Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cloaked malware worm help request


  • This topic is locked This topic is locked
20 replies to this topic

#1 ADmeister7

ADmeister7

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 11 May 2009 - 10:03 PM

Hey guys, thanks for taking the time to read this.

Update: upon the advice of a friend I ran Malwarebyte's Anti-Malware, which identified my problem as Vundo (Virtumonde?).

I am fairly under-knowledged when it comes to malware (not for long, after this) but am relatively certain that this is what I am dealing with. I have run several AV programs, with varying degrees of efficiency. Avast was the first to tell me about the problem, and promised to fix it right away, but upon rebooting, the problem was still there. I found out this means it's hiding in memory. I took a look at my startup programs in msconfig and found 3 objects under rundll32.exe with odd names (huvajolu.dll, yejimoya.dll, wumugaka.dll, for example) so naturally i unchecked them and rebooted, only to find they had been replaced by a new similarly named trio. Google led me to Prevx, which scanned for cloaked malware and found, to my chagrin, a bargain basement full of oddly titled .dll files. Groovy.

Symptoms: Browsers not working correctly, only able to use google, for example, after clicking stop once, then sending my query. Getting odd pop-ups constantly, whereas I've lived almost three years pop-up free prior to the first contact with this bugger. Rebooting causes Avast to find something fishy, tell me its malware, and suggest I do a boot clean, which I have done 3 times without making a dent.

First contact: Was watching an episode of Lost and Avast popped up and told me I had something going on. I did its recommended action (move to chest) and continued. Mere moments later I got another message with a different file name, and this continued until today. (began May 8th)

Thank you SO MUCH in advance for any help you might offer. I have read several posts that had these same wonky .dll files, and the posters were given impressive top notch advice and solutions, and so I have complete faith in you guys! :thumbup2:

-ADmeister7

My DDS log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by ADmeister7 at 22:31:32.26 on 11/05/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1105 [GMT -3:00]

AV: avast! antivirus 4.8.1335 [VPS 090511-0] *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Outdated)
FW: McAfee Personal Firewall Plus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\Documents and Settings\ADmeister7\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca
mDefault_Page_URL = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - c:\program files\harmony_hollow_software\tbHar1.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - c:\program files\harmony_hollow_software\tbHar1.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: {ced95c6b-8473-4dbc-acb3-2451711225e2} - c:\windows\system32\nonomaso.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - c:\program files\harmony_hollow_software\tbHar1.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LWBMOUSE] c:\program files\tech\wheel mouse\5.3\MOUSE32A.EXE
mRun: [WTClient] WTClient.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\McAgent.exe
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [AtiPTA] atiptaxx.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [yuvijinudo] Rundll32.exe "c:\windows\system32\huvajolu.dll",s
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [d0ef456e] rundll32.exe "c:\windows\system32\mowukiwe.dll",b
mRun: [CPMd3dc76f2] Rundll32.exe "c:\windows\system32\pasusowi.dll",a
StartupFolder: c:\docume~1\admeis~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\documents and settings\admeister7\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - c:\program files\partygaming\partygammon\RunBackGammon.exe
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\admeister7\start menu\programs\imvu\Run IMVU.lnk
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WBSrv - c:\progra~1\window~3\wbsrv.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll wbsys.dll c:\windows\system32\hurasivi.dll c:\windows\system32\wagopiva.dll c:\windows\system32\pasusowi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pasusowi.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\pasusowi.dll
LSA: Notification Packages = scecli c:\windows\system32\wagopiva.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admeis~1\applic~1\mozilla\firefox\profiles\ol8ajz0x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - plugin: c:\documents and settings\admeister7\application data\mozilla\firefox\profiles\ol8ajz0x.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\admeister7\application data\mozilla\firefox\profiles\ol8ajz0x.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-8 64160]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-5-11 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-5-11 27656]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-5-11 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-5-11 39184]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-3 114768]
R1 atitray;atitray;c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2009-3-10 17952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-3 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2006-9-3 138680]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-5-11 4368952]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2006-9-3 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2006-9-3 352920]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2007-6-7 18944]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-5-11 33040]
S2 gupdate1c9ad5eefc551e;Google Update Service (gupdate1c9ad5eefc551e);c:\program files\google\update\GoogleUpdate.exe [2009-3-25 133104]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-5-8 347648]
S3 adxapie;adxapie;\??\c:\docume~1\admeis~1\locals~1\temp\adxapie.sys --> c:\docume~1\admeis~1\locals~1\temp\adxapie.sys [?]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-8-14 114464]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2007-4-23 10752]
S4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-8-14 126976]
S4 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-8-14 221184]
S4 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-8-14 122368]
S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-8-14 245760]
S4 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-1-16 664840]
S4 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-1-16 894216]
S4 SoundtrackTurbineMessageService;Turbine Message Service - Soundtrack;c:\program files\turbine\turbine download manager - soundtrack\TurbineMessageService.exe [2008-6-10 249856]
S4 SoundtrackTurbineNetworkService;Turbine Network Service - Soundtrack;c:\program files\turbine\turbine download manager - soundtrack\TurbineNetworkService.exe [2008-6-10 212992]

=============== Created Last 30 ================

2009-05-11 22:11 1,424,643 ---sh--- c:\windows\system32\ewikuwom.ini
2009-05-11 21:49 27,656 a------- c:\windows\system32\drivers\pxsec.sys
2009-05-11 21:49 22,024 a------- c:\windows\system32\drivers\pxscan.sys
2009-05-11 21:49 <DIR> --d----- c:\program files\Prevx
2009-05-11 21:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-05-11 21:09 51,472 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-05-11 21:09 39,184 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-05-11 21:09 33,040 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-05-11 21:09 12,560 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-05-11 21:09 <DIR> --d----- c:\program files\ThreatFire
2009-05-11 21:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-05-11 10:10 1,424,652 ---sh--- c:\windows\system32\amalozig.ini
2009-05-10 22:10 1,424,643 ---sh--- c:\windows\system32\onejobay.ini
2009-05-10 10:10 1,424,643 ---sh--- c:\windows\system32\epagikit.ini
2009-05-09 22:10 1,424,643 ---sh--- c:\windows\system32\akagumuw.ini
2009-05-09 10:12 1,424,643 ---sh--- c:\windows\system32\ayomijey.ini
2009-05-08 21:18 1,424,661 ---sh--- c:\windows\system32\utadejir.ini
2009-05-08 14:59 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-08 13:43 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-08 13:37 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-08 09:19 1,424,661 ---sh--- c:\windows\system32\ipobayaf.ini
2009-05-07 18:27 0 a------- C:\fbjw.exe
2009-05-07 18:27 0 a------- C:\aqrts.exe
2009-05-07 18:26 104,444 a------- c:\windows\system32\drivers\30dc2dc9.sys
2009-05-07 18:26 71,680 a------- C:\kinkerc.exe
2009-05-07 18:25 2 a------- C:\-789625407

==================== Find3M ====================

2009-05-11 22:11 80,384 a--sh--- c:\windows\system32\mowukiwe.dll
2009-05-11 22:11 87,552 a--sh--- c:\windows\system32\pasusowi.dll
2009-05-11 10:10 87,552 a--sh--- c:\windows\system32\pigatedu.dll
2009-05-11 10:10 80,384 -------- c:\windows\system32\gizolama.dll
2009-05-10 22:10 87,552 a--sh--- c:\windows\system32\jemaluja.dll
2009-05-10 22:10 80,384 -------- c:\windows\system32\yabojeno.dll
2009-05-10 10:10 86,528 a--sh--- c:\windows\system32\befajuvi.dll
2009-05-10 10:10 80,384 -------- c:\windows\system32\tikigape.dll
2009-05-09 22:10 87,040 a--sh--- c:\windows\system32\koyovabi.dll
2009-05-09 22:10 79,872 -------- c:\windows\system32\wumugaka.dll
2009-05-09 10:12 86,528 a--sh--- c:\windows\system32\geligehu.dll
2009-05-09 10:12 78,848 a--sh--- c:\windows\system32\yejimoya.dll
2009-05-08 21:19 49,664 a--sh--- c:\windows\system32\dataheme.dll
2009-05-08 21:18 87,552 a--sh--- c:\windows\system32\bisevona.dll
2009-05-08 21:18 78,848 -------- c:\windows\system32\rijedatu.dll
2009-05-07 18:19 88,064 a--sh--- c:\windows\system32\bofetato.dll
2009-04-03 19:47 503,808 a------- c:\windows\Tranquil - Waterfalls.scr
2009-04-03 19:47 606,848 a------- c:\windows\flashax.exe
2009-04-03 19:47 12,288 a------- c:\windows\impborl.dll
2009-03-10 18:19 472,576 a------- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-03-05 23:46 94,144 ac------ c:\docume~1\admeis~1\applic~1\GDIPFONTCACHEV1.DAT
2008-11-10 20:18 56 -c-shr-- c:\windows\system32\AD696E9ADD.sys
2006-10-06 10:34 88 -c-shr-- c:\windows\system32\DD9A6E69AD.sys
2009-02-07 18:14 48,128 a--sh--- c:\windows\system32\fofajupa.dll.vir
2009-02-08 21:19 49,664 a--sh--- c:\windows\system32\huvajolu.dll
2008-11-10 20:18 5,642 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-08 21:19 49,664 a--sh--- c:\windows\system32\nonomaso.dll
2009-02-08 21:19 49,664 a--sh--- c:\windows\system32\wagopiva.dll

============= FINISH: 22:38:08.50 ===============

Edited by ADmeister7, 12 May 2009 - 12:33 PM.


BC AdBot (Login to Remove)

 


#2 ADmeister7

ADmeister7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 12 May 2009 - 07:51 AM

Update: Things have gotten worse today. For whatever reason, Firefox keeps crashing, along with most of my AV software. Yikes!!! Save meeeeee! ;p

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:01 AM

Posted 12 May 2009 - 05:42 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 ADmeister7

ADmeister7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 13 May 2009 - 09:30 AM

Thanks Sam!

Here is the latest. Prior to your response I ran Malwarebytes AM and it found 47 infected items, which I asked it to remove. Things started working very well from that point. That is, until the first blue screen of death in 3 years popped up. I got Windows Live OneCare watching over the comp as well. After the blue screen crash, I'd barely be in after relogging and would get a notification that the system would be shutting down in 1 minute. I ran windows in safe-mode after a few occurrences of this and rolled back to an earlier system restore point, rebooted, and OneCare found a few more Vundo files, and cleaned them. So far today things have been fairly stable, but I'm still on edge! Avast is continuing to find Rootkits, did just prior to running MBAM for this very report.

Here are the logs you requested:

Malwarebytes' Anti-Malware 1.36
Database version: 2116
Windows 5.1.2600 Service Pack 2

13/05/2009 11:28:04 AM
mbam-log-2009-05-13 (11-28-04).txt

Scan type: Quick Scan
Objects scanned: 90924
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTListIt:

OTListIt logfile created on: 13/05/2009 11:20:04 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\ADmeister7\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.90% Memory free
3.80 Gb Paging File | 3.11 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.32 Gb Total Space | 10.40 Gb Free Space | 9.69% Space Free | Partition Type: NTFS
Drive D: | 526.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADAMANDSARA
Current User Name: ADmeister7
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/02/16 01:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2005/12/28 13:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 13:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 14:04:56 | 00,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2009/02/05 17:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/05/08 13:42:57 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/02/05 17:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/25 12:26:18 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/02/04 09:56:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/04/06 16:57:54 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
PRC - [2009/03/22 10:59:34 | 00,024,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2005/12/28 13:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2009/03/03 12:19:40 | 00,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2007/05/31 10:38:48 | 00,053,248 | ---- | M] (Tablet Driver) -- C:\WINDOWS\System32\Drivers\WTSRV.EXE
PRC - [2009/03/22 11:00:16 | 01,131,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2006/02/16 01:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/02/05 17:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2004/08/04 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/08/04 07:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/02/05 17:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2007/06/13 07:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/04/29 10:15:48 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/04 09:56:54 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/12/28 13:55:40 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2005/12/28 13:56:16 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2006/03/08 13:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/04/11 22:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2005/12/09 22:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2009/02/05 17:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2002/05/24 09:54:02 | 00,357,376 | ---- | M] () -- C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
PRC - [2005/12/28 13:52:32 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/04/11 13:27:00 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe
PRC - [2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2005/10/21 12:42:42 | 00,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell AIO 810\dlcgmon.exe
PRC - [2005/09/22 18:29:08 | 00,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2002/08/21 06:13:12 | 00,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [2009/05/08 13:42:58 | 00,516,440 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/03/22 10:59:56 | 00,063,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2003/09/10 04:24:00 | 00,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netWaiting.exe
PRC - [2003/10/29 04:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2005/10/28 09:41:52 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcgcoms.exe
PRC - [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/08/04 07:00:00 | 00,104,960 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\system32\DfrgNtfs.exe
PRC - [2009/05/13 11:10:22 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADmeister7\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/09/07 23:21:03 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2004/02/25 10:04:16 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Disabled | Stopped])
SRV - [2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 17:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2006/02/16 01:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (ati hotkey poller [Auto | Running])
SRV - [2009/02/05 17:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 17:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 17:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/10/28 09:41:52 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcgcoms.exe -- (dlcg_device [On_Demand | Running])
SRV - [2005/12/28 13:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2009/03/25 12:26:18 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ad5eefc551e [Auto | Stopped])
SRV - [2009/03/25 12:24:31 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/04 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/02/04 09:56:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/05/08 13:42:57 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (lavasoft ad-aware service [Auto | Running])
SRV - [2005/10/13 19:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\program files\mcafee.com\agent\mcdetect.exe -- (McDetect.exe [Disabled | Stopped])
SRV - [2005/08/10 13:22:02 | 00,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield [Disabled | Stopped])
SRV - [2005/08/24 18:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe [Disabled | Stopped])
SRV - [2005/07/01 21:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe [Disabled | Stopped])
SRV - [2005/11/11 16:43:04 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService [Disabled | Stopped])
SRV - [2006/04/06 16:57:54 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2007/08/02 13:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc [Disabled | Stopped])
SRV - [2009/03/22 10:59:34 | 00,024,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (ochealthmon [Auto | Running])
SRV - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (onecaremp [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
SRV - [2008/01/16 10:52:44 | 00,664,840 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent [Disabled | Stopped])
SRV - [2008/01/16 10:52:48 | 00,894,216 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine [Disabled | Stopped])
SRV - [2005/12/28 13:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2005/12/28 13:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2008/06/06 13:54:08 | 00,249,856 | ---- | M] (Turbine, Inc.) -- C:\Program Files\Turbine\Turbine Download Manager - Soundtrack\TurbineMessageService.exe -- (SoundtrackTurbineMessageService [Disabled | Stopped])
SRV - [2008/06/06 13:54:08 | 00,212,992 | ---- | M] (Turbine, Inc.) -- C:\Program Files\Turbine\Turbine Download Manager - Soundtrack\TurbineNetworkService.exe -- (SoundtrackTurbineNetworkService [Disabled | Stopped])
SRV - [2005/04/01 22:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService [Auto | Stopped])
SRV - [2009/03/03 12:19:40 | 00,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe -- (threatfire [Auto | Running])
SRV - [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])
SRV - [2009/03/22 11:00:16 | 01,131,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss [Auto | Running])
SRV - [2007/05/31 10:38:48 | 00,053,248 | ---- | M] (Tablet Driver) -- C:\WINDOWS\System32\Drivers\WTSRV.EXE -- (WinTabService [Auto | Running])
SRV - [2005/12/28 14:04:56 | 00,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/05/08 20:10:44 | 00,347,648 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\DRIVERS\A5AGU.sys -- (A5AGU [On_Demand | Stopped])
DRV - [2009/02/05 17:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2006/08/14 00:02:57 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/04 01:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/08/12 19:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2009/02/05 17:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 17:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 17:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 17:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 17:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2006/02/16 01:39:00 | 01,421,312 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2006/10/28 17:07:37 | 00,271,360 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2005/08/05 11:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2008/01/09 22:00:04 | 00,068,624 | R--- | M] (Raxco Software, Inc.) -- C:\WINDOWS\system32\DRIVERS\DefragFS.sys -- (DefragFS [Auto | Running])
DRV - [2004/12/01 05:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/11/23 04:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/09/05 10:48:53 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
DRV - [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/08/12 19:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/07/21 22:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2005/07/21 22:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2009/05/08 13:43:30 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (lbd [Boot | Running])
DRV - [2006/10/28 17:07:36 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008/07/28 17:19:28 | 00,116,736 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])
DRV - [2004/03/16 22:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/05/15 16:15:16 | 00,053,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\MpFilter.sys -- (mpfilter [On_Demand | Running])
DRV - [2005/11/11 16:43:52 | 00,080,640 | ---- | M] (McAfee) -- C:\WINDOWS\System32\Drivers\MpFirewall.sys -- (MPFIREWL [System | Running])
DRV - [2002/09/09 16:19:06 | 00,130,309 | ---- | M] (DUCam Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA [On_Demand | Stopped])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2007/11/27 22:56:30 | 00,116,416 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys -- (msfwhlpr [System | Stopped])
DRV - [2005/08/10 13:22:10 | 00,114,464 | ---- | M] (McAfee Inc.) -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/02/13 11:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/06/07 14:16:28 | 00,018,944 | ---- | M] (PenTablet Driver) -- C:\WINDOWS\system32\DRIVERS\PTSimBus.sys -- (PTSimBus [On_Demand | Running])
DRV - [2007/04/23 12:28:56 | 00,010,752 | ---- | M] (PenTablet Driver) -- C:\WINDOWS\system32\DRIVERS\PTSimHid.sys -- (PTSimHid [On_Demand | Stopped])
DRV - [2008/02/13 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2005/10/14 10:40:18 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
DRV - [2005/10/14 10:40:18 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
DRV - [2005/10/14 10:40:18 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys -- (rismxdp [On_Demand | Running])
DRV - [2005/12/28 15:22:08 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2006/07/29 08:11:23 | 00,030,601 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 07:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/01/14 13:14:07 | 00,047,616 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2004/10/28 07:47:59 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004/12/03 07:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2004/08/04 01:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2006/08/25 16:23:23 | 00,643,072 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2004/07/14 13:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/07/14 13:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2006/03/24 18:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2006/03/08 13:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2007/04/23 12:28:56 | 00,017,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k [On_Demand | Stopped])
DRV - [2007/04/23 12:28:56 | 00,018,432 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\DRIVERS\TClass2k.sys -- (TClass2k [On_Demand | Stopped])
DRV - [2004/12/06 03:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/12/06 03:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/12/06 03:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/12/06 03:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/12/06 03:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/12/06 03:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/12/06 03:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/12/06 03:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/12/06 03:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2007/05/31 14:33:44 | 00,012,800 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\DRIVERS\UCTblHid.sys -- (UCTblHid [On_Demand | Stopped])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2006/08/25 16:42:46 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi [On_Demand | Running])
DRV - [2005/12/04 11:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Running])
DRV - [2003/01/10 18:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2005/07/21 22:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell.com/content/default.as...;l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell.com/content/default.as...;l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca


IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca
IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca
IE - HKU\.default\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca
IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca
IE - HKU\s-1-5-18\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\s-1-5-21-903114455-3535914177-3130307060-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca
IE - HKU\s-1-5-21-903114455-3535914177-3130307060-1006\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?P...pdate&O1=b1
IE - HKU\s-1-5-21-903114455-3535914177-3130307060-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\s-1-5-21-903114455-3535914177-3130307060-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\s-1-5-21-903114455-3535914177-3130307060-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\s-1-5-21-903114455-3535914177-3130307060-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig/dell?hl=en&cli...&channel=ca
IE - HKU\s-1-5-21-903114455-3535914177-3130307060-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\s-1-5-21-903114455-3535914177-3130307060-1006\s-1-5-21-903114455-3535914177-3130307060-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\s-1-5-21-903114455-3535914177-3130307060-1006\s-1-5-21-903114455-3535914177-3130307060-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.4.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07061050
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..extensions.enabledItems: {a81bafeb-b6ed-4501-aa17-15a2b3857e56}:3.0.3
FF - prefs.js..extensions.enabledItems: {d3d70bca-2d54-425e-b02c-b7e2f4b07688}:3.0.3
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20080809
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:2.0.0.46

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/04 09:56:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 10:15:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 10:15:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRA~1\MOZILLA THUNDERBIRD\COMPONENTS [2009/03/21 18:56:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRA~1\MOZILLA THUNDERBIRD\PLUGINS [2008/09/23 15:06:34 | 00,000,000 | ---D | M]

[2008/08/26 15:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADmeister7\Application Data\mozilla\Extensions
[2008/08/26 15:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADmeister7\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/13 11:15:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADmeister7\Application Data\mozilla\Firefox\Profiles\ol8ajz0x.default\extensions
[2008/09/26 12:59:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADmeister7\Application Data\mozilla\Firefox\Profiles\ol8ajz0x.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2007/12/09 21:43:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADmeister7\Application Data\mozilla\Firefox\Profiles\ol8ajz0x.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}
[2008/09/03 17:09:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADmeister7\Application Data\mozilla\Firefox\Profiles\ol8ajz0x.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2008/07/18 21:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADmeister7\Application Data\mozilla\Firefox\Profiles\ol8ajz0x.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2008/09/03 17:08:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADmeister7\Application Data\mozilla\Firefox\Profiles\ol8ajz0x.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
[2009/01/24 13:02:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADmeister7\Application Data\mozilla\Firefox\Profiles\ol8ajz0x.default\extensions\iaplayer@instantaction.com
[2008/01/08 00:26:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADmeister7\Application Data\mozilla\Firefox\Profiles\ol8ajz0x.default\extensions\moveplayer@movenetworks.com
[2008/08/27 16:42:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADmeister7\Application Data\mozilla\Firefox\Profiles\ol8ajz0x.default\extensions\nasanightlaunch@example.com
[2009/05/13 11:15:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 10:15:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/24 22:10:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/10/12 14:28:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/04 09:57:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/29 10:15:47 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 10:15:48 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/19 13:29:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/19 13:29:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/19 13:29:01 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/19 13:29:01 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/19 13:29:01 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/19 13:29:01 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/19 13:29:01 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Harmony Hollow Software Toolbar) - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\tbHar1.dll (Conduit Ltd.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Harmony Hollow Software Toolbar) - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\tbHar1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKU\s-1-5-21-903114455-3535914177-3130307060-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-21-903114455-3535914177-3130307060-1006\..\Toolbar\ShellBrowser: (no name) - {3806B089-6759-411D-B2C3-B7995A9F34D7} - C:\Program Files\Harmony_Hollow_Software\tbHar1.dll (Conduit Ltd.)
O3 - HKU\s-1-5-21-903114455-3535914177-3130307060-1006\..\Toolbar\WebBrowser: (no name) - {3806B089-6759-411D-B2C3-B7995A9F34D7} - C:\Program Files\Harmony_Hollow_Software\tbHar1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16 ()
O4 - HKLM..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe" (Dell)
O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE ()
O4 - HKLM..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WTClient] WTClient.exe (Tablet Driver)
O4 - HKU\s-1-5-21-903114455-3535914177-3130307060-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()
O4 - Startup: C:\Documents and Settings\ADmeister7\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-903114455-3535914177-3130307060-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ADmeister7\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - AppInit_DLLs: (c:\windows\system32\hurasivi.dll) - c:\windows\system32\hurasivi.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~1\WINDOW~3\wbsrv.dll - C:\Program Files\WindowBlinds\WbSrv.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/09/03 14:17:14 | 00,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{67017fd8-ad5a-11db-bcab-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{67017fd8-ad5a-11db-bcab-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67017fd8-ad5a-11db-bcab-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{97aba99e-4029-11dc-bda1-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{97aba99e-4029-11dc-bda1-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{97aba99e-4029-11dc-bda1-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- [2002/09/03 14:17:15 | 01,310,720 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\system32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[2100/02/24 14:15:04 | 00,000,821 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2100/02/16 16:09:06 | 00,000,062 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.INI
[2009/05/13 11:10:01 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ADmeister7\Desktop\OTListIt2.exe
[2009/05/12 18:05:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/05/12 18:03:33 | 21,458,45248 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/12 18:01:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/05/12 14:49:00 | 00,116,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\msfwhlpr.sys
[2009/05/12 14:47:43 | 00,053,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MpFilter.sys
[2009/05/12 14:46:47 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2009/05/12 14:46:47 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2009/05/12 14:46:47 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll
[2009/05/12 14:46:47 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/05/12 14:36:49 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2009/05/12 14:36:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/05/12 14:36:06 | 00,000,000 | ---D | C] -- C:\f637defa12b4482899e0c5c97f46e7
[2009/05/12 14:29:25 | 01,483,128 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ADmeister7\Desktop\SetupOneCare.exe
[2009/05/12 11:41:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ADmeister7\Application Data\Malwarebytes
[2009/05/12 11:40:48 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/12 11:40:48 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/12 11:40:44 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/12 11:40:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/12 11:40:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/11 23:35:15 | 00,052,736 | ---- | C] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA May 1-15 - Jean Ann Dewitt.doc
[2009/05/11 22:25:11 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\ADmeister7\Desktop\dds.scr
[2009/05/11 21:09:06 | 00,012,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys
[2009/05/11 21:09:04 | 00,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2009/05/11 21:09:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/05/10 17:42:01 | 00,053,248 | ---- | C] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA May 1-15 - Rebecca McGinn (final copy).doc
[2009/05/10 17:25:11 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA Revised Template.doc
[2009/05/09 02:46:34 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\ADmeister7\My Documents\turtle.xls
[2009/05/08 14:59:32 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/08 13:44:18 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/08 13:43:59 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/08 13:37:47 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/08 13:37:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/08 09:19:03 | 01,424,661 | -HS- | C] () -- C:\WINDOWS\System32\ipobayaf.ini
[2009/05/07 18:26:06 | 00,104,444 | ---- | C] () -- C:\WINDOWS\System32\drivers\30dc2dc9.sys
[2009/05/07 18:25:30 | 00,000,002 | ---- | C] () -- C:\-789625407
[2009/05/07 08:07:23 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA May 1-15 - Rebecca McGinn.doc
[2009/04/28 08:44:56 | 00,050,688 | ---- | C] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA Apr. 16-30 - Jean Ann Dewitt.doc
[2009/04/28 08:31:55 | 00,051,712 | ---- | C] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA Apr. 16-30 - Rebecca McGinn.doc
[2009/04/16 22:53:25 | 00,749,965 | ---- | C] () -- C:\Documents and Settings\ADmeister7\My Documents\midnightsun_partial_draft4.pdf
[2009/04/13 21:21:16 | 00,050,176 | ---- | C] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA Apr. 1-15 - Rebecca McGinn.doc
[2009/04/13 20:43:50 | 00,048,128 | ---- | C] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA Apr. 1-15 -Jean Ann Dewitt.doc
[2009/04/03 19:46:50 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/01/19 18:48:17 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/01/19 18:48:17 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/01/19 18:48:16 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/11/25 19:03:45 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/30 17:47:36 | 00,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2008/10/23 16:49:12 | 00,000,020 | ---- | C] () -- C:\WINDOWS\ACMonitor_X83.ini
[2008/10/21 09:28:13 | 00,000,241 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/10/13 22:00:14 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgusb1.dll
[2008/10/13 22:00:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcgvs.dll
[2008/10/13 22:00:13 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgserv.dll
[2008/10/13 22:00:13 | 00,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgpmui.dll
[2008/10/13 22:00:13 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgprox.dll
[2008/10/13 22:00:13 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgpplc.dll
[2008/10/13 22:00:12 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcomc.dll
[2008/10/13 22:00:12 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcomm.dll
[2008/10/13 22:00:11 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcglmpm.dll
[2008/10/13 22:00:11 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcgutil.dll
[2008/10/13 22:00:06 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcginsb.dll
[2008/10/13 22:00:06 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcgins.dll
[2008/10/13 22:00:06 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcgjswr.dll
[2008/10/13 22:00:06 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcginsr.dll
[2008/10/13 22:00:04 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcgcub.dll
[2008/10/13 22:00:04 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcgcu.dll
[2008/10/13 22:00:04 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcgcur.dll
[2008/10/13 22:00:01 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcgcfg.dll
[2008/03/24 11:47:10 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\mhxhyanr.dll
[2007/12/27 12:36:03 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2007/12/27 12:36:03 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2007/12/27 12:36:03 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2007/12/27 12:33:26 | 00,000,103 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/11/03 20:55:49 | 00,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/07 23:43:49 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2007/07/23 10:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/23 10:58:03 | 00,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2007/05/25 15:02:28 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\emfxp.dll
[2007/04/24 16:31:12 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2006/12/13 18:48:18 | 00,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2006/11/13 15:16:53 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2006/11/13 15:16:53 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/11/13 15:16:53 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/11/13 15:16:53 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006/11/12 01:12:34 | 03,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2006/11/12 01:12:34 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2006/10/30 15:41:00 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\AD696E9ADD.sys
[2006/10/28 17:07:37 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006/10/28 17:07:36 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2006/10/13 20:55:30 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\BCGPOleAcc.dll
[2006/10/12 18:07:17 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/10/12 18:07:16 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/06 10:34:14 | 00,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/06 10:34:14 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\DD9A6E69AD.sys
[2006/09/17 17:05:07 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/09/08 09:28:32 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/09/06 18:30:27 | 00,000,143 | ---- | C] () -- C:\WINDOWS\WB.ini
[2006/09/05 10:48:53 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/09/04 22:41:02 | 00,000,034 | ---- | C] () -- C:\WINDOWS\NPinfotl.INI
[2006/09/04 11:49:51 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2006/09/04 09:47:54 | 00,004,672 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.DLL
[2006/09/03 19:33:00 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/03 00:05:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/25 16:42:46 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2006/08/25 16:23:23 | 00,643,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/08/25 16:23:22 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd7245.sys
[2006/08/14 00:22:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/14 00:12:42 | 00,000,189 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/13 23:44:33 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/08/13 23:43:33 | 00,000,492 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/27 14:28:42 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/07/11 19:33:49 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2005/04/09 12:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 00,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 14:51:09 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 14:46:43 | 00,000,781 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/10/29 16:53:26 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\PcHook.DLL
[2002/04/10 13:11:04 | 00,000,194 | ---- | C] () -- C:\WINDOWS\X83_DS.ini
[2002/03/04 22:33:24 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\LXASBCE.DLL
[2001/03/05 14:07:22 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXASICO.DLL
[2001/01/05 13:34:30 | 00,016,812 | ---- | C] () -- C:\WINDOWS\System32\lxas2kpm.dll
[2001/01/05 12:08:02 | 00,008,427 | ---- | C] () -- C:\WINDOWS\System32\lxas2kui.dll
[2000/10/24 09:08:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 09:08:33 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1997/10/24 14:56:36 | 00,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

========== Files - Modified Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[12 C:\Documents and Settings\ADmeister7\My Documents\*.tmp files]
[2009/05/13 11:22:05 | 00,104,444 | ---- | M] () -- C:\WINDOWS\System32\drivers\30dc2dc9.sys
[2009/05/13 11:10:22 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADmeister7\Desktop\OTListIt2.exe
[2009/05/13 11:07:42 | 00,000,781 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/13 11:07:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/13 11:07:42 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/05/13 11:04:30 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/13 11:02:55 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/13 11:02:33 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\ADmeister7\Local Settings\desktop.ini
[2009/05/13 11:02:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/13 11:02:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 11:02:19 | 21,458,45248 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/12 22:44:33 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA May 1-15 - Rebecca McGinn (final copy).doc
[2009/05/12 22:29:21 | 00,052,736 | ---- | M] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA May 1-15 - Jean Ann Dewitt.doc
[2009/05/12 14:46:44 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/12 14:29:31 | 01,483,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ADmeister7\Desktop\SetupOneCare.exe
[2009/05/12 13:59:51 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\bogafeza
[2009/05/12 11:40:48 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/12 10:48:40 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\ADmeister7\My Documents\Daily Records Template CDBRA.doc
[2009/05/12 09:47:06 | 00,000,189 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/11 22:25:14 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\ADmeister7\Desktop\dds.scr
[2009/05/10 20:29:07 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/10 17:39:56 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA Revised Template.doc
[2009/05/10 17:24:32 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA Template.doc
[2009/05/09 02:46:35 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\ADmeister7\My Documents\turtle.xls
[2009/05/08 13:50:52 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/08 13:44:18 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/08 13:43:50 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/08 13:43:30 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/08 13:25:33 | 01,424,661 | -HS- | M] () -- C:\WINDOWS\System32\ipobayaf.ini
[2009/05/07 23:09:22 | 00,000,831 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2009/05/07 18:25:33 | 00,000,002 | ---- | M] () -- C:\-789625407
[2009/05/07 08:18:19 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA May 1-15 - Rebecca McGinn.doc
[2009/04/29 22:06:10 | 00,051,712 | ---- | M] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA Apr. 16-30 - Rebecca McGinn.doc
[2009/04/29 17:49:43 | 00,050,688 | ---- | M] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA Apr. 16-30 - Jean Ann Dewitt.doc
[2009/04/25 14:59:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/16 22:53:25 | 00,749,965 | ---- | M] () -- C:\Documents and Settings\ADmeister7\My Documents\midnightsun_partial_draft4.pdf
[2009/04/14 21:28:20 | 00,048,128 | ---- | M] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA Apr. 1-15 -Jean Ann Dewitt.doc
[2009/04/14 21:21:50 | 00,050,176 | ---- | M] () -- C:\Documents and Settings\ADmeister7\My Documents\Bi-Monthly Report CDBRA Apr. 1-15 - Rebecca McGinn.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17639624
@Alternate Data Stream - 512 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E342738F
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB365884
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B203B914
< End of report >

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:01 AM

Posted 13 May 2009 - 03:35 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
    O3 - HKU\s-1-5-21-903114455-3535914177-3130307060-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
    O20 - AppInit_DLLs: (c:\windows\system32\hurasivi.dll) - c:\windows\system32\hurasivi.dll File not found
    
    :Files
    C:\WINDOWS\System32\ipobayaf.ini
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

=============


Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 ADmeister7

ADmeister7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 14 May 2009 - 04:14 AM

========== OTLISTIT ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_USERS\s-1-5-21-903114455-3535914177-3130307060-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\hurasivi.dll deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\ipobayaf.ini moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_128.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_c40.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.7 log created on 05132009_214623

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_128.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_1d8.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_c40.dat moved successfully.

Registry entries deleted on Reboot...

#7 ADmeister7

ADmeister7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 14 May 2009 - 04:15 AM

The GMER report is MASSIVE, and I can't even post 1/2 in the forums due to size... is there any specific part you need to see, or do you need it all?
(show all remained unchecked.)

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:01 AM

Posted 14 May 2009 - 11:00 AM

Just post the first 100 lines or so and the last 100 lines or so. I've got a feeling the middle portion of the log will be useless to us.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 ADmeister7

ADmeister7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 14 May 2009 - 02:42 PM

Just got back from work and GMER got closed by my wife; running it again now and will post ASAP.

#10 ADmeister7

ADmeister7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 14 May 2009 - 06:30 PM

First 100 or so:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-14 20:27:57
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB032C6B8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\drivers\30dc2dc9.sys ZwCreateEvent [0xB93CF52D] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\drivers\30dc2dc9.sys ZwCreateKey [0xB93CD605] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB032CA52] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB032C14C] <-- ROOTKIT !!!
SSDT sptd.sys ZwEnumerateKey [0xB9EDBD48] <-- ROOTKIT !!!
SSDT sptd.sys ZwEnumerateValueKey [0xB9EDC0C0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\drivers\30dc2dc9.sys ZwOpenKey [0xB93CD6C5] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB032C08C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB032C0F0] <-- ROOTKIT !!!
SSDT sptd.sys ZwQueryKey [0xB9EDC18A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB032C76E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB032C72E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB032C8AE] <-- ROOTKIT !!!

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD7245.SYS The process cannot access the file because it is being used by another process.
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B8F2C4D0 16 Bytes [FF, D7, 07, 7C, 7E, 0A, 9E, ...]
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B8F2C4E1 15 Bytes [B0, F2, B8, F2, 3F, 47, 91, ...]
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 21 B8F2C4F1 14 Bytes [38, 3F, C6, CC, 93, A4, 6E, ...]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys The process cannot access the file because it is being used by another process.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B8ECA4F0 16 Bytes [F1, 4C, CA, D6, 8D, 83, 3F, ...] {INT1 ; DEC ESP; RETF 0x8dd6; CMP DWORD [EDI], 0x62; ARPL BX, DX; SBB ESP, [EDI+0x3e864a48]}
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B8ECA501 31 Bytes [90, EC, B8, F6, CB, E0, 13, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\drivers\30dc2dc9.sys The system cannot find the file specified.
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F550F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F640F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F400F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F430F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F760F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F460F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F340F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 5F280F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F550F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F640F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F400F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F430F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F760F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F460F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F340F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Dell\Media Experience\PCMService.exe[400] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[600] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[600] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[600] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[600] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\system32\Ati2evxx.exe[600] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[600] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[600] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[600] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 5F280F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F550F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F640F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F310F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F400F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F430F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F760F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F460F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F340F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F610F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F730F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 5F250F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[632] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\Explorer.EXE[664] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[664] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\Explorer.EXE[664] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[664] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\Explorer.EXE[664] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\Explorer.EXE[664] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\Explorer.EXE[664] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\Explorer.EXE[664] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\Explorer.EXE[664] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[664] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\Explorer.EXE[664] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\Explorer.EXE[664] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[664] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\Explorer.EXE[664] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\Explorer.EXE[664] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[664] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[664] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\Explorer.EXE[664] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\Explorer.EXE[664] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\Explorer.EXE[664] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\Explorer.EXE[664] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[664] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\Explorer.EXE[664] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[664] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\Explorer.EXE[664] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\Explorer.EXE[664] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [3E, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F490F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F520F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F550F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[844] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\winlogon.exe[988] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\winlogon.exe[988] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\winlogon.exe[988] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[988] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[988] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[988] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\winlogon.exe[988] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\winlogon.exe[988] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[988] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\winlogon.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\winlogon.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[988] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\winlogon.exe[988] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\winlogon.exe[988] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[988] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[988] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\services.exe[1036] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\services.exe[1036] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1036] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [7B, 5F] {JNP 0x61}
.text C:\WINDOWS\system32\services.exe[1036] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\services.exe[1036] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\services.exe[1036] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\services.exe[1036] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\services.exe[1036] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\services.exe[1036] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\services.exe[1036] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\services.exe[1036] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1036] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\system32\services.exe[1036] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[1036] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\services.exe[1036] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\services.exe[1036] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\lsass.exe[1072] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1072] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\system32\lsass.exe[1072] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\lsass.exe[1072] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\lsass.exe[1072] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\lsass.exe[1072] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\lsass.exe[1072] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\lsass.exe[1072] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1072] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[1072] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\lsass.exe[1072] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\lsass.exe[1072] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1264] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1280] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1280] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1344] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1344] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 5F280F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F550F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F640F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F400F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F430F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F760F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F460F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F340F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1384] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F7E0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [7C, 5F] {JL 0x61}
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1424] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\System32\svchost.exe[1424] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\System32\svchost.exe[1424] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\dlcgcoms.exe[1496] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 5F280F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F550F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [05, 5F]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!CreateThread 7C810637 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!CreateFileW 7C810760 6 Bytes JMP 5F640F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] kernel32.dll!CreateToolhelp32Snapshot 7C864B0F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] ADVAPI32.dll!RegOpenKeyExA 77DD761B 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] ADVAPI32.dll!OpenSCManagerA 77DEADA7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F400F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F430F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 5F760F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F460F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F340F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1516] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 5F280F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1612] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1612] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1612] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1612] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [38, 5F]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1612] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1612] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1612] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1612] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1612] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1612] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1612] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

#11 ADmeister7

ADmeister7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 14 May 2009 - 06:31 PM

Last 100 or so: (The very end had some red text)

66603EA3] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowPlacement] [66603F30] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MoveWindow] [66603F52] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [660319BF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [660318FF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [660319BF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [660319F4] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [66603E7C] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [660318FF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MoveWindow] [66603F52] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [660318FF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [660318FF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowLongA] [66603E7C] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[2872] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [660318FF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [660319BF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [660319F4] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [66603E7C] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [660318FF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [660319F4] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowPlacement] [66603F30] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MoveWindow] [66603F52] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [660319BF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [660318FF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MoveWindow] [66603F52] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\NetWaiting\netWaiting.exe[3040] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [660318FF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [66604121] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MoveWindow] [66603F52] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [660318FF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [660319F4] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowPlacement] [66603F30] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MoveWindow] [66603F52] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [660319BF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [66604121] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [660318FF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [660319BF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [660319F4] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [66603E7C] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [66604121] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [666040F4] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [660318FF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3144] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [660318FF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [660319F4] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowPlacement] [66603F30] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MoveWindow] [66603F52] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [660319BF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [660318FF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6603195C] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [660319BF] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [660319F4] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [66603E7C] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3408] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [66031905] C:\Program Files\WindowBlinds\wblind.dll (WindowBlinds/Stardock.Net, Inc)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 30dc2dc9.sys
Device \FileSystem\Ntfs \Ntfs 8A6814D0

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip 30dc2dc9.sys

Device \FileSystem\DefragFS \Device\RaxcoPerfectDisk 8A298988

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\aswTdi \Device\AswUdpFilter 30dc2dc9.sys

AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp 30dc2dc9.sys

Device \Driver\aswTdi \Device\ASWTDI 30dc2dc9.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A681C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A681C78
Device \Driver\Cdrom \Device\CdRom0 8A495430
Device \FileSystem\Rdbss \Device\FsWrap 8A1F4350
Device \Driver\Cdrom \Device\CdRom1 8A495430
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A681C78
Device \Driver\NetBT \Device\NetBT_Tcpip_{02653AC6-F8B1-4FE4-9798-8F2C36263EEE} 897B0900
Device \Driver\Cdrom \Device\CdRom2 8A495430
Device \Driver\Cdrom \Device\CdRom3 8A495430
Device \Driver\NetBT \Device\NetBt_Wins_Export 897B0900
Device \Driver\NetBT \Device\NetbiosSmb 897B0900
Device \Driver\aswTdi \Device\AswTcpFilter 30dc2dc9.sys
Device \Driver\00000117 \Device\0000005a sptd.sys
Device \Driver\00000117 \Device\0000005b sptd.sys
Device \Driver\mcdbus \Device\mcdbus sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp 30dc2dc9.sys

Device \Driver\Disk \Device\Harddisk0\DR0 8A681788

AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp 30dc2dc9.sys

Device \Driver\mcdbus \Device\0000007b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 897AE740
Device \FileSystem\MRxSmb \Device\LanmanRedirector 897AE740
Device \FileSystem\Npfs \Device\NamedPipe 8A209B30
Device \Driver\Ftdisk \Device\FtControl 8A681C78
Device \FileSystem\Msfs \Device\Mailslot 8A208EB0
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 8A44EB30
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port4Path0Target0Lun0 8A44EB30
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port4Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\dtscsi \Device\Scsi\dtscsi1 8A24D818
Device \Driver\dtscsi \Device\Scsi\dtscsi1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 8A24D818
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBT_Tcpip_{75B56866-2788-4BEF-82C2-643C5056A777} 897B0900
Device \FileSystem\Fastfat \Fat 885ABC10
Device \FileSystem\Fastfat \Fat AC79A1F9

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs 8A27CE30
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\drivers\30dc2dc9.sys (*** hidden *** ) [SYSTEM] 30dc2dc9 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\30dc2dc9@ImagePath \SystemRoot\System32\drivers\30dc2dc9.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\30dc2dc9@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\30dc2dc9@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\30dc2dc9@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\30dc2dc9@F96ZK6nPB YmluZGVyeXNlcnZpY2UubW9iaQ==
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 473219250
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -690518389
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 138550050
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x15 0x64 0x2A 0xB4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2C 0xC2 0x21 0x6D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x02 0x4D 0x70 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3E 0x20 0x8C 0x1F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xBC 0x5F 0x79 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4C 0x34 0x88 0x3D ...
Reg HKLM\SYSTEM\ControlSet003\Services\30dc2dc9@ImagePath \SystemRoot\System32\drivers\30dc2dc9.sys
Reg HKLM\SYSTEM\ControlSet003\Services\30dc2dc9@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\30dc2dc9@Start 1
Reg HKLM\SYSTEM\ControlSet003\Services\30dc2dc9@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\Services\30dc2dc9@F96ZK6nPB YmluZGVyeXNlcnZpY2UubW9iaQ==
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x15 0x64 0x2A 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2C 0xC2 0x21 0x6D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x02 0x4D 0x70 0x18 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3E 0x20 0x8C 0x1F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xBC 0x5F 0x79 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4C 0x34 0x88 0x3D ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x47 0xDF 0x5D 0x7D ...
Reg HKLM\SOFTWARE\Classes\CLSID\{d8c59e15-4c98-423a-8406-153d3c7ea2e6}@Model 10
Reg HKLM\SOFTWARE\Classes\CLSID\{d8c59e15-4c98-423a-8406-153d3c7ea2e6}@Therad 30
Reg HKLM\SOFTWARE\Classes\CLSID\{d8c59e15-4c98-423a-8406-153d3c7ea2e6}@MData 0x2B 0x8F 0x78 0x29 ...

---- EOF - GMER 1.0.15 ----

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:01 AM

Posted 15 May 2009 - 09:24 AM

That's perfect! :thumbup2:


Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Services
    30dc2dc9
    
    :Files
    C:\WINDOWS\System32\drivers\30dc2dc9.sys
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 ADmeister7

ADmeister7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 15 May 2009 - 02:03 PM

Here is the latest iteration of the OTListIT2 Log:

========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== SERVICES/DRIVERS ==========
Service\Driver 30dc2dc9 not found.
Service\Driver 30dc2dc9 not found.
========== FILES ==========
File move failed. C:\WINDOWS\System32\drivers\30dc2dc9.sys scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\ADmeister7\Local Settings\Temp\etilqs_XLAwO0nk1GtYqnPvjCUI scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6c4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_93c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_fc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.7 log created on 05152009_155605

Files moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\30dc2dc9.sys scheduled to be moved on reboot.
File C:\Documents and Settings\ADmeister7\Local Settings\Temp\etilqs_XLAwO0nk1GtYqnPvjCUI not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_6c4.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_93c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_fc.dat not found!

Registry entries deleted on Reboot...

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:01 AM

Posted 15 May 2009 - 03:01 PM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 ADmeister7

ADmeister7
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 16 May 2009 - 08:02 AM

Here is my ComboFix log!

ComboFix 09-05-15.06 - ADmeister7 16/05/2009 9:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1564 [GMT -3:00]
Running from: c:\documents and settings\ADmeister7\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090515-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\drivers\30dc2dc9.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_30dc2dc9


((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-14 00:46 . 2009-05-14 00:46 -------- d-----w C:\_OTListIt
2009-05-12 21:01 . 2009-05-12 21:01 -------- d-----w c:\windows\system32\bits
2009-05-12 17:49 . 2007-11-28 01:56 116416 ----a-w c:\windows\system32\drivers\msfwhlpr.sys
2009-05-12 17:47 . 2008-05-15 19:15 53168 ----a-w c:\windows\system32\drivers\MpFilter.sys
2009-05-12 17:46 . 2007-03-29 12:56 7168 ------w c:\windows\system32\dllcache\bitsprx4.dll
2009-05-12 17:46 . 2007-03-29 12:56 7168 ------w c:\windows\system32\bitsprx4.dll
2009-05-12 17:46 . 2007-03-29 12:56 18944 ------w c:\windows\system32\dllcache\qmgrprxy.dll
2009-05-12 17:46 . 2007-03-29 12:56 409600 ------w c:\windows\system32\dllcache\qmgr.dll
2009-05-12 17:36 . 2009-05-16 11:50 -------- d-----w c:\program files\Microsoft Windows OneCare Live
2009-05-12 17:36 . 2009-05-12 20:55 -------- d-----w C:\f637defa12b4482899e0c5c97f46e7
2009-05-12 14:41 . 2009-05-12 14:41 -------- d-----w c:\documents and settings\ADmeister7\Application Data\Malwarebytes
2009-05-12 14:40 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-12 14:40 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 14:40 . 2009-05-12 14:40 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-12 14:40 . 2009-05-12 20:56 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-12 00:09 . 2009-03-03 15:19 12560 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-05-12 00:09 . 2009-05-12 00:09 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-12 00:09 . 2009-05-12 20:56 -------- d-----w c:\program files\ThreatFire
2009-05-08 17:59 . 2009-05-08 16:43 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-08 16:43 . 2009-05-08 16:43 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-08 16:37 . 2009-05-08 16:37 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-08 16:37 . 2009-05-08 16:43 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 19:52 . 2006-09-03 19:49 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-13 00:06 . 2008-10-14 01:06 -------- d-----w c:\program files\Dl_cats
2009-05-08 16:37 . 2006-09-03 15:23 -------- d-----w c:\program files\Lavasoft
2009-05-05 18:32 . 2008-07-19 20:23 -------- d-----w c:\program files\Trillian
2009-04-04 13:37 . 2008-10-14 01:13 -------- d-----w c:\program files\Jasc Software Inc
2009-04-04 05:15 . 2009-04-04 05:15 -------- d-----w c:\program files\Astro Gemini Software
2009-04-04 05:15 . 2009-04-04 05:15 -------- d-----w c:\program files\Space Tunnels 3D Screensaver
2009-04-04 05:12 . 2009-04-04 05:12 -------- d-----w c:\program files\3Planesoft Screensaver Manager
2009-04-04 05:11 . 2009-04-04 05:11 -------- d-----w c:\program files\Deep Space 3D Screensaver
2009-04-03 22:47 . 2009-04-03 22:47 503808 ----a-w c:\windows\Tranquil - Waterfalls.scr
2009-04-03 22:47 . 2009-04-03 22:46 606848 ----a-w c:\windows\flashax.exe
2009-04-03 22:47 . 2009-04-03 22:46 12288 ----a-w c:\windows\impborl.dll
2009-03-25 15:26 . 2006-08-14 03:16 -------- d-----w c:\program files\Google
2009-03-10 21:19 . 2009-03-10 21:19 472576 ----a-w c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-03-09 23:49 . 2007-03-26 21:57 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-06 02:46 . 2006-11-15 17:03 94144 -c--a-w c:\documents and settings\ADmeister7\Application Data\GDIPFONTCACHEV1.DAT
2006-05-06 16:42 . 2006-09-06 23:17 7260160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
2008-11-10 23:18 . 2006-10-30 18:41 56 -csh--r c:\windows\system32\AD696E9ADD.sys
2006-10-06 13:34 . 2006-10-06 13:34 88 -csh--r c:\windows\system32\DD9A6E69AD.sys
2008-11-10 23:18 . 2006-10-06 13:34 5642 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3806b089-6759-411d-b2c3-b7995a9f34d7}"= "c:\program files\Harmony_Hollow_Software\tbHar1.dll" [2008-04-07 1470488]

[HKEY_CLASSES_ROOT\clsid\{3806b089-6759-411d-b2c3-b7995a9f34d7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3806b089-6759-411d-b2c3-b7995a9f34d7}]
2008-04-07 23:23 1470488 ----a-w c:\program files\Harmony_Hollow_Software\tbHar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3806b089-6759-411d-b2c3-b7995a9f34d7}"= "c:\program files\Harmony_Hollow_Software\tbHar1.dll" [2008-04-07 1470488]

[HKEY_CLASSES_ROOT\clsid\{3806b089-6759-411d-b2c3-b7995a9f34d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3806B089-6759-411D-B2C3-B7995A9F34D7}"= "c:\program files\Harmony_Hollow_Software\tbHar1.dll" [2008-04-07 1470488]

[HKEY_CLASSES_ROOT\clsid\{3806b089-6759-411d-b2c3-b7995a9f34d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-04 136600]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-06-27 36864]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LWBMOUSE"="c:\program files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE" [2002-05-24 357376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-08 516440]
"WTClient"="WTClient.exe" - c:\windows\system32\WTClient.exe [2007-04-11 40960]

c:\documents and settings\ADmeister7\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-14 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-07 00:16 176128 ----a-w c:\progra~1\WINDOW~3\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\onecaremp]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^ADmeister7^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\ADmeister7\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Macro Express 3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Macro Express 3.lnk
backup=c:\windows\pss\Macro Express 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SoundtrackTurbineNetworkService"=3 (0x3)
"SoundtrackTurbineMessageService"=2 (0x2)
"MpfService"=2 (0x2)
"mnmsrvc"=3 (0x3)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"Fax"=2 (0x2)
"ERSvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AOL ACS"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"PD91Engine"=3 (0x3)
"PD91Agent"=2 (0x2)
"ose"=3 (0x3)
"npkcmsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"threatfire"=2 (0x2)
"SharedAccess"=2 (0x2)
"ochealthmon"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1c9ad5eefc551e"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager - Soundtrack\\TurbineNetworkService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager - Soundtrack\\TurbineMessageService.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe"=

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [08/05/2009 1:43 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/06/2008 7:12 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/06/2008 7:12 PM 20560]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 4:06 PM 953168]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [07/06/2007 2:16 PM 18944]
S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [08/05/2006 8:10 PM 347648]
S3 adxapie;adxapie;\??\c:\docume~1\ADMEIS~1\LOCALS~1\Temp\adxapie.sys --> c:\docume~1\ADMEIS~1\LOCALS~1\Temp\adxapie.sys [?]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [23/04/2007 12:28 PM 10752]
S4 gupdate1c9ad5eefc551e;Google Update Service (gupdate1c9ad5eefc551e);c:\program files\Google\Update\GoogleUpdate.exe [25/03/2009 12:26 PM 133104]
S4 ochealthmon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [22/03/2009 10:59 AM 24936]
S4 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [16/01/2008 10:52 AM 664840]
S4 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [16/01/2008 10:52 AM 894216]
S4 SoundtrackTurbineMessageService;Turbine Message Service - Soundtrack;c:\program files\Turbine\Turbine Download Manager - Soundtrack\TurbineMessageService.exe [10/06/2008 7:21 PM 249856]
S4 SoundtrackTurbineNetworkService;Turbine Network Service - Soundtrack;c:\program files\Turbine\Turbine Download Manager - Soundtrack\TurbineNetworkService.exe [10/06/2008 7:21 PM 212992]
S4 threatfire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 16:43]

2009-05-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 15:24]

2009-05-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 15:26]

2008-06-17 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (ADAMANDSARA-ADmeister7).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2006-08-14 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca
mStart Page = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\ADmeister7\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\ADmeister7\Application Data\Mozilla\Firefox\Profiles\ol8ajz0x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - plugin: c:\documents and settings\ADmeister7\Application Data\Mozilla\Firefox\Profiles\ol8ajz0x.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\ADmeister7\Application Data\Mozilla\Firefox\Profiles\ol8ajz0x.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPinfotl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 09:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-903114455-3535914177-3130307060-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):47,df,5d,7d,3b,48,dd,1b,f6,43,bf,3e,57,03,c1,d9,0b,99,ba,26,7d,
bc,6a,dc,f3,88,eb,59,40,25,da,2a,a6,0e,4e,10,b2,97,92,b1,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d8c59e15-4c98-423a-8406-153d3c7ea2e6}]
@Denied: (Full) (Everyone)
"Model"=dword:0000000a
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,29,53,01,52,53,ee,8c,54,b5,66,4a,d0,23,02,d0,61,d7,63,05,2a,87,9b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
c:\progra~1\WINDOW~3\wbsrv.dll

- - - - - - - > 'explorer.exe'(3860)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\program files\WindowBlinds\tray.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Tech\Wheel Mouse\5.3\MOUDL32A.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\drivers\WTSrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\WISPTIS.EXE
c:\windows\system32\dlcgcoms.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-16 9:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-16 12:53

Pre-Run: 12,684,275,712 bytes free
Post-Run: 12,594,679,808 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

306 --- E O F --- 2009-04-03 23:34




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users