
.text CWindowssystem32Dwm.exe[3320] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
.text CWindowsExplorer.EXE[3352] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowsExplorer.EXE[3352] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowsExplorer.EXE[3352] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowsExplorer.EXE[3352] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowsExplorer.EXE[3352] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowsExplorer.EXE[3352] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowsExplorer.EXE[3352] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowsExplorer.EXE[3352] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowsExplorer.EXE[3352] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowsExplorer.EXE[3352] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowsExplorer.EXE[3352] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowsExplorer.EXE[3352] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
.text CWindowsExplorer.EXE[3352] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
.text CWindowsExplorer.EXE[3352] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
.text CWindowsExplorer.EXE[3352] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
.text CWindowsExplorer.EXE[3352] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001401F8
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001403FC
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00160600
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00160804
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00160A08
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001601F8
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001603FC
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001703FC
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00170600
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00171014
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00170804
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00170A08
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00170C0C
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00170E10
.text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001701F8
.text CWindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe[3624] KERNEL32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesHPQuickPlayQPService.exe[3648] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001401F8
.text CProgram FilesHPQuickPlayQPService.exe[3648] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001403FC
.text CProgram FilesHPQuickPlayQPService.exe[3648] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesHPQuickPlayQPService.exe[3648] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00160600
.text CProgram FilesHPQuickPlayQPService.exe[3648] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00160804
.text CProgram FilesHPQuickPlayQPService.exe[3648] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00160A08
.text CProgram FilesHPQuickPlayQPService.exe[3648] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001601F8
.text CProgram FilesHPQuickPlayQPService.exe[3648] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001603FC
.text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
.text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
.text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
.text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
.text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
.text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
.text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
.text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
.text CWindowssystem32taskeng.exe[3788] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32taskeng.exe[3788] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32taskeng.exe[3788] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CWindowssystem32taskeng.exe[3788] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
.text CWindowssystem32taskeng.exe[3788] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
.text CWindowssystem32taskeng.exe[3788] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
.text CWindowssystem32taskeng.exe[3788] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
.text CWindowssystem32taskeng.exe[3788] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
.text cProgram FilesHewlett-PackardHP Health Checkhphc_service.exe[3820] KERNEL32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001703FC
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00170600
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00171014
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00170804
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00170A08
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00170C0C
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00170E10
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001701F8
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00180600
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00180804
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00180A08
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001801F8
.text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001803FC
.text CProgram FilesWindows DefenderMSASCui.exe[3876] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CProgram FilesWindows DefenderMSASCui.exe[3876] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CProgram FilesWindows DefenderMSASCui.exe[3876] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000B03FC
.text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 000B0600
.text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 000B1014
.text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 000B0804
.text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 000B0A08
.text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 000B0C0C
.text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 000B0E10
.text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000B01F8
.text CProgram FilesWindows DefenderMSASCui.exe[3876] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 000C0600
.text CProgram FilesWindows DefenderMSASCui.exe[3876] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 000C0804
.text CProgram FilesWindows DefenderMSASCui.exe[3876] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 000C0A08
.text CProgram FilesWindows DefenderMSASCui.exe[3876] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000C01F8
.text CProgram FilesWindows DefenderMSASCui.exe[3876] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000C03FC
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001703FC
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00170600
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00171014
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00170804
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00170A08
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00170C0C
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00170E10
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001701F8
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00180600
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00180804
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00180A08
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001801F8
.text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001803FC
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00180600
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00180804
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00180A08
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001801F8
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001803FC
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001903FC
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00190600
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00191014
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00190804
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 3 Bytes JMP 00190A08
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!ChangeServiceConfigW + 4 77A06F85 1 Byte [88]
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00190C0C
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00190E10
.text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001901F8
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00190600
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00190804
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00190A08
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001901F8
.text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001903FC
.text CWindowssystem32svchost.exe[4012] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
.text CWindowssystem32svchost.exe[4012] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
.text CWindowssystem32svchost.exe[4012] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
.text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
.text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
.text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
.text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
.text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
.text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
.text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
.text CProgram FilesiTunesiTunesHelper.exe[4036] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesiTunesiTunesHelper.exe[4036] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesiTunesiTunesHelper.exe[4036] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesiTunesiTunesHelper.exe[4036] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00170600
.text CProgram FilesiTunesiTunesHelper.exe[4036] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00170804
.text CProgram FilesiTunesiTunesHelper.exe[4036] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00170A08
.text CProgram FilesiTunesiTunesHelper.exe[4036] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001701F8
.text CProgram FilesiTunesiTunesHelper.exe[4036] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001703FC
.text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
.text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
.text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
.text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
.text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
.text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
.text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
.text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
.text CWindowsSystem32rundll32.exe[4068] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000601F8
.text CWindowsSystem32rundll32.exe[4068] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000603FC
.text CWindowsSystem32rundll32.exe[4068] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowsSystem32rundll32.exe[4068] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00070600
.text CWindowsSystem32rundll32.exe[4068] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00070804
.text CWindowsSystem32rundll32.exe[4068] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00070A08
.text CWindowsSystem32rundll32.exe[4068] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000701F8
.text CWindowsSystem32rundll32.exe[4068] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000703FC
.text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000803FC
.text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00080600
.text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00081014
.text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00080804
.text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00080A08
.text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00080C0C
.text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00080E10
.text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000801F8
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00170600
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00170804
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00170A08
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001701F8
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001703FC
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
.text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00170600
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00170804
.
 
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00170A08
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001701F8
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001703FC
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
.text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
.text CWindowssystem32ctfmon.exe[4232] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CUsersMelissaDesktopr1thux4x.exe[4992] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
.text CUsersMelissaDesktopr1thux4x.exe[4992] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
.text CUsersMelissaDesktopr1thux4x.exe[4992] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 003603FC
.text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00360600
.text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00361014
.text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00360804
.text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00360A08
.text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00360C0C
.text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00360E10
.text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 003601F8
.text CUsersMelissaDesktopr1thux4x.exe[4992] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00370600
.text CUsersMelissaDesktopr1thux4x.exe[4992] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00370804
.text CUsersMelissaDesktopr1thux4x.exe[4992] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00370A08
.text CUsersMelissaDesktopr1thux4x.exe[4992] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 003701F8
.text CUsersMelissaDesktopr1thux4x.exe[4992] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 003703FC
.text CWindowssystem32wuauclt.exe[5188] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000601F8
.text CWindowssystem32wuauclt.exe[5188] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000603FC
.text CWindowssystem32wuauclt.exe[5188] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
.text CWindowssystem32wuauclt.exe[5188] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00070600
.text CWindowssystem32wuauclt.exe[5188] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00070804
.text CWindowssystem32wuauclt.exe[5188] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00070A08
.text CWindowssystem32wuauclt.exe[5188] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000701F8
.text CWindowssystem32wuauclt.exe[5188] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000703FC
.text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000803FC
.text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00080600
.text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00081014
.text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00080804
.text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00080A08
.text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00080C0C
.text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00080E10
.text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000801F8

---- User IATEAT - GMER 1.0.15 ----

IAT CWindowssystem32services.exe[692] @ CWindowssystem32services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000B0002
IAT CWindowssystem32services.exe[692] @ CWindowssystem32services.exe [KERNEL32.dll!CreateProcessW] 000B0000

---- Devices - GMER 1.0.15 ----

Device FileSystemNtfs Ntfs aswSP.SYS (avast! self protection moduleAVAST Software)
Device DriverBTHUSB Device0000009c bthport.sys (Bluetooth Bus DriverMicrosoft Corporation)
Device DriverBTHUSB Device0000009c bthport.sys (Bluetooth Bus DriverMicrosoft Corporation)

AttachedDevice Driverkbdclass DeviceKeyboardClass0 Wdf01000.sys (WDF DynamicMicrosoft Corporation)

Device DriverBTHUSB Device0000009e bthport.sys (Bluetooth Bus DriverMicrosoft Corporation)
Device DriverBTHUSB Device0000009e bthport.sys (Bluetooth Bus DriverMicrosoft Corporation)

AttachedDevice Drivertdx DeviceTcp aswTdi.SYS (avast! TDI Filter DriverAVAST Software)
AttachedDevice Drivertdx DeviceUdp aswTdi.SYS (avast! TDI Filter DriverAVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLMSYSTEMCurrentControlSetServicesBTHPORTParametersKeys001e37e31189
Reg HKLMSYSTEMControlSet002ServicesBTHPORTParametersKeys001e37e31189 (not active ControlSet)

---- EOF - GMER 1.0.15 ----
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-01 12:18:32
-----------------------------
12:18:32.703 OS Version: Windows 6.0.6002 Service Pack 2
12:18:32.703 Number of processors: 2 586 0x6802
12:18:32.703 ComputerName: MELISSA-PC UserName: Melissa
12:18:33.888 Initialize success
12:18:34.044 AVAST engine defs: 12020100
12:18:37.866 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
12:18:37.882 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 8909 Size: 152627MB BusType: 3
12:18:37.882 Disk 0 MBR read successfully
12:18:37.898 Disk 0 MBR scan
12:18:37.898 Disk 0 unknown MBR code
12:18:37.898 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140576 MB offset 63
12:18:37.929 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12048 MB offset 287900865
12:18:37.960 Disk 0 scanning sectors +312576705
12:18:38.069 Disk 0 scanning C:\Windows\system32\drivers
12:18:58.006 Service scanning
12:19:00.377 Modules scanning
12:19:11.703 Disk 0 trace - called modules:
12:19:11.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:19:11.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868baac8]
12:19:11.781 3 CLASSPNP.SYS[8b3b18b3] -> nt!IofCallDriver -> [0x862ac838]
12:19:11.781 5 acpi.sys[806166bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8628e930]
12:19:12.701 AVAST engine scan C:\Windows
12:19:16.055 AVAST engine scan C:\Windows\system32
12:22:57.934 AVAST engine scan C:\Windows\system32\drivers
12:23:11.085 AVAST engine scan C:\Users\Melissa
12:33:26.224 Disk 0 MBR has been saved successfully to "C:\Users\Melissa\Desktop\MBR.dat"
12:33:26.240 The log file has been saved successfully to "C:\Users\Melissa\Desktop\aswMBR.txt"



The Bootkit Remover link does not open.
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: df1c10548966c4f16c540ebf80ffd180

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
ListParts by Farbar
Ran by Melissa on 01-02-2012 at 14:23:59
Windows Vista (X86)
Running From: C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE241L91
************************************************************

========================= Memory info ======================

Percentage of memory in use: 52%
Total physical RAM: 3006.18 MB
Available physical RAM: 1421.04 MB
Total Pagefile: 6218.84 MB
Available Pagefile: 4631.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.61 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:137.28 GB) (Free:37.31 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.77 GB) (Free:1.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 137 GB 32 KB
Partition 2 Primary 12 GB 137 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 137 GB Healthy System (partition with boot components)

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D HP_RECOVERY NTFS Partition 12 GB Healthy



****** End Of Log ******
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-02-01.01 - Melissa 02/01/2012 17:04:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1794 [GMT -6:00]
Running from: c:\users\Melissa\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Melissa\AppData\Local\{6936761F-89DA-4F34-91EA-2482592B582B}
c:\users\Melissa\AppData\Local\{6936761F-89DA-4F34-91EA-2482592B582B}\chrome.manifest
c:\users\Melissa\AppData\Local\{6936761F-89DA-4F34-91EA-2482592B582B}\chrome\content\_cfg.js
c:\users\Melissa\AppData\Local\{6936761F-89DA-4F34-91EA-2482592B582B}\chrome\content\overlay.xul
c:\users\Melissa\AppData\Local\{6936761F-89DA-4F34-91EA-2482592B582B}\install.rdf
c:\users\Melissa\Documents\~WRL0003.tmp
c:\users\Melissa\Documents\~WRL0004.tmp
c:\users\Melissa\Documents\~WRL0005.tmp
c:\users\Melissa\Documents\~WRL0022.tmp
c:\users\Melissa\Documents\~WRL0026.tmp
c:\users\Melissa\Documents\~WRL0335.tmp
c:\users\Melissa\Documents\~WRL0357.tmp
c:\users\Melissa\Documents\~WRL0401.tmp
c:\users\Melissa\Documents\~WRL0407.tmp
c:\users\Melissa\Documents\~WRL0690.tmp
c:\users\Melissa\Documents\~WRL0708.tmp
c:\users\Melissa\Documents\~WRL0770.tmp
c:\users\Melissa\Documents\~WRL0876.tmp
c:\users\Melissa\Documents\~WRL0913.tmp
c:\users\Melissa\Documents\~WRL0934.tmp
c:\users\Melissa\Documents\~WRL1065.tmp
c:\users\Melissa\Documents\~WRL1133.tmp
c:\users\Melissa\Documents\~WRL1291.tmp
c:\users\Melissa\Documents\~WRL1659.tmp
c:\users\Melissa\Documents\~WRL1948.tmp
c:\users\Melissa\Documents\~WRL1996.tmp
c:\users\Melissa\Documents\~WRL2037.tmp
c:\users\Melissa\Documents\~WRL2067.tmp
c:\users\Melissa\Documents\~WRL2084.tmp
c:\users\Melissa\Documents\~WRL2120.tmp
c:\users\Melissa\Documents\~WRL2245.tmp
c:\users\Melissa\Documents\~WRL2566.tmp
c:\users\Melissa\Documents\~WRL2616.tmp
c:\users\Melissa\Documents\~WRL2652.tmp
c:\users\Melissa\Documents\~WRL3044.tmp
c:\users\Melissa\Documents\~WRL3321.tmp
c:\users\Melissa\Documents\~WRL3576.tmp
c:\users\Melissa\Documents\~WRL3611.tmp
c:\users\Melissa\Documents\~WRL3695.tmp
c:\users\Melissa\Documents\~WRL3838.tmp
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 23:17 . 2012-02-01 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 20:13 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-31 20:13 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-31 20:13 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-31 20:13 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-31 20:13 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-31 20:13 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-31 20:12 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-31 20:12 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-31 20:12 . 2012-01-31 20:12 -------- d-----w- c:\programdata\AVAST Software
2012-01-31 20:12 . 2012-01-31 20:12 -------- d-----w- c:\program files\AVAST Software
2012-01-31 15:40 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA131242-F0E5-47AA-8B5F-0C3B9EA65CD1}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-25 02:46 . 2011-12-25 02:46 319488 ----a-w- c:\windows\HideWin.exe
2011-12-10 21:24 . 2009-05-10 04:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 12:08 . 2009-10-02 16:55 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-23 13:37 . 2011-12-14 23:56 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42 . 2011-12-14 23:55 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-16 24095528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"BSDAppUpdater"="c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe" [2010-07-10 1660744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-01 17:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-01 17:26:16
ComboFix-quarantined-files.txt 2012-02-01 23:26
.
Pre-Run: 39,808,454,656 bytes free
Post-Run: 41,375,862,784 bytes free
.
- - End Of File - - 91EC19E4D65094C43A879A2990A0A4A9
 
Looks good :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
 
OTL Extras logfile created on: 2/1/2012 6:06:16 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Melissa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 55.37% Memory free
6.07 Gb Paging File | 4.51 Gb Available in Paging File | 74.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.28 Gb Total Space | 38.57 Gb Free Space | 28.10% Space Free | Partition Type: NTFS
Drive D: | 11.77 Gb Total Space | 1.98 Gb Free Space | 16.87% Space Free | Partition Type: NTFS

Computer Name: MELISSA-PC | User Name: Melissa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0494DF61-0618-4DCA-BEAC-C29D9B55BB55}" = rport=139 | protocol=6 | dir=out | app=system |
"{15632CCA-EE2B-495B-A3D5-0ACE21FAD412}" = lport=139 | protocol=6 | dir=in | app=system |
"{26BD6189-BEFD-44DE-B972-35684306582A}" = rport=445 | protocol=6 | dir=out | app=system |
"{294B9A6C-2F62-4E52-8B80-589B8AC19C5D}" = lport=138 | protocol=17 | dir=in | app=system |
"{60162CE6-B4CC-47DC-8065-477BC2851B5B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8AE5B7E5-CC00-4C31-9B97-17B3043A899B}" = rport=138 | protocol=17 | dir=out | app=system |
"{AAEB95BB-6A9D-4DD0-82FD-F78853DEB058}" = lport=137 | protocol=17 | dir=in | app=system |
"{AE4902BB-44F1-4E40-807E-4A39FA87CEE1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA959CE0-102D-4510-8DE2-021AB91892A7}" = rport=137 | protocol=17 | dir=out | app=system |
"{F12E9D35-2570-4B1E-A3C8-30F08B0F76B1}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0429329E-0464-4D91-A359-809821A0E16F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{05D3FAA0-F2DC-432F-AA2B-6F565814D674}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{06D724F8-98EB-4408-A2B0-1C0684EB1857}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0B6A4A5C-D0DD-4A95-9EDE-346E527BA862}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{16AA263D-9033-4D93-95CA-B8B3A1529993}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1C350F1D-172C-40F3-BD72-B6657543F406}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F8DEA4D-D0CB-4118-9BBD-EA3ABC021BCE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2278293C-69FB-4261-A991-54C37417FE56}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2FFE2449-05F4-431E-B5AA-DAF630828DF1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3AF4F8A4-CCDD-4A39-A1FC-977548871D41}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{476E163A-6A8E-4D96-B809-0488A762A7B9}" = protocol=17 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"{49F159E8-ABFF-4E50-A796-1200C6B3ABE9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{557F9B14-C7F3-40A0-9DB1-CDC5DF23934B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{77403D5F-6275-4BF9-850C-91F062BD4BCB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7FE8FFDC-7BFF-438F-AC9C-4A352B1E1534}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{826055F1-8B70-4E86-960B-91DC614BA9D2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{88048842-D7AF-4730-92E2-1FD868B8468B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{895630BC-5B35-4063-AC0C-B918CCA175FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BB9BECF-E85F-40F9-BB87-22A181CB1D61}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{9B971ED8-7703-41C2-B4C2-10897BFF8856}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9EF89A66-9698-4353-959C-C3313B2EC120}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A6E135C6-1319-405B-B891-021EFA719359}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B576D741-6854-4188-9EEF-727EC31E27C1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C49E2BD8-C6C1-4C16-A336-E55A8BFA28F2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EBD79006-D140-4DD3-8BA5-44078780CFEE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F55BC89E-745A-4208-88C6-B6558614481F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{FC4133A9-1F3B-4B26-B9F1-6DF0530CEFC1}" = protocol=6 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"{FCE21A2C-A02C-4786-A723-919B1FD4DB2F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{0842E933-5A37-4489-BD2B-DB097C1D329B}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{18BD9C2F-7855-447E-8DFC-832B85533758}C:\users\melissa\appdata\local\temp\wzse0.tmp\symnrt.exe" = protocol=6 | dir=in | app=c:\users\melissa\appdata\local\temp\wzse0.tmp\symnrt.exe |
"TCP Query User{1D56FF81-6E3B-45B0-9354-D91FA5929709}C:\program files\ruckus player\ruckus.exe" = protocol=6 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"TCP Query User{A39C7D8D-257E-4664-A913-E405B9EF143A}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{B04C3B57-7998-4AA4-AFC7-A3EAD7611E76}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{E872CBCE-579D-4ED8-A9F5-10D827B8EC42}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{EF7D5011-4CF2-4B62-A7BF-C642BF573951}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{03FD7007-8F6E-42D0-BD1D-D6F9D18D2D2F}C:\users\melissa\appdata\local\temp\wzse0.tmp\symnrt.exe" = protocol=17 | dir=in | app=c:\users\melissa\appdata\local\temp\wzse0.tmp\symnrt.exe |
"UDP Query User{54B8B021-7E0D-4CBD-B848-CAF3635EEB6F}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{5970BB90-23BF-4E0B-B270-5361FD912E3B}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{BAE056FA-C2ED-40B5-8BEB-01263EBF140F}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{E27F5631-6E3A-4BA1-BB79-86DEA928EC36}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{F6B77A28-8F46-4038-8AD6-DB8B87354B43}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F955E5F9-86E8-4F92-B784-AF58EDB7F8EE}C:\program files\ruckus player\ruckus.exe" = protocol=17 | dir=in | app=c:\program files\ruckus player\ruckus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51A91-E7D3-11DB-A386-005056C00008}" = CHOIDY USB PC Camera
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{AA94D826-6C3A-4031-B074-43411E459E5B}" = DyKnow Tablet Runtime 5.2 SP1
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BDFFE800-65ED-4A30-99F3-D975C21E9651}" = Auf geht's! 1.7
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_6" = AIM 6
"avast" = avast! Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"LastFM_is1" = Last.fm 1.5.2.38918
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MediaWidget - Easy iPod Transfer_is1" = MediaWidget 6.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Ruckus Player" = Ruckus Player
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent hp Master Uninstall" = My HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2709816161-449407397-1528612323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/26/2011 4:24:31 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/26/2011 4:32:48 PM | Computer Name = Melissa-PC | Source = Application Error | ID = 1000
Description = Faulting application HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199,
faulting module HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199, exception
code 0xc0000005, fault offset 0x00002a3f, process id 0x83c, application start time
0x01ccac7a85bde0de.

Error - 11/27/2011 5:41:27 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/27/2011 5:54:43 PM | Computer Name = Melissa-PC | Source = Application Error | ID = 1000
Description = Faulting application HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199,
faulting module HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199, exception
code 0xc0000005, fault offset 0x00002a3f, process id 0xe40, application start time
0x01ccad4f275d7d22.

Error - 12/14/2011 7:47:12 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/14/2011 11:47:22 PM | Computer Name = Melissa-PC | Source = Application Error | ID = 1000
Description = Faulting application HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199,
faulting module HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199, exception
code 0xc0000005, fault offset 0x00002a3f, process id 0x118, application start time
0x01ccbadc3d422be0.

Error - 12/18/2011 12:12:33 AM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/18/2011 12:14:24 AM | Computer Name = Melissa-PC | Source = Application Error | ID = 1000
Description = Faulting application HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199,
faulting module HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199, exception
code 0xc0000005, fault offset 0x00002a3f, process id 0x378, application start time
0x01ccbd3b79cd6ca9.

Error - 12/23/2011 12:28:50 AM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/23/2011 12:31:16 AM | Computer Name = Melissa-PC | Source = Application Error | ID = 1000
Description = Faulting application HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199,
faulting module HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199, exception
code 0xc0000005, fault offset 0x00002a3f, process id 0xa40, application start time
0x01ccc12b89173166.

[ Media Center Events ]
Error - 12/14/2008 1:30:38 PM | Computer Name = Melissa-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 1/18/2009 12:17:39 PM | Computer Name = Melissa-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ OSession Events ]
Error - 8/25/2011 2:30:32 AM | Computer Name = Melissa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 92669
seconds with 900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/18/2008 3:36:01 PM | Computer Name = Melissa-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 10/18/2008 3:38:33 PM | Computer Name = Melissa-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 10/18/2008 3:40:52 PM | Computer Name = Melissa-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 10/18/2008 3:43:34 PM | Computer Name = Melissa-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 10/20/2008 9:31:15 PM | Computer Name = Melissa-PC | Source = DCOM | ID = 10016
Description =

Error - 10/20/2008 9:31:16 PM | Computer Name = Melissa-PC | Source = DCOM | ID = 10016
Description =

Error - 10/20/2008 9:31:17 PM | Computer Name = Melissa-PC | Source = DCOM | ID = 10016
Description =

Error - 10/20/2008 9:31:20 PM | Computer Name = Melissa-PC | Source = DCOM | ID = 10016
Description =

Error - 10/20/2008 9:35:45 PM | Computer Name = Melissa-PC | Source = DCOM | ID = 10016
Description =

Error - 10/20/2008 9:37:01 PM | Computer Name = Melissa-PC | Source = DCOM | ID = 10016
Description =


< End of report >
 
It's running pretty good. I had one "windows had a problem and needs to restart" episode and IE acted glitchy earlier. But it seems a lot faster. I was thinking there wasn't much wrong with this system but the length of the GMER report and the amount of stuff you suggested is making me think otherwise. I'm thinking your are going to say it was a mess. After this I'm going to have to look at the drivers too because there is no sound, but I'll get there.

Also, perhaps I need to find a way to teach my daughter to take care of her new laptop...
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back