Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus/ Hijackthis log


  • This topic is locked This topic is locked
15 replies to this topic

#1 djost

djost

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 30 June 2010 - 04:57 PM

Hey all, looking for some help. I have run Spybot, adaware and malwarebytes. below is my Highjackthis log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:45:49 PM, on 6/30/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\Users\Amy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: callingid - {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

--
End of file - 8737 bytes

EDIT: Moved from Am I Infected to Malware Removal Logs ~ Hamluis.

Edited by hamluis, 30 June 2010 - 08:06 PM.


BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:31 PM

Posted 04 July 2010 - 01:39 PM

Hi djost,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

STEP 1 - Preparation Guide

Please follow the instructions in the Preparation Guide until you have reached step 6. You may stop once you have finished step 6 and continue with the instructions here.

STEP 2 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 4 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 5 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 djost

djost
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 05 July 2010 - 07:16 PM

Hey mpascal, I appreciated the help. below are all the requested logs. I am having trouble posting so I am posting each one separately.

mbabm:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4281

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/5/2010 6:32:24 PM
mbam-log-2010-07-05 (18-32-24).txt

Scan type: Quick scan
Objects scanned: 130505
Time elapsed: 10 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





#4 djost

djost
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 05 July 2010 - 07:23 PM

GMER log:(Part 1)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-05 18:51:21
Windows 6.1.7600
Running: bzl9ymql.exe; Driver: C:\Users\Amy\AppData\Local\Temp\kwrdrpow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C27AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C27104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C273F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0F634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0F898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C271DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C27958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C276F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C27F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C281A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C875C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAC052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x83B76000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x83BBB000, 0x3DC, 0x48000040]
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E040000, 0x2D5526, 0xE8000020]
.text peauth.sys 9C8E5C9E 27 Bytes [B1, 57, B0, 20, 42, 6A, FE, ...]
.text peauth.sys 9C8E5CC2 27 Bytes [B1, 57, B0, 20, 42, 6A, FE, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\wininit.exe[480] kernel32.dll!CreateProcessW 75A1202D 5 Bytes JMP 5FF386B0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wininit.exe[480] kernel32.dll!CreateProcessA 75A12062 5 Bytes JMP 5FF38594 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wininit.exe[480] kernel32.dll!LoadLibraryExW 75A5B6BF 5 Bytes JMP 5FF38008 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wininit.exe[480] kernel32.dll!GetProcAddress 75A61857 5 Bytes JMP 5FF38124 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wininit.exe[480] kernel32.dll!FreeLibrary 75A61A09 5 Bytes JMP 5FF3835C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wininit.exe[480] kernel32.dll!ExitProcess 75A62AEF 5 Bytes JMP 5FF38240 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wininit.exe[480] ADVAPI32.dll!CreateProcessAsUserW 757BBBDB 5 Bytes JMP 5FF388E8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wininit.exe[480] ADVAPI32.dll!CreateProcessAsUserA 757F14FD 5 Bytes JMP 5FF38A04 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wininit.exe[480] ADVAPI32.dll!CreateProcessWithLogonW 757F42A1 5 Bytes JMP 5FF387CC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\lsm.exe[544] kernel32.dll!CreateProcessW + 2 75A1202F 8 Bytes JMP 5FF386AF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\lsm.exe[544] kernel32.dll!CreateProcessA + 2 75A12064 8 Bytes JMP 5FF38593 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\lsm.exe[544] kernel32.dll!LoadLibraryExW + 2 75A5B6C1 9 Bytes JMP 5FF38007 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\lsm.exe[544] kernel32.dll!GetProcAddress 75A61857 5 Bytes JMP 5FF38124 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\lsm.exe[544] kernel32.dll!FreeLibrary 75A61A09 5 Bytes JMP 5FF3835C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\lsm.exe[544] kernel32.dll!ExitProcess + 1 75A62AF0 11 Bytes JMP 5FF3823E C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\lsm.exe[544] ADVAPI32.dll!CreateProcessAsUserW 757BBBDB 5 Bytes JMP 5FF388E8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\lsm.exe[544] ADVAPI32.dll!CreateProcessAsUserA + 2 757F14FF 8 Bytes JMP 5FF38A03 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\lsm.exe[544] ADVAPI32.dll!CreateProcessWithLogonW + 2 757F42A3 6 Bytes JMP 5FF387CB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\atiesrxx.exe[812] kernel32.dll!CreateProcessW 75A1202D 5 Bytes JMP 5FF386B0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\atiesrxx.exe[812] kernel32.dll!CreateProcessA 75A12062 5 Bytes JMP 5FF38594 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\atiesrxx.exe[812] kernel32.dll!LoadLibraryExW 75A5B6BF 5 Bytes JMP 5FF38008 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\atiesrxx.exe[812] kernel32.dll!GetProcAddress 75A61857 5 Bytes JMP 5FF38124 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\atiesrxx.exe[812] kernel32.dll!FreeLibrary 75A61A09 5 Bytes JMP 5FF3835C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\atiesrxx.exe[812] kernel32.dll!ExitProcess 75A62AEF 5 Bytes JMP 5FF38240 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\atiesrxx.exe[812] ADVAPI32.dll!CreateProcessAsUserW 757BBBDB 5 Bytes JMP 5FF388E8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\atiesrxx.exe[812] ADVAPI32.dll!CreateProcessAsUserA 757F14FD 5 Bytes JMP 5FF38A04 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\atiesrxx.exe[812] ADVAPI32.dll!CreateProcessWithLogonW 757F42A1 5 Bytes JMP 5FF387CC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\svchost.exe[1016] ntdll.dll!NtProtectVirtualMemory 76F85360 5 Bytes JMP 0015000A
.text C:\windows\system32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory 76F85EE0 5 Bytes JMP 0016000A
.text C:\windows\system32\svchost.exe[1016] ntdll.dll!KiUserExceptionDispatcher 76F86448 5 Bytes JMP 0013000A
.text C:\windows\system32\svchost.exe[1016] ole32.dll!CoCreateInstance 759057FC 5 Bytes JMP 00BC000A
.text C:\windows\system32\svchost.exe[1016] USER32.dll!GetCursorPos 75C0C198 5 Bytes JMP 00B9000A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!CreateProcessW + 2 75A1202F 5 Bytes JMP 5FF386B0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!CreateProcessA + 2 75A12064 5 Bytes JMP 5FF38594 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!VirtualAllocEx 75A4B42C 5 Bytes JMP 5FF3D110 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!TerminateProcess + 2 75A5509D 9 Bytes JMP 5FF38D5C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!VirtualProtect + 2 75A550AD 9 Bytes JMP 5FF3D348 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!LoadLibraryExW + 2 75A5B6C1 9 Bytes JMP 5FF38008 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!OpenThread 75A60DAF 5 Bytes JMP 5FF3D8D4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!GetProcAddress 75A61857 5 Bytes JMP 5FF38124 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!FreeLibrary 75A61A09 5 Bytes JMP 5FF3835C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!ExitProcess + 1 75A62AF0 6 Bytes JMP 5FF3823F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!TerminateThread 75A62E05 5 Bytes JMP 5FF38E78 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!WriteProcessMemory + 2 75A785C3 9 Bytes JMP 5FF3CED8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!DebugActiveProcess + 2 75A961CE 8 Bytes JMP 5FF3D9F0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!CreateRemoteThread + 2 75A9F4DD 6 Bytes JMP 5FF3CFF4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] KERNEL32.dll!VirtualProtectEx + 2 75A9F72B 9 Bytes JMP 5FF3D22C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!EnumDependentServicesW 757B1EC8 7 Bytes JMP 5FF3B9BE C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!SetFileSecurityW 757B6A31 5 Bytes JMP 5FF3C714 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!QueryServiceStatusEx 757B8632 5 Bytes JMP 5FF3B1FC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!StartServiceW 757B8A9B 5 Bytes JMP 5FF3AFC4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!SetSecurityInfo + 2 757B9964 6 Bytes JMP 5FF3CA68 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!SetNamedSecurityInfoW + 2 757B9A67 6 Bytes JMP 5FF3CCA0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!CreateProcessAsUserW 757BBBDB 5 Bytes JMP 5FF388E8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!EnumServicesStatusExW 757BBC43 7 Bytes JMP 5FF3C29E C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!OpenSCManagerW 757BD1F5 5 Bytes JMP 5FF3A800 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!OpenServiceW 757BD20D 5 Bytes JMP 5FF3AC70 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!QueryServiceConfigW 757BD225 5 Bytes JMP 5FF3B550 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!QueryServiceStatus 757C3A84 5 Bytes JMP 5FF3B0E0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!OpenServiceA 757C3B15 5 Bytes JMP 5FF3AB54 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!OpenSCManagerA 757C3B2D 5 Bytes JMP 5FF3A6E4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!AdjustTokenPrivileges 757CB656 5 Bytes JMP 5FF3C4DC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!SetKernelObjectSecurity 757CBBD2 5 Bytes JMP 5FF3C830 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!CreateServiceW 757DDBC1 5 Bytes JMP 5FF3AA38 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!ControlService 757DDC74 5 Bytes JMP 5FF3B318 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!DeleteService 757DDC8C 5 Bytes JMP 5FF3AD8C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!QueryServiceConfigA 757DF1FF 5 Bytes JMP 5FF3B434 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!StartServiceA 757DF217 5 Bytes JMP 5FF3AEA8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!EnumServicesStatusExA 757DF7BE 7 Bytes JMP 5FF3C182 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!CreateProcessAsUserA + 2 757F14FF 5 Bytes JMP 5FF38A04 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A + 2 757F2092 9 Bytes JMP 5FF3BD14 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W + 2 757F20A2 9 Bytes JMP 5FF3BE30 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!ChangeServiceConfigA + 2 757F20B2 9 Bytes JMP 5FF3BADC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!ChangeServiceConfigW + 2 757F20C2 9 Bytes JMP 5FF3BBF8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!CreateServiceA + 2 757F2122 9 Bytes JMP 5FF3A91C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!QueryServiceConfig2A + 2 757F23B3 9 Bytes JMP 5FF3B66C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!QueryServiceConfig2W + 2 757F23C3 9 Bytes JMP 5FF3B788 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity + 2 757F24FD 9 Bytes JMP 5FF3C94C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!CreateProcessWithLogonW + 2 757F42A3 6 Bytes JMP 5FF387CC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!InitiateSystemShutdownW + 2 7580C15F 6 Bytes JMP 5FF3DD48 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!InitiateSystemShutdownExW + 2 7580C22C 6 Bytes JMP 5FF3DF80 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!AbortSystemShutdownW + 2 7580C452 7 Bytes JMP 5FF3E1B8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!EnumServicesStatusA 75810709 7 Bytes JMP 5FF3BF4A C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!EnumDependentServicesA 758107EC 7 Bytes JMP 5FF3B8A2 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ADVAPI32.dll!EnumServicesStatusW + 2 7581090B 5 Bytes JMP 5FF3C068 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ole32.dll!CoGetClassObject + 2 758EA2D6 8 Bytes JMP 5FF36448 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ole32.dll!CoInitializeEx + 2 758F0806 5 Bytes JMP 5FF360F4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ole32.dll!CoCreateInstance + 2 759057FE 6 Bytes JMP 5FF36210 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ole32.dll!CoCreateInstanceEx + 2 75905841 7 Bytes JMP 5FF3632C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ole32.dll!CoGetInstanceFromFile + 2 759711FB 8 Bytes JMP 5FF36564 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] ole32.dll!CoGetInstanceFromIStorage + 2 75990865 8 Bytes JMP 5FF36680 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!BroadcastSystemMessageExW + 2 75C025B2 5 Bytes JMP 5FF3A38C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SetUserObjectSecurity + 2 75C039C9 6 Bytes JMP 5FF3CDBC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!BroadcastSystemMessageW + 2 75C08058 5 Bytes JMP 5FF3A154 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!PostThreadMessageA + 2 75C0CBD3 5 Bytes JMP 5FF39520 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!PostThreadMessageA + 8 75C0CBD9 2 Bytes JMP F6909090
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SendMessageA + 2 75C0CC2A 7 Bytes JMP 5FF390B0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!PostMessageA + 2 75C0D658 1 Byte [E9]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!PostMessageA + 2 75C0D658 5 Bytes JMP 5FF392E8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SendNotifyMessageW + 2 75C0EB67 6 Bytes JMP 5FF39CE4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!PostThreadMessageW + 2 75C0ECE0 6 Bytes JMP 5FF3963C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SetWindowsHookExW + 2 75C1210C 5 Bytes JMP 5FF3D580 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SendMessageTimeoutW + 2 75C13140 5 Bytes JMP 5FF39AAC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SendMessageCallbackW + 2 75C14DFE 5 Bytes JMP 5FF39874 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!PostMessageW + 2 75C16227 7 Bytes JMP 5FF39404 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SendMessageW + 2 75C1764E 7 Bytes JMP 5FF391CC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SendNotifyMessageA + 2 75C267B6 6 Bytes JMP 5FF39BC8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SendDlgItemMessageA + 2 75C2914F 7 Bytes JMP 5FF39E00 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SendDlgItemMessageW + 2 75C34D00 7 Bytes JMP 5FF39F1C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!OpenClipboard + 2 75C35BBB 7 Bytes JMP 5FF368BC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SetWindowsHookExA + 2 75C36DFC 5 Bytes JMP 5FF3D464 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SendMessageTimeoutA + 2 75C36E99 5 Bytes JMP 5FF39990 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SetWindowsHookA + 2 75C4B66B 5 Bytes JMP 5FF3D69C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SetWindowsHookW + 2 75C4B686 5 Bytes JMP 5FF3D7B8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!EndTask + 2 75C4FD90 6 Bytes JMP 5FF38F94 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!ExitWindowsEx + 2 75C506F1 6 Bytes JMP 5FF3E2D4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!BroadcastSystemMessageExA + 2 75C63B85 5 Bytes JMP 5FF3A270 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!BroadcastSystemMessage + 2 75C63BAC 5 Bytes JMP 5FF3A038 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] USER32.dll!SendMessageCallbackA + 2 75C63EED 5 Bytes JMP 5FF39758 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] shell32.dll!SHCreateProcessAsUserW 75F191C8 8 Bytes JMP 5FF38B1D C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!CreateProcessW 75A1202D 5 Bytes JMP 5FF386B0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!CreateProcessA 75A12062 5 Bytes JMP 5FF38594 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!VirtualAllocEx 75A4B42C 5 Bytes JMP 5FF3D110 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!TerminateProcess 75A5509B 5 Bytes JMP 5FF38D5C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!VirtualProtect 75A550AB 5 Bytes JMP 5FF3D348 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!LoadLibraryExW 75A5B6BF 5 Bytes JMP 5FF38008 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!OpenThread 75A60DAF 5 Bytes JMP 5FF3D8D4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!GetProcAddress 75A61857 5 Bytes JMP 5FF38124 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!FreeLibrary 75A61A09 5 Bytes JMP 5FF3835C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!ExitProcess 75A62AEF 5 Bytes JMP 5FF38240 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!TerminateThread 75A62E05 5 Bytes JMP 5FF38E78 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!WriteProcessMemory 75A785C1 5 Bytes JMP 5FF3CED8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!DebugActiveProcess 75A961CC 5 Bytes JMP 5FF3D9F0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!CreateRemoteThread 75A9F4DB 5 Bytes JMP 5FF3CFF4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] kernel32.dll!VirtualProtectEx 75A9F729 5 Bytes JMP 5FF3D22C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!BroadcastSystemMessageExW 75C025B0 5 Bytes JMP 5FF3A38C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SetUserObjectSecurity 75C039C7 5 Bytes JMP 5FF3CDBC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!BroadcastSystemMessageW 75C08056 5 Bytes JMP 5FF3A154 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!PostThreadMessageA 75C0CBD1 5 Bytes JMP 5FF39520 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SendMessageA 75C0CC28 5 Bytes JMP 5FF390B0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!PostMessageA 75C0D656 5 Bytes JMP 5FF392E8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SendNotifyMessageW 75C0EB65 5 Bytes JMP 5FF39CE4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!PostThreadMessageW 75C0ECDE 5 Bytes JMP 5FF3963C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SetWindowsHookExW 75C1210A 5 Bytes JMP 5FF3D580 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SendMessageTimeoutW 75C1313E 5 Bytes JMP 5FF39AAC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SendMessageCallbackW 75C14DFC 5 Bytes JMP 5FF39874 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!PostMessageW 75C16225 5 Bytes JMP 5FF39404 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SendMessageW 75C1764C 5 Bytes JMP 5FF391CC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SendNotifyMessageA 75C267B4 5 Bytes JMP 5FF39BC8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SendDlgItemMessageA 75C2914D 5 Bytes JMP 5FF39E00 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SendDlgItemMessageW 75C34CFE 5 Bytes JMP 5FF39F1C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!OpenClipboard 75C35BB9 5 Bytes JMP 5FF368BC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SetWindowsHookExA 75C36DFA 5 Bytes JMP 5FF3D464 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SendMessageTimeoutA 75C36E97 5 Bytes JMP 5FF39990 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SetWindowsHookA 75C4B669 5 Bytes JMP 5FF3D69C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SetWindowsHookW 75C4B684 5 Bytes JMP 5FF3D7B8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!EndTask 75C4FD8E 5 Bytes JMP 5FF38F94 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!ExitWindowsEx 75C506EF 5 Bytes JMP 5FF3E2D4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!BroadcastSystemMessageExA 75C63B83 5 Bytes JMP 5FF3A270 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!BroadcastSystemMessage 75C63BAA 5 Bytes JMP 5FF3A038 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] USER32.dll!SendMessageCallbackA 75C63EEB 5 Bytes JMP 5FF39758 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!EnumDependentServicesW 757B1EC8 7 Bytes JMP 5FF3B9C0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!SetFileSecurityW 757B6A31 5 Bytes JMP 5FF3C714 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!QueryServiceStatusEx 757B8632 5 Bytes JMP 5FF3B1FC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!StartServiceW 757B8A9B 5 Bytes JMP 5FF3AFC4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!SetSecurityInfo 757B9962 5 Bytes JMP 5FF3CA68 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!SetNamedSecurityInfoW 757B9A65 5 Bytes JMP 5FF3CCA0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!CreateProcessAsUserW 757BBBDB 5 Bytes JMP 5FF388E8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!EnumServicesStatusExW 757BBC43 7 Bytes JMP 5FF3C2A0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!OpenSCManagerW 757BD1F5 5 Bytes JMP 5FF3A800 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!OpenServiceW 757BD20D 5 Bytes JMP 5FF3AC70 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!QueryServiceConfigW 757BD225 5 Bytes JMP 5FF3B550 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!QueryServiceStatus 757C3A84 5 Bytes JMP 5FF3B0E0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!OpenServiceA 757C3B15 5 Bytes JMP 5FF3AB54 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!OpenSCManagerA 757C3B2D 5 Bytes JMP 5FF3A6E4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!AdjustTokenPrivileges 757CB656 5 Bytes JMP 5FF3C4DC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!SetKernelObjectSecurity 757CBBD2 5 Bytes JMP 5FF3C830 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!CreateServiceW 757DDBC1 5 Bytes JMP 5FF3AA38 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!ControlService 757DDC74 5 Bytes JMP 5FF3B318 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!DeleteService 757DDC8C 5 Bytes JMP 5FF3AD8C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!QueryServiceConfigA 757DF1FF 5 Bytes JMP 5FF3B434 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!StartServiceA 757DF217 5 Bytes JMP 5FF3AEA8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!EnumServicesStatusExA 757DF7BE 7 Bytes JMP 5FF3C184 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!CreateProcessAsUserA 757F14FD 5 Bytes JMP 5FF38A04 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!ChangeServiceConfig2A 757F2090 5 Bytes JMP 5FF3BD14 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!ChangeServiceConfig2W 757F20A0 5 Bytes JMP 5FF3BE30 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!ChangeServiceConfigA 757F20B0 5 Bytes JMP 5FF3BADC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!ChangeServiceConfigW 757F20C0 5 Bytes JMP 5FF3BBF8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!CreateServiceA 757F2120 5 Bytes JMP 5FF3A91C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!QueryServiceConfig2A 757F23B1 5 Bytes JMP 5FF3B66C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!QueryServiceConfig2W 757F23C1 5 Bytes JMP 5FF3B788 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!SetServiceObjectSecurity 757F24FB 5 Bytes JMP 5FF3C94C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!CreateProcessWithLogonW 757F42A1 5 Bytes JMP 5FF387CC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!InitiateSystemShutdownW 7580C15D 5 Bytes JMP 5FF3DD48 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!InitiateSystemShutdownExW 7580C22A 5 Bytes JMP 5FF3DF80 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!AbortSystemShutdownW 7580C450 5 Bytes JMP 5FF3E1B8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!EnumServicesStatusA 75810709 7 Bytes JMP 5FF3BF4C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!EnumDependentServicesA 758107EC 7 Bytes JMP 5FF3B8A4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ADVAPI32.dll!EnumServicesStatusW 75810909 5 Bytes JMP 5FF3C068 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ole32.dll!CoGetClassObject 758EA2D4 5 Bytes JMP 5FF36448 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ole32.dll!CoInitializeEx 758F0804 5 Bytes JMP 5FF360F4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ole32.dll!CoCreateInstance 759057FC 5 Bytes JMP 5FF36210 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ole32.dll!CoCreateInstanceEx 7590583F 5 Bytes JMP 5FF3632C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ole32.dll!CoGetInstanceFromFile 759711F9 5 Bytes JMP 5FF36564 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\Dwm.exe[1512] ole32.dll!CoGetInstanceFromIStorage 75990863 5 Bytes JMP 5FF36680 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ntdll.dll!NtProtectVirtualMemory 76F85360 5 Bytes JMP 007D000A
.text C:\windows\Explorer.EXE[1528] ntdll.dll!NtWriteVirtualMemory 76F85EE0 5 Bytes JMP 007E000A
.text C:\windows\Explorer.EXE[1528] ntdll.dll!KiUserExceptionDispatcher 76F86448 5 Bytes JMP 004B000A
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!EnumDependentServicesW 757B1EC8 7 Bytes JMP 5FF3B9BF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!SetFileSecurityW 757B6A31 6 Bytes JMP 5FF3C713 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!QueryServiceStatusEx 757B8632 6 Bytes JMP 5FF3B1FB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!StartServiceW 757B8A9B 6 Bytes JMP 5FF3AFC3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!SetSecurityInfo 757B9962 8 Bytes JMP 5FF3CA67 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!SetNamedSecurityInfoW 757B9A65 8 Bytes JMP 5FF3CC9F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!CreateProcessAsUserW 757BBBDB 6 Bytes JMP 5FF388E7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!EnumServicesStatusExW 757BBC43 7 Bytes JMP 5FF3C29F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!OpenSCManagerW 757BD1F5 6 Bytes JMP 5FF3A7FF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!OpenServiceW 757BD20D 6 Bytes JMP 5FF3AC6F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!QueryServiceConfigW 757BD225 6 Bytes JMP 5FF3B54F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!QueryServiceStatus 757C3A84 6 Bytes JMP 5FF3B0DF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!OpenServiceA 757C3B15 6 Bytes JMP 5FF3AB53 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!OpenSCManagerA 757C3B2D 6 Bytes JMP 5FF3A6E3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!AdjustTokenPrivileges 757CB656 6 Bytes JMP 5FF3C4DB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!SetKernelObjectSecurity 757CBBD2 6 Bytes JMP 5FF3C82F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!CreateServiceW 757DDBC1 6 Bytes JMP 5FF3AA37 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!ControlService 757DDC74 6 Bytes JMP 5FF3B317 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!DeleteService 757DDC8C 6 Bytes JMP 5FF3AD8B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!QueryServiceConfigA 757DF1FF 6 Bytes JMP 5FF3B433 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!StartServiceA 757DF217 6 Bytes JMP 5FF3AEA7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!EnumServicesStatusExA 757DF7BE 7 Bytes JMP 5FF3C183 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!CreateProcessAsUserA 757F14FD 7 Bytes JMP 5FF38A03 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!ChangeServiceConfig2A 757F2090 6 Bytes JMP 5FF3BD13 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!ChangeServiceConfig2W 757F20A0 6 Bytes JMP 5FF3BE2F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!ChangeServiceConfigA 757F20B0 6 Bytes JMP 5FF3BADB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!ChangeServiceConfigW 757F20C0 6 Bytes JMP 5FF3BBF7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!CreateServiceA 757F2120 6 Bytes JMP 5FF3A91B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!QueryServiceConfig2A 757F23B1 6 Bytes JMP 5FF3B66B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!QueryServiceConfig2W 757F23C1 6 Bytes JMP 5FF3B787 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!SetServiceObjectSecurity 757F24FB 6 Bytes JMP 5FF3C94B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!CreateProcessWithLogonW 757F42A1 8 Bytes JMP 5FF387CB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!InitiateSystemShutdownW 7580C15D 8 Bytes JMP 5FF3DD47 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!InitiateSystemShutdownExW 7580C22A 8 Bytes JMP 5FF3DF7F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!AbortSystemShutdownW 7580C450 6 Bytes JMP 5FF3E1B7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!EnumServicesStatusA 75810709 7 Bytes JMP 5FF3BF4B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!EnumDependentServicesA 758107EC 7 Bytes JMP 5FF3B8A3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ADVAPI32.dll!EnumServicesStatusW 75810909 7 Bytes JMP 5FF3C067 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!BroadcastSystemMessageExW + 2 75C025B2 5 Bytes JMP 5FF3A38C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!SetUserObjectSecurity + 2 75C039C9 6 Bytes JMP 5FF3CDBC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!BroadcastSystemMessageW + 2 75C08058 5 Bytes JMP 5FF3A154 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!PostThreadMessageA + 2 75C0CBD3 5 Bytes JMP 5FF39520 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!PostThreadMessageA + 8 75C0CBD9 2 Bytes JMP F6909090
.text C:\windows\Explorer.EXE[1528] USER32.dll!SendMessageA + 2 75C0CC2A 7 Bytes JMP 5FF390B0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!PostMessageA + 2 75C0D658 1 Byte [E9]
.text C:\windows\Explorer.EXE[1528] USER32.dll!PostMessageA + 2 75C0D658 5 Bytes JMP 5FF392E8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!SendNotifyMessageW + 2 75C0EB67 6 Bytes JMP 5FF39CE4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!PostThreadMessageW + 2 75C0ECE0 6 Bytes JMP 5FF3963C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!SetWindowsHookExW + 2 75C1210C 5 Bytes JMP 5FF3D580 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!SendMessageTimeoutW + 2 75C13140 5 Bytes JMP 5FF39AAC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!SendMessageCallbackW + 2 75C14DFE 5 Bytes JMP 5FF39874 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!PostMessageW + 2 75C16227 7 Bytes JMP 5FF39404 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!SendMessageW + 2 75C1764E 7 Bytes JMP 5FF391CC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!SendNotifyMessageA + 2 75C267B6 6 Bytes JMP 5FF39BC8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!SendDlgItemMessageA + 2 75C2914F 7 Bytes JMP 5FF39E00 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!SendDlgItemMessageW + 2 75C34D00 7 Bytes JMP 5FF39F1C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!OpenClipboard + 2 75C35BBB 7 Bytes JMP 5FF368BC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!SetWindowsHookExA + 2 75C36DFC 5 Bytes JMP 5FF3D464 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!SendMessageTimeoutA + 2 75C36E99 5 Bytes JMP 5FF39990 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!SetWindowsHookA + 2 75C4B66B 5 Bytes JMP 5FF3D69C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!SetWindowsHookW + 2 75C4B686 5 Bytes JMP 5FF3D7B8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!EndTask + 2 75C4FD90 6 Bytes JMP 5FF38F94 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!ExitWindowsEx + 2 75C506F1 6 Bytes JMP 5FF3E2D4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!BroadcastSystemMessageExA + 2 75C63B85 5 Bytes JMP 5FF3A270 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!BroadcastSystemMessage 75C63BAA 7 Bytes JMP 5FF3A037 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] USER32.dll!SendMessageCallbackA + 2 75C63EED 5 Bytes JMP 5FF39758 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] SHELL32.dll!SHCreateProcessAsUserW 75F191C8 8 Bytes JMP 5FF38B1F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ole32.dll!CoGetClassObject 758EA2D4 10 Bytes JMP 5FF36447 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ole32.dll!CoInitializeEx 758F0804 6 Bytes JMP 5FF360F3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ole32.dll!CoCreateInstance 759057FC 8 Bytes JMP 5FF3620F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ole32.dll!CoCreateInstanceEx 7590583F 6 Bytes JMP 5FF3632B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ole32.dll!CoGetInstanceFromFile 759711F9 10 Bytes JMP 5FF36563 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\Explorer.EXE[1528] ole32.dll!CoGetInstanceFromIStorage 75990863 10 Bytes JMP 5FF3667F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!CreateProcessW + 2 75A1202F 5 Bytes JMP 5FF386B0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!CreateProcessA + 2 75A12064 5 Bytes JMP 5FF38594 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!VirtualAllocEx 75A4B42C 5 Bytes JMP 5FF3D110 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!TerminateProcess + 2 75A5509D 9 Bytes JMP 5FF38D5C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!VirtualProtect + 2 75A550AD 9 Bytes JMP 5FF3D348 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!LoadLibraryExW + 2 75A5B6C1 9 Bytes JMP 5FF38008 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!OpenThread 75A60DAF 5 Bytes JMP 5FF3D8D4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!GetProcAddress 75A61857 5 Bytes JMP 5FF38124 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!FreeLibrary 75A61A09 5 Bytes JMP 5FF3835C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!ExitProcess + 1 75A62AF0 6 Bytes JMP 5FF3823F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!TerminateThread 75A62E05 5 Bytes JMP 5FF38E78 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!WriteProcessMemory + 2 75A785C3 9 Bytes JMP 5FF3CED8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!DebugActiveProcess + 2 75A961CE 8 Bytes JMP 5FF3D9F0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!CreateRemoteThread + 2 75A9F4DD 6 Bytes JMP 5FF3CFF4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] kernel32.dll!VirtualProtectEx + 2 75A9F72B 9 Bytes JMP 5FF3D22C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!EnumDependentServicesW 757B1EC8 7 Bytes JMP 5FF3B9BE C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!SetFileSecurityW 757B6A31 5 Bytes JMP 5FF3C714 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!QueryServiceStatusEx 757B8632 5 Bytes JMP 5FF3B1FC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!StartServiceW 757B8A9B 5 Bytes JMP 5FF3AFC4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!SetSecurityInfo + 2 757B9964 6 Bytes JMP 5FF3CA68 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!SetNamedSecurityInfoW + 2 757B9A67 6 Bytes JMP 5FF3CCA0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!CreateProcessAsUserW 757BBBDB 5 Bytes JMP 5FF388E8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!EnumServicesStatusExW 757BBC43 7 Bytes JMP 5FF3C29E C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!OpenSCManagerW 757BD1F5 5 Bytes JMP 5FF3A800 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!OpenServiceW 757BD20D 5 Bytes JMP 5FF3AC70 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!QueryServiceConfigW 757BD225 5 Bytes JMP 5FF3B550 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!QueryServiceStatus 757C3A84 5 Bytes JMP 5FF3B0E0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!OpenServiceA 757C3B15 5 Bytes JMP 5FF3AB54 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!OpenSCManagerA 757C3B2D 5 Bytes JMP 5FF3A6E4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!AdjustTokenPrivileges 757CB656 5 Bytes JMP 5FF3C4DC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!SetKernelObjectSecurity 757CBBD2 5 Bytes JMP 5FF3C830 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!CreateServiceW 757DDBC1 5 Bytes JMP 5FF3AA38 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!ControlService 757DDC74 5 Bytes JMP 5FF3B318 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!DeleteService 757DDC8C 5 Bytes JMP 5FF3AD8C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!QueryServiceConfigA 757DF1FF 5 Bytes JMP 5FF3B434 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!StartServiceA 757DF217 5 Bytes JMP 5FF3AEA8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!EnumServicesStatusExA 757DF7BE 7 Bytes JMP 5FF3C182 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!CreateProcessAsUserA + 2 757F14FF 5 Bytes JMP 5FF38A04 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!ChangeServiceConfig2A + 2 757F2092 9 Bytes JMP 5FF3BD14 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!ChangeServiceConfig2W + 2 757F20A2 9 Bytes JMP 5FF3BE30 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!ChangeServiceConfigA + 2 757F20B2 9 Bytes JMP 5FF3BADC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!ChangeServiceConfigW + 2 757F20C2 9 Bytes JMP 5FF3BBF8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!CreateServiceA + 2 757F2122 9 Bytes JMP 5FF3A91C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!QueryServiceConfig2A + 2 757F23B3 9 Bytes JMP 5FF3B66C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!QueryServiceConfig2W + 2 757F23C3 9 Bytes JMP 5FF3B788 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!SetServiceObjectSecurity + 2 757F24FD 9 Bytes JMP 5FF3C94C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!CreateProcessWithLogonW + 2 757F42A3 6 Bytes JMP 5FF387CC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!InitiateSystemShutdownW + 2 7580C15F 6 Bytes JMP 5FF3DD48 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!InitiateSystemShutdownExW + 2 7580C22C 6 Bytes JMP 5FF3DF80 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!AbortSystemShutdownW + 2 7580C452 7 Bytes JMP 5FF3E1B8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!EnumServicesStatusA 75810709 7 Bytes JMP 5FF3BF4A C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!EnumDependentServicesA 758107EC 7 Bytes JMP 5FF3B8A2 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ADVAPI32.dll!EnumServicesStatusW + 2 7581090B 5 Bytes JMP 5FF3C068 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ole32.dll!CoGetClassObject + 2 758EA2D6 8 Bytes JMP 5FF36448 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ole32.dll!CoInitializeEx + 2 758F0806 5 Bytes JMP 5FF360F4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ole32.dll!CoCreateInstance + 2 759057FE 6 Bytes JMP 5FF36210 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ole32.dll!CoCreateInstanceEx + 2 75905841 7 Bytes JMP 5FF3632C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ole32.dll!CoGetInstanceFromFile + 2 759711FB 8 Bytes JMP 5FF36564 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] ole32.dll!CoGetInstanceFromIStorage + 2 75990865 8 Bytes JMP 5FF36680 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!BroadcastSystemMessageExW + 2 75C025B2 5 Bytes JMP 5FF3A38C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SetUserObjectSecurity + 2 75C039C9 6 Bytes JMP 5FF3CDBC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!BroadcastSystemMessageW + 2 75C08058 5 Bytes JMP 5FF3A154 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!PostThreadMessageA + 2 75C0CBD3 5 Bytes JMP 5FF39520 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!PostThreadMessageA + 8 75C0CBD9 2 Bytes JMP F6909090
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SendMessageA + 2 75C0CC2A 7 Bytes JMP 5FF390B0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!PostMessageA + 2 75C0D658 1 Byte [E9]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!PostMessageA + 2 75C0D658 5 Bytes JMP 5FF392E8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SendNotifyMessageW + 2 75C0EB67 6 Bytes JMP 5FF39CE4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!PostThreadMessageW + 2 75C0ECE0 6 Bytes JMP 5FF3963C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SetWindowsHookExW + 2 75C1210C 5 Bytes JMP 5FF3D580 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SendMessageTimeoutW + 2 75C13140 5 Bytes JMP 5FF39AAC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SendMessageCallbackW + 2 75C14DFE 5 Bytes JMP 5FF39874 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!PostMessageW + 2 75C16227 7 Bytes JMP 5FF39404 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SendMessageW + 2 75C1764E 7 Bytes JMP 5FF391CC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SendNotifyMessageA + 2 75C267B6 6 Bytes JMP 5FF39BC8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SendDlgItemMessageA + 2 75C2914F 7 Bytes JMP 5FF39E00 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SendDlgItemMessageW + 2 75C34D00 7 Bytes JMP 5FF39F1C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!OpenClipboard + 2 75C35BBB 7 Bytes JMP 5FF368BC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SetWindowsHookExA + 2 75C36DFC 5 Bytes JMP 5FF3D464 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SendMessageTimeoutA + 2 75C36E99 5 Bytes JMP 5FF39990 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SetWindowsHookA + 2 75C4B66B 5 Bytes JMP 5FF3D69C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SetWindowsHookW + 2 75C4B686 5 Bytes JMP 5FF3D7B8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!EndTask + 2 75C4FD90 6 Bytes JMP 5FF38F94 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!ExitWindowsEx + 2 75C506F1 6 Bytes JMP 5FF3E2D4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!BroadcastSystemMessageExA + 2 75C63B85 5 Bytes JMP 5FF3A270 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!BroadcastSystemMessage + 2 75C63BAC 5 Bytes JMP 5FF3A038 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] USER32.dll!SendMessageCallbackA + 2 75C63EED 5 Bytes JMP 5FF39758 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2316] kernel32.dll!CreateProcessW 75A1202D 5 Bytes JMP 5FF386B0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2316] kernel32.dll!CreateProcessA 75A12062 5 Bytes JMP 5FF38594 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2316] kernel32.dll!LoadLibraryExW 75A5B6BF 5 Bytes JMP 5FF38008 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2316] kernel32.dll!GetProcAddress 75A61857 5 Bytes JMP 5FF38124 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2316] kernel32.dll!FreeLibrary 75A61A09 5 Bytes JMP 5FF3835C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2316] kernel32.dll!ExitProcess 75A62AEF 5 Bytes JMP 5FF38240 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2316] ADVAPI32.dll!CreateProcessAsUserW 757BBBDB 5 Bytes JMP 5FF388E8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2316] ADVAPI32.dll!CreateProcessAsUserA 757F14FD 5 Bytes JMP 5FF38A04 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text


#5 djost

djost
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 05 July 2010 - 07:24 PM

GMER log:(Part 2)

C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2316] ADVAPI32.dll!CreateProcessWithLogonW 757F42A1 5 Bytes JMP 5FF387CC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!CreateProcessW 75A1202D 7 Bytes JMP 5FF386AF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!CreateProcessA 75A12062 7 Bytes JMP 5FF38593 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!VirtualAllocEx 75A4B42C 6 Bytes JMP 5FF3D10F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!TerminateProcess 75A5509B 6 Bytes JMP 5FF38D5B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!VirtualProtect 75A550AB 6 Bytes JMP 5FF3D347 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!LoadLibraryExW 75A5B6BF 6 Bytes JMP 5FF38007 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!OpenThread 75A60DAF 6 Bytes JMP 5FF3D8D3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!GetProcAddress 75A61857 6 Bytes JMP 5FF38123 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!FreeLibrary 75A61A09 6 Bytes JMP 5FF3835B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!ExitProcess 75A62AEF 7 Bytes JMP 5FF3823F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!TerminateThread 75A62E05 6 Bytes JMP 5FF38E77 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!WriteProcessMemory 75A785C1 6 Bytes JMP 5FF3CED7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!DebugActiveProcess 75A961CC 10 Bytes JMP 5FF3D9EF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!CreateRemoteThread 75A9F4DB 8 Bytes JMP 5FF3CFF3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] kernel32.dll!VirtualProtectEx 75A9F729 6 Bytes JMP 5FF3D22B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!BroadcastSystemMessageExW 75C025B0 7 Bytes JMP 5FF3A38B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SetUserObjectSecurity 75C039C7 8 Bytes JMP 5FF3CDBB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!BroadcastSystemMessageW 75C08056 7 Bytes JMP 5FF3A153 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!PostThreadMessageA 75C0CBD1 7 Bytes JMP 5FF3951F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!PostThreadMessageA + 8 75C0CBD9 2 Bytes [90, 90] {NOP ; NOP }
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SendMessageA 75C0CC28 6 Bytes JMP 5FF390AF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!PostMessageA 75C0D656 6 Bytes JMP 5FF392E7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SendNotifyMessageW 75C0EB65 8 Bytes JMP 5FF39CE3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!PostThreadMessageW 75C0ECDE 8 Bytes JMP 5FF3963B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SetWindowsHookExW 75C1210A 7 Bytes JMP 5FF3D57F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SendMessageTimeoutW 75C1313E 7 Bytes JMP 5FF39AAB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SendMessageCallbackW 75C14DFC 6 Bytes JMP 5FF39873 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!PostMessageW 75C16225 6 Bytes JMP 5FF39403 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SendMessageW 75C1764C 6 Bytes JMP 5FF391CB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SendNotifyMessageA 75C267B4 8 Bytes JMP 5FF39BC7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SendDlgItemMessageA 75C2914D 9 Bytes JMP 5FF39DFF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SendDlgItemMessageW 75C34CFE 9 Bytes JMP 5FF39F1B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!OpenClipboard 75C35BB9 6 Bytes JMP 5FF368BB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SetWindowsHookExA 75C36DFA 7 Bytes JMP 5FF3D463 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SendMessageTimeoutA 75C36E97 7 Bytes JMP 5FF3998F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SetWindowsHookA 75C4B669 7 Bytes JMP 5FF3D69B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SetWindowsHookW 75C4B684 7 Bytes JMP 5FF3D7B7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!EndTask 75C4FD8E 8 Bytes JMP 5FF38F93 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!ExitWindowsEx 75C506EF 8 Bytes JMP 5FF3E2D3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!BroadcastSystemMessageExA 75C63B83 7 Bytes JMP 5FF3A26F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!BroadcastSystemMessage 75C63BAA 7 Bytes JMP 5FF3A037 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] USER32.dll!SendMessageCallbackA 75C63EEB 6 Bytes JMP 5FF39757 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!EnumDependentServicesW 757B1EC8 7 Bytes JMP 5FF3B9BF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!SetFileSecurityW 757B6A31 6 Bytes JMP 5FF3C713 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!QueryServiceStatusEx 757B8632 6 Bytes JMP 5FF3B1FB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!StartServiceW 757B8A9B 6 Bytes JMP 5FF3AFC3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!SetSecurityInfo 757B9962 8 Bytes JMP 5FF3CA67 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!SetNamedSecurityInfoW 757B9A65 8 Bytes JMP 5FF3CC9F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!CreateProcessAsUserW 757BBBDB 6 Bytes JMP 5FF388E7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!EnumServicesStatusExW 757BBC43 7 Bytes JMP 5FF3C29F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!OpenSCManagerW 757BD1F5 6 Bytes JMP 5FF3A7FF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!OpenServiceW 757BD20D 6 Bytes JMP 5FF3AC6F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!QueryServiceConfigW 757BD225 6 Bytes JMP 5FF3B54F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!QueryServiceStatus 757C3A84 6 Bytes JMP 5FF3B0DF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!OpenServiceA 757C3B15 6 Bytes JMP 5FF3AB53 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!OpenSCManagerA 757C3B2D 6 Bytes JMP 5FF3A6E3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!AdjustTokenPrivileges 757CB656 6 Bytes JMP 5FF3C4DB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!SetKernelObjectSecurity 757CBBD2 6 Bytes JMP 5FF3C82F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!CreateServiceW 757DDBC1 6 Bytes JMP 5FF3AA37 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!ControlService 757DDC74 6 Bytes JMP 5FF3B317 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!DeleteService 757DDC8C 6 Bytes JMP 5FF3AD8B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!QueryServiceConfigA 757DF1FF 6 Bytes JMP 5FF3B433 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!StartServiceA 757DF217 6 Bytes JMP 5FF3AEA7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!EnumServicesStatusExA 757DF7BE 7 Bytes JMP 5FF3C183 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!CreateProcessAsUserA 757F14FD 7 Bytes JMP 5FF38A03 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!ChangeServiceConfig2A 757F2090 6 Bytes JMP 5FF3BD13 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!ChangeServiceConfig2W 757F20A0 6 Bytes JMP 5FF3BE2F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!ChangeServiceConfigA 757F20B0 6 Bytes JMP 5FF3BADB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!ChangeServiceConfigW 757F20C0 6 Bytes JMP 5FF3BBF7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!CreateServiceA 757F2120 6 Bytes JMP 5FF3A91B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!QueryServiceConfig2A 757F23B1 6 Bytes JMP 5FF3B66B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!QueryServiceConfig2W 757F23C1 6 Bytes JMP 5FF3B787 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!SetServiceObjectSecurity 757F24FB 6 Bytes JMP 5FF3C94B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!CreateProcessWithLogonW 757F42A1 8 Bytes JMP 5FF387CB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!InitiateSystemShutdownW 7580C15D 8 Bytes JMP 5FF3DD47 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!InitiateSystemShutdownExW 7580C22A 8 Bytes JMP 5FF3DF7F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!AbortSystemShutdownW 7580C450 6 Bytes JMP 5FF3E1B7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!EnumServicesStatusA 75810709 7 Bytes JMP 5FF3BF4B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!EnumDependentServicesA 758107EC 7 Bytes JMP 5FF3B8A3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ADVAPI32.dll!EnumServicesStatusW 75810909 7 Bytes JMP 5FF3C067 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ole32.dll!CoGetClassObject + 2 758EA2D6 8 Bytes JMP 5FF36448 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ole32.dll!CoInitializeEx + 2 758F0806 5 Bytes JMP 5FF360F4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ole32.dll!CoCreateInstance + 2 759057FE 6 Bytes JMP 5FF36210 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ole32.dll!CoCreateInstanceEx + 2 75905841 7 Bytes JMP 5FF3632C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ole32.dll!CoGetInstanceFromFile + 2 759711FB 8 Bytes JMP 5FF36564 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] ole32.dll!CoGetInstanceFromIStorage + 2 75990865 8 Bytes JMP 5FF36680 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\SearchIndexer.exe[3056] kernel32.dll!CreateProcessW 75A1202D 7 Bytes JMP 5FF386AF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\SearchIndexer.exe[3056] kernel32.dll!CreateProcessA 75A12062 7 Bytes JMP 5FF38593 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\SearchIndexer.exe[3056] kernel32.dll!LoadLibraryExW 75A5B6BF 6 Bytes JMP 5FF38007 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\SearchIndexer.exe[3056] kernel32.dll!GetProcAddress 75A61857 6 Bytes JMP 5FF38123 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\SearchIndexer.exe[3056] kernel32.dll!FreeLibrary 75A61A09 6 Bytes JMP 5FF3835B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\SearchIndexer.exe[3056] kernel32.dll!ExitProcess 75A62AEF 7 Bytes JMP 5FF3823F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\SearchIndexer.exe[3056] ADVAPI32.dll!CreateProcessAsUserW 757BBBDB 6 Bytes JMP 5FF388E7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\SearchIndexer.exe[3056] ADVAPI32.dll!CreateProcessAsUserA 757F14FD 7 Bytes JMP 5FF38A03 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\SearchIndexer.exe[3056] ADVAPI32.dll!CreateProcessWithLogonW 757F42A1 8 Bytes JMP 5FF387CB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!CreateProcessW 75A1202D 7 Bytes JMP 5FF386AF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!CreateProcessA 75A12062 7 Bytes JMP 5FF38593 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!VirtualAllocEx 75A4B42C 6 Bytes JMP 5FF3D10F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!TerminateProcess 75A5509B 6 Bytes JMP 5FF38D5B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!VirtualProtect 75A550AB 6 Bytes JMP 5FF3D347 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!LoadLibraryExW 75A5B6BF 6 Bytes JMP 5FF38007 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!OpenThread 75A60DAF 6 Bytes JMP 5FF3D8D3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!GetProcAddress 75A61857 6 Bytes JMP 5FF38123 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!FreeLibrary 75A61A09 6 Bytes JMP 5FF3835B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!ExitProcess 75A62AEF 7 Bytes JMP 5FF3823F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!TerminateThread 75A62E05 6 Bytes JMP 5FF38E77 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!WriteProcessMemory 75A785C1 6 Bytes JMP 5FF3CED7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!DebugActiveProcess 75A961CC 10 Bytes JMP 5FF3D9EF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!CreateRemoteThread 75A9F4DB 8 Bytes JMP 5FF3CFF3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] KERNEL32.dll!VirtualProtectEx 75A9F729 6 Bytes JMP 5FF3D22B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!EnumDependentServicesW 757B1EC8 7 Bytes JMP 5FF3B9BF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!SetFileSecurityW 757B6A31 6 Bytes JMP 5FF3C713 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!QueryServiceStatusEx 757B8632 6 Bytes JMP 5FF3B1FB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!StartServiceW 757B8A9B 6 Bytes JMP 5FF3AFC3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!SetSecurityInfo 757B9962 8 Bytes JMP 5FF3CA67 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!SetNamedSecurityInfoW 757B9A65 8 Bytes JMP 5FF3CC9F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!CreateProcessAsUserW 757BBBDB 6 Bytes JMP 5FF388E7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!EnumServicesStatusExW 757BBC43 7 Bytes JMP 5FF3C29F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!OpenSCManagerW 757BD1F5 6 Bytes JMP 5FF3A7FF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!OpenServiceW 757BD20D 6 Bytes JMP 5FF3AC6F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!QueryServiceConfigW 757BD225 6 Bytes JMP 5FF3B54F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!QueryServiceStatus 757C3A84 6 Bytes JMP 5FF3B0DF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!OpenServiceA 757C3B15 6 Bytes JMP 5FF3AB53 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!OpenSCManagerA 757C3B2D 6 Bytes JMP 5FF3A6E3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!AdjustTokenPrivileges 757CB656 6 Bytes JMP 5FF3C4DB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!SetKernelObjectSecurity 757CBBD2 6 Bytes JMP 5FF3C82F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!CreateServiceW 757DDBC1 6 Bytes JMP 5FF3AA37 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!ControlService 757DDC74 6 Bytes JMP 5FF3B317 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!DeleteService 757DDC8C 6 Bytes JMP 5FF3AD8B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!QueryServiceConfigA 757DF1FF 6 Bytes JMP 5FF3B433 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!StartServiceA 757DF217 6 Bytes JMP 5FF3AEA7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!EnumServicesStatusExA 757DF7BE 7 Bytes JMP 5FF3C183 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!CreateProcessAsUserA 757F14FD 7 Bytes JMP 5FF38A03 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!ChangeServiceConfig2A 757F2090 6 Bytes JMP 5FF3BD13 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!ChangeServiceConfig2W 757F20A0 6 Bytes JMP 5FF3BE2F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!ChangeServiceConfigA 757F20B0 6 Bytes JMP 5FF3BADB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!ChangeServiceConfigW 757F20C0 6 Bytes JMP 5FF3BBF7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!CreateServiceA 757F2120 6 Bytes JMP 5FF3A91B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!QueryServiceConfig2A 757F23B1 6 Bytes JMP 5FF3B66B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!QueryServiceConfig2W 757F23C1 6 Bytes JMP 5FF3B787 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!SetServiceObjectSecurity 757F24FB 6 Bytes JMP 5FF3C94B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!CreateProcessWithLogonW 757F42A1 8 Bytes JMP 5FF387CB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!InitiateSystemShutdownW 7580C15D 8 Bytes JMP 5FF3DD47 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!InitiateSystemShutdownExW 7580C22A 8 Bytes JMP 5FF3DF7F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!AbortSystemShutdownW 7580C450 6 Bytes JMP 5FF3E1B7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!EnumServicesStatusA 75810709 7 Bytes JMP 5FF3BF4B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!EnumDependentServicesA 758107EC 7 Bytes JMP 5FF3B8A3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ADVAPI32.dll!EnumServicesStatusW 75810909 7 Bytes JMP 5FF3C067 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ole32.dll!CoGetClassObject 758EA2D4 10 Bytes JMP 5FF36447 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ole32.dll!CoInitializeEx 758F0804 6 Bytes JMP 5FF360F3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ole32.dll!CoCreateInstance 759057FC 8 Bytes JMP 5FF3620F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ole32.dll!CoCreateInstanceEx 7590583F 6 Bytes JMP 5FF3632B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ole32.dll!CoGetInstanceFromFile 759711F9 10 Bytes JMP 5FF36563 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] ole32.dll!CoGetInstanceFromIStorage 75990863 10 Bytes JMP 5FF3667F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!BroadcastSystemMessageExW 75C025B0 7 Bytes JMP 5FF3A38B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SetUserObjectSecurity 75C039C7 8 Bytes JMP 5FF3CDBB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!BroadcastSystemMessageW 75C08056 7 Bytes JMP 5FF3A153 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!PostThreadMessageA 75C0CBD1 7 Bytes JMP 5FF3951F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!PostThreadMessageA + 8 75C0CBD9 2 Bytes [90, 90] {NOP ; NOP }
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SendMessageA 75C0CC28 6 Bytes JMP 5FF390AF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!PostMessageA 75C0D656 6 Bytes JMP 5FF392E7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SendNotifyMessageW 75C0EB65 8 Bytes JMP 5FF39CE3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!PostThreadMessageW 75C0ECDE 8 Bytes JMP 5FF3963B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SetWindowsHookExW 75C1210A 7 Bytes JMP 5FF3D57F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SendMessageTimeoutW 75C1313E 7 Bytes JMP 5FF39AAB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SendMessageCallbackW 75C14DFC 6 Bytes JMP 5FF39873 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!PostMessageW 75C16225 6 Bytes JMP 5FF39403 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SendMessageW 75C1764C 6 Bytes JMP 5FF391CB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SendNotifyMessageA 75C267B4 8 Bytes JMP 5FF39BC7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SendDlgItemMessageA 75C2914D 9 Bytes JMP 5FF39DFF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SendDlgItemMessageW 75C34CFE 9 Bytes JMP 5FF39F1B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!OpenClipboard 75C35BB9 6 Bytes JMP 5FF368BB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SetWindowsHookExA 75C36DFA 7 Bytes JMP 5FF3D463 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SendMessageTimeoutA 75C36E97 7 Bytes JMP 5FF3998F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SetWindowsHookA 75C4B669 7 Bytes JMP 5FF3D69B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SetWindowsHookW 75C4B684 7 Bytes JMP 5FF3D7B7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!EndTask 75C4FD8E 8 Bytes JMP 5FF38F93 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!ExitWindowsEx 75C506EF 8 Bytes JMP 5FF3E2D3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!BroadcastSystemMessageExA 75C63B83 7 Bytes JMP 5FF3A26F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!BroadcastSystemMessage 75C63BAA 7 Bytes JMP 5FF3A037 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] USER32.dll!SendMessageCallbackA 75C63EEB 6 Bytes JMP 5FF39757 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] shell32.dll!SHCreateProcessAsUserW 75F191C8 8 Bytes JMP 5FF38B20 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[3768] kernel32.dll!CreateProcessW + 2 75A1202F 5 Bytes JMP 5FF386B0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[3768] kernel32.dll!CreateProcessA + 2 75A12064 5 Bytes JMP 5FF38594 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[3768] kernel32.dll!LoadLibraryExW + 2 75A5B6C1 9 Bytes JMP 5FF38008 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[3768] kernel32.dll!GetProcAddress 75A61857 5 Bytes JMP 5FF38124 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[3768] kernel32.dll!FreeLibrary 75A61A09 5 Bytes JMP 5FF3835C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[3768] kernel32.dll!ExitProcess + 1 75A62AF0 6 Bytes JMP 5FF3823F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[3768] ADVAPI32.dll!CreateProcessAsUserW 757BBBDB 5 Bytes JMP 5FF388E8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[3768] ADVAPI32.dll!CreateProcessAsUserA + 2 757F14FF 5 Bytes JMP 5FF38A04 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[3768] ADVAPI32.dll!CreateProcessWithLogonW + 2 757F42A3 6 Bytes JMP 5FF387CC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ntdll.dll!NtProtectVirtualMemory 76F85360 5 Bytes JMP 0019000A
.text C:\windows\system32\wuauclt.exe[4844] ntdll.dll!NtWriteVirtualMemory 76F85EE0 5 Bytes JMP 001A000A
.text C:\windows\system32\wuauclt.exe[4844] ntdll.dll!KiUserExceptionDispatcher 76F86448 5 Bytes JMP 0018000A
.text C:\windows\system32\wuauclt.exe[4844] ole32.dll!CoGetClassObject 758EA2D4 10 Bytes JMP 5FF36447 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ole32.dll!CoInitializeEx 758F0804 6 Bytes JMP 5FF360F3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ole32.dll!CoCreateInstance 759057FC 8 Bytes JMP 5FF3620F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ole32.dll!CoCreateInstanceEx 7590583F 6 Bytes JMP 5FF3632B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ole32.dll!CoGetInstanceFromFile 759711F9 10 Bytes JMP 5FF36563 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ole32.dll!CoGetInstanceFromIStorage 75990863 10 Bytes JMP 5FF3667F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!BroadcastSystemMessageExW 75C025B0 7 Bytes JMP 5FF3A38B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SetUserObjectSecurity 75C039C7 8 Bytes JMP 5FF3CDBB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!BroadcastSystemMessageW 75C08056 7 Bytes JMP 5FF3A153 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!PostThreadMessageA 75C0CBD1 7 Bytes JMP 5FF3951F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!PostThreadMessageA + 8 75C0CBD9 2 Bytes [90, 90] {NOP ; NOP }
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SendMessageA 75C0CC28 6 Bytes JMP 5FF390AF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!PostMessageA 75C0D656 6 Bytes JMP 5FF392E7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SendNotifyMessageW 75C0EB65 8 Bytes JMP 5FF39CE3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!PostThreadMessageW 75C0ECDE 8 Bytes JMP 5FF3963B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SetWindowsHookExW 75C1210A 7 Bytes JMP 5FF3D57F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SendMessageTimeoutW 75C1313E 7 Bytes JMP 5FF39AAB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SendMessageCallbackW 75C14DFC 6 Bytes JMP 5FF39873 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!PostMessageW 75C16225 6 Bytes JMP 5FF39403 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SendMessageW 75C1764C 6 Bytes JMP 5FF391CB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SendNotifyMessageA 75C267B4 8 Bytes JMP 5FF39BC7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SendDlgItemMessageA 75C2914D 9 Bytes JMP 5FF39DFF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SendDlgItemMessageW 75C34CFE 9 Bytes JMP 5FF39F1B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!OpenClipboard 75C35BB9 6 Bytes JMP 5FF368BB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SetWindowsHookExA 75C36DFA 7 Bytes JMP 5FF3D463 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SendMessageTimeoutA 75C36E97 7 Bytes JMP 5FF3998F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SetWindowsHookA 75C4B669 7 Bytes JMP 5FF3D69B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SetWindowsHookW 75C4B684 7 Bytes JMP 5FF3D7B7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!EndTask 75C4FD8E 8 Bytes JMP 5FF38F93 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!ExitWindowsEx 75C506EF 8 Bytes JMP 5FF3E2D3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!BroadcastSystemMessageExA 75C63B83 7 Bytes JMP 5FF3A26F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!BroadcastSystemMessage 75C63BAA 7 Bytes JMP 5FF3A037 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] USER32.dll!SendMessageCallbackA 75C63EEB 6 Bytes JMP 5FF39757 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!EnumDependentServicesW 757B1EC8 7 Bytes JMP 5FF3B9BF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!SetFileSecurityW 757B6A31 6 Bytes JMP 5FF3C713 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!QueryServiceStatusEx 757B8632 6 Bytes JMP 5FF3B1FB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!StartServiceW 757B8A9B 6 Bytes JMP 5FF3AFC3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!SetSecurityInfo 757B9962 8 Bytes JMP 5FF3CA67 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!SetNamedSecurityInfoW 757B9A65 8 Bytes JMP 5FF3CC9F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!CreateProcessAsUserW 757BBBDB 6 Bytes JMP 5FF388E7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!EnumServicesStatusExW 757BBC43 7 Bytes JMP 5FF3C29F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!OpenSCManagerW 757BD1F5 6 Bytes JMP 5FF3A7FF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!OpenServiceW 757BD20D 6 Bytes JMP 5FF3AC6F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!QueryServiceConfigW 757BD225 6 Bytes JMP 5FF3B54F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!QueryServiceStatus 757C3A84 6 Bytes JMP 5FF3B0DF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!OpenServiceA 757C3B15 6 Bytes JMP 5FF3AB53 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!OpenSCManagerA 757C3B2D 6 Bytes JMP 5FF3A6E3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!AdjustTokenPrivileges 757CB656 6 Bytes JMP 5FF3C4DB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!SetKernelObjectSecurity 757CBBD2 6 Bytes JMP 5FF3C82F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!CreateServiceW 757DDBC1 6 Bytes JMP 5FF3AA37 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!ControlService 757DDC74 6 Bytes JMP 5FF3B317 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!DeleteService 757DDC8C 6 Bytes JMP 5FF3AD8B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!QueryServiceConfigA 757DF1FF 6 Bytes JMP 5FF3B433 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!StartServiceA 757DF217 6 Bytes JMP 5FF3AEA7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!EnumServicesStatusExA 757DF7BE 7 Bytes JMP 5FF3C183 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!CreateProcessAsUserA 757F14FD 7 Bytes JMP 5FF38A03 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!ChangeServiceConfig2A 757F2090 6 Bytes JMP 5FF3BD13 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!ChangeServiceConfig2W 757F20A0 6 Bytes JMP 5FF3BE2F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!ChangeServiceConfigA 757F20B0 6 Bytes JMP 5FF3BADB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!ChangeServiceConfigW 757F20C0 6 Bytes JMP 5FF3BBF7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!CreateServiceA 757F2120 6 Bytes JMP 5FF3A91B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!QueryServiceConfig2A 757F23B1 6 Bytes JMP 5FF3B66B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!QueryServiceConfig2W 757F23C1 6 Bytes JMP 5FF3B787 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!SetServiceObjectSecurity 757F24FB 6 Bytes JMP 5FF3C94B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!CreateProcessWithLogonW 757F42A1 8 Bytes JMP 5FF387CB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!InitiateSystemShutdownW 7580C15D 8 Bytes JMP 5FF3DD47 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!InitiateSystemShutdownExW 7580C22A 8 Bytes JMP 5FF3DF7F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!AbortSystemShutdownW 7580C450 6 Bytes JMP 5FF3E1B7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!EnumServicesStatusA 75810709 7 Bytes JMP 5FF3BF4B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!EnumDependentServicesA 758107EC 7 Bytes JMP 5FF3B8A3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\windows\system32\wuauclt.exe[4844] ADVAPI32.dll!EnumServicesStatusW 75810909 7 Bytes JMP 5FF3C067 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4880] ntdll.dll!NtProtectVirtualMemory 76F85360 5 Bytes JMP 003A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4880] ntdll.dll!NtWriteVirtualMemory 76F85EE0 5 Bytes JMP 003B000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4880] ntdll.dll!KiUserExceptionDispatcher 76F86448 5 Bytes JMP 0017000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5224] USER32.dll!TrackPopupMenu 75C34B3B 5 Bytes JMP 633A05FE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!CreateProcessW + 2 75A1202F 8 Bytes JMP 5FF386AF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!CreateProcessA + 2 75A12064 8 Bytes JMP 5FF38593 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!VirtualAllocEx 75A4B42C 5 Bytes JMP 5FF3D110 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!TerminateProcess + 2 75A5509D 9 Bytes JMP 5FF38D5B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!VirtualProtect + 2 75A550AD 9 Bytes JMP 5FF3D347 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!LoadLibraryExW + 2 75A5B6C1 9 Bytes JMP 5FF38007 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!OpenThread 75A60DAF 5 Bytes JMP 5FF3D8D4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!GetProcAddress 75A61857 5 Bytes JMP 5FF38124 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!FreeLibrary 75A61A09 5 Bytes JMP 5FF3835C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!ExitProcess + 1 75A62AF0 11 Bytes JMP 5FF3823E C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!TerminateThread 75A62E05 5 Bytes JMP 5FF38E78 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!WriteProcessMemory + 2 75A785C3 9 Bytes JMP 5FF3CED7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!DebugActiveProcess + 2 75A961CE 8 Bytes JMP 5FF3D9EF C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!CreateRemoteThread + 2 75A9F4DD 6 Bytes JMP 5FF3CFF3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] kernel32.dll!VirtualProtectEx + 2 75A9F72B 9 Bytes JMP 5FF3D22B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!EnumDependentServicesW 757B1EC8 12 Bytes JMP 5FF3B9BD C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!SetFileSecurityW 757B6A31 5 Bytes JMP 5FF3C714 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!QueryServiceStatusEx 757B8632 5 Bytes JMP 5FF3B1FC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!StartServiceW 757B8A9B 5 Bytes JMP 5FF3AFC4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!SetSecurityInfo + 2 757B9964 6 Bytes JMP 5FF3CA67 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!SetNamedSecurityInfoW + 2 757B9A67 6 Bytes JMP 5FF3CC9F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!CreateProcessAsUserW 757BBBDB 5 Bytes JMP 5FF388E8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!EnumServicesStatusExW 757BBC43 12 Bytes JMP 5FF3C29D C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!OpenSCManagerW 757BD1F5 5 Bytes JMP 5FF3A800 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!OpenServiceW 757BD20D 5 Bytes JMP 5FF3AC70 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!QueryServiceConfigW 757BD225 5 Bytes JMP 5FF3B550 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!QueryServiceStatus 757C3A84 5 Bytes JMP 5FF3B0E0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!OpenServiceA 757C3B15 5 Bytes JMP 5FF3AB54 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!OpenSCManagerA 757C3B2D 5 Bytes JMP 5FF3A6E4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!AdjustTokenPrivileges 757CB656 5 Bytes JMP 5FF3C4DC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!SetKernelObjectSecurity 757CBBD2 5 Bytes JMP 5FF3C830 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!CreateServiceW 757DDBC1 5 Bytes JMP 5FF3AA38 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!ControlService 757DDC74 5 Bytes JMP 5FF3B318 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!DeleteService 757DDC8C 5 Bytes JMP 5FF3AD8C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!QueryServiceConfigA 757DF1FF 5 Bytes JMP 5FF3B434 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!StartServiceA 757DF217 5 Bytes JMP 5FF3AEA8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!EnumServicesStatusExA 757DF7BE 6 Bytes [8B, FF, 90, E9, BE, C9]
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!EnumServicesStatusExA + 7 757DF7C5 5 Bytes JMP 90909090
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!CreateProcessAsUserA + 2 757F14FF 8 Bytes JMP 5FF38A03 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!ChangeServiceConfig2A + 2 757F2092 9 Bytes JMP 5FF3BD13 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!ChangeServiceConfig2W + 2 757F20A2 9 Bytes JMP 5FF3BE2F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!ChangeServiceConfigA + 2 757F20B2 9 Bytes JMP 5FF3BADB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!ChangeServiceConfigW + 2 757F20C2 9 Bytes JMP 5FF3BBF7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!CreateServiceA + 2 757F2122 9 Bytes JMP 5FF3A91B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!QueryServiceConfig2A + 2 757F23B3 9 Bytes JMP 5FF3B66B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!QueryServiceConfig2W + 2 757F23C3 9 Bytes JMP 5FF3B787 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!SetServiceObjectSecurity + 2 757F24FD 9 Bytes JMP 5FF3C94B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!CreateProcessWithLogonW + 2 757F42A3 6 Bytes JMP 5FF387CB C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!InitiateSystemShutdownW + 2 7580C15F 6 Bytes JMP 5FF3DD47 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!InitiateSystemShutdownExW + 2 7580C22C 6 Bytes JMP 5FF3DF7F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!AbortSystemShutdownW + 2 7580C452 7 Bytes JMP 5FF3E1B7 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!EnumServicesStatusA 75810709 12 Bytes JMP 5FF3BF49 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!EnumDependentServicesA 758107EC 12 Bytes JMP 5FF3B8A1 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ADVAPI32.dll!EnumServicesStatusW + 2 7581090B 8 Bytes JMP 5FF3C067 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ole32.dll!CoGetClassObject + 2 758EA2D6 8 Bytes JMP 5FF36447 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ole32.dll!CoInitializeEx + 2 758F0806 6 Bytes JMP 5FF360F3 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ole32.dll!CoCreateInstance + 2 759057FE 6 Bytes JMP 5FF3620F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ole32.dll!CoCreateInstanceEx + 2 75905841 7 Bytes JMP 5FF3632B C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ole32.dll!CoGetInstanceFromFile + 2 759711FB 8 Bytes JMP 5FF36563 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] ole32.dll!CoGetInstanceFromIStorage + 2 75990865 8 Bytes JMP 5FF3667F C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!BroadcastSystemMessageExW 75C025B0 5 Bytes JMP 5FF3A38C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SetUserObjectSecurity 75C039C7 5 Bytes JMP 5FF3CDBC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!BroadcastSystemMessageW 75C08056 5 Bytes JMP 5FF3A154 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!PostThreadMessageA 75C0CBD1 5 Bytes JMP 5FF39520 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SendMessageA 75C0CC28 5 Bytes JMP 5FF390B0 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!PostMessageA 75C0D656 5 Bytes JMP 5FF392E8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SendNotifyMessageW 75C0EB65 5 Bytes JMP 5FF39CE4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!PostThreadMessageW 75C0ECDE 5 Bytes JMP 5FF3963C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SetWindowsHookExW 75C1210A 5 Bytes JMP 5FF3D580 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SendMessageTimeoutW 75C1313E 5 Bytes JMP 5FF39AAC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SendMessageCallbackW 75C14DFC 5 Bytes JMP 5FF39874 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!PostMessageW 75C16225 5 Bytes JMP 5FF39404 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SendMessageW 75C1764C 5 Bytes JMP 5FF391CC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SendNotifyMessageA 75C267B4 5 Bytes JMP 5FF39BC8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SendDlgItemMessageA 75C2914D 5 Bytes JMP 5FF39E00 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SendDlgItemMessageW 75C34CFE 5 Bytes JMP 5FF39F1C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!OpenClipboard 75C35BB9 5 Bytes JMP 5FF368BC C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SetWindowsHookExA 75C36DFA 5 Bytes JMP 5FF3D464 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SendMessageTimeoutA 75C36E97 5 Bytes JMP 5FF39990 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SetWindowsHookA 75C4B669 5 Bytes JMP 5FF3D69C C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SetWindowsHookW 75C4B684 5 Bytes JMP 5FF3D7B8 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!EndTask 75C4FD8E 5 Bytes JMP 5FF38F94 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!ExitWindowsEx 75C506EF 5 Bytes JMP 5FF3E2D4 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!BroadcastSystemMessageExA 75C63B83 5 Bytes JMP 5FF3A270 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!BroadcastSystemMessage + 2 75C63BAC 7 Bytes JMP 5FF3A037 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Amy\Desktop\bzl9ymql.exe[5844] USER32.dll!SendMessageCallbackA 75C63EEB 5 Bytes JMP 5FF39758 C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3D110] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] @ C:\windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] @ C:\windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [5FF38A04] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1468] @ C:\windows\system32\shell32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\windows\system32\Dwm.exe[1512] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3D110] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\windows\system32\Dwm.exe[1512] @ C:\windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\windows\Explorer.EXE[1528] @ C:\windows\Explorer.EXE [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\windows\Explorer.EXE[1528] @ C:\windows\Explorer.EXE [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\windows\Explorer.EXE[1528] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3D110] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\windows\Explorer.EXE[1528] @ C:\windows\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\windows\Explorer.EXE[1528] @ C:\windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3D110] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] @ C:\windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] @ C:\windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [5FF38A04] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2208] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3D110] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] @ C:\windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] @ C:\windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [5FF38A04] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2380] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3D110] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] @ C:\windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] @ C:\windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [5FF38A04] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3160] @ C:\windows\system32\shell32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\windows\system32\wuauclt.exe[4844] @ C:\windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\windows\system32\wuauclt.exe[4844] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3D110] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Amy\Desktop\bzl9ymql.exe[5844] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3D110] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Amy\Desktop\bzl9ymql.exe[5844] @ C:\windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 85BA4EC5

---- Files - GMER 1.0.15 ----

File C:\windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#6 djost

djost
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 05 July 2010 - 07:28 PM

OTL log:

OTL logfile created on: 7/5/2010 7:18:57 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Amy\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 178.43 Gb Free Space | 79.89% Space Free | Partition Type: NTFS
Drive D: | 3.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMY-PC
Current User Name: Amy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Amy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Amy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptsp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\UmxSbxExw.dll (CA)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\System32\UmxSbxw.dll (CA)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (CAISafe) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (UmxFwHlp) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (UmxPol) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (UmxCfg) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- C:\windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- C:\windows\System32\Drivers\RtsUStor.sys File not found
DRV - (Lbd) -- C:\windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (KmxAMRT) -- C:\windows\system32\DRIVERS\KmxAMRT.sys (CA)
DRV - (KmxAgent) -- C:\Windows\System32\drivers\KmxAgent.sys (CA)
DRV - (KmxCfg) -- C:\Windows\System32\drivers\KmxCfg.sys (CA)
DRV - (KmxSbx) -- C:\Windows\System32\drivers\KmxSbx.sys (CA)
DRV - (KmxFile) -- C:\Windows\System32\drivers\KmxFile.sys (CA)
DRV - (KmxCF) -- C:\Windows\System32\drivers\KmxCF.sys (CA)
DRV - (KmxFw) -- C:\windows\System32\DRIVERS\kmxfw.sys (CA)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (TVALZ) -- C:\windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (LPCFilter) -- C:\windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (KmxFilter) -- C:\Windows\System32\drivers\KmxFilter.sys (CA)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (KmxAMVet) -- C:\Windows\System32\drivers\KmxAMVet.sys (Computer Associates International, Inc.)
DRV - (RTL8187Se) -- C:\Windows\System32\drivers\RTL8187Se.sys (Realtek Semiconductor Corporation )
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA"
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.1.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\Firefox [2010/04/20 22:05:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\LinkAdvisor\Firefox [2010/04/20 22:05:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 18:10:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 18:10:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\LinkAdvisor\Firefox [2010/04/20 22:05:34 | 000,000,000 | ---D | M]

[2010/02/08 09:34:58 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Mozilla\Extensions
[2010/07/05 08:32:07 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5broe67n.default\extensions
[2010/03/24 05:31:11 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5broe67n.default\extensions\info@djzig.com
[2010/02/08 09:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/26 21:30:24 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\windows\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\windows\System32\UmxWNP.dll (CA)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/05 18:51:59 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2010/06/29 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/29 21:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/29 21:09:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/06/29 21:09:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/06/29 18:24:39 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/06/29 18:24:34 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/06/29 16:05:27 | 000,000,000 | ---D | C] -- C:\Users\Amy\Documents\OneNote Notebooks
[2010/06/29 16:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/06/28 23:30:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/28 23:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/06/28 23:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/28 23:17:57 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Malwarebytes
[2010/06/28 23:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/28 23:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 15:14:24 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/06/26 21:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/06/26 21:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/26 21:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/26 20:46:43 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\CS5
[2010/06/26 20:23:11 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\Adobe Photoshop Lightroom 3.0
[2010/06/16 18:44:20 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Facebook
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/05 19:20:14 | 002,359,296 | -HS- | M] () -- C:\Users\Amy\ntuser.dat
[2010/07/05 19:19:47 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/05 19:16:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/07/05 18:52:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2010/07/05 18:36:58 | 000,293,376 | ---- | M] () -- C:\Users\Amy\Desktop\bzl9ymql.exe
[2010/07/05 15:58:20 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 15:58:20 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 15:51:43 | 000,000,370 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/05 15:50:39 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/05 15:50:07 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/07/05 15:49:48 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/05 15:49:03 | 000,933,733 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k2
[2010/07/05 15:49:03 | 000,116,284 | ---- | M] () -- C:\windows\System32\drivers\KmxAgent.asc
[2010/07/05 15:49:03 | 000,010,417 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k0
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k2
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k1
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k0
[2010/07/05 15:49:03 | 000,000,289 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k1
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k7
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k6
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k5
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k4
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k3
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k7
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k6
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k5
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k4
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k3
[2010/07/05 15:26:48 | 200,420,694 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010/07/03 16:10:17 | 000,002,000 | -H-- | M] () -- C:\Users\Amy\Documents\Default.rdp
[2010/07/02 15:11:10 | 001,029,842 | -H-- | M] () -- C:\Users\Amy\AppData\Local\IconCache.db
[2010/07/02 08:32:44 | 000,713,888 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/07/02 08:32:44 | 000,615,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/07/02 08:32:44 | 000,103,702 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/29 21:23:11 | 000,001,231 | ---- | M] () -- C:\Users\Amy\Desktop\Spybot - Search & Destroy.lnk
[2010/06/29 21:10:00 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 18:25:34 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000002.regtrans-ms
[2010/06/29 18:25:34 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000001.regtrans-ms
[2010/06/29 18:25:34 | 000,065,536 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TM.blf
[2010/06/29 18:24:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/06/29 18:24:31 | 000,015,880 | ---- | M] () -- C:\windows\System32\lsdelete.exe
[2010/06/29 18:24:19 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/06/29 18:23:04 | 000,001,135 | ---- | M] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/29 18:23:04 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/29 16:10:30 | 002,541,416 | ---- | M] () -- C:\Users\Amy\Documents\unemployment paper.one
[2010/06/29 16:05:27 | 000,001,291 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/06/27 07:52:57 | 003,773,672 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/26 21:35:41 | 000,110,816 | ---- | M] () -- C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/26 21:31:04 | 000,000,069 | ---- | M] () -- C:\windows\wininit.ini
[2010/06/26 20:29:19 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.lnk
[2010/06/25 16:47:10 | 000,266,573 | ---- | M] () -- C:\Users\Amy\Documents\mg20015,1135703050,sacred01_GOTHIC_VAMPIRE_WOMAN_Grave2.jpg
[2010/06/25 16:37:02 | 000,066,412 | ---- | M] () -- C:\Users\Amy\Documents\vampire_20girl_2004_jpg.jpg
[2010/06/24 18:37:10 | 000,025,600 | ---- | M] () -- C:\Users\Amy\Documents\Amy Beardsley.doc
[2010/06/23 10:20:19 | 000,277,012 | ---- | M] () -- C:\Users\Amy\Documents\Girls_Gothic_girl_013638_-472868.jpeg
[2010/06/23 10:18:51 | 000,191,180 | ---- | M] () -- C:\Users\Amy\Documents\Demon_Guitar.jpg
[2010/06/23 10:18:35 | 000,090,254 | ---- | M] () -- C:\Users\Amy\Documents\Guitar_Hero_by_frankhong-709132.jpg
[2010/06/23 10:17:56 | 000,004,665 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg13.jpg
[2010/06/23 09:48:26 | 000,004,134 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg12.jpg
[2010/06/23 09:47:56 | 000,003,508 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg11.jpg
[2010/06/23 09:47:43 | 000,003,671 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg9.jpg
[2010/06/23 09:47:30 | 000,004,365 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg8.jpg
[2010/06/23 09:47:10 | 000,003,771 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg7.jpg
[2010/06/23 09:39:02 | 000,002,830 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg6.jpg
[2010/06/23 09:38:46 | 000,002,327 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg4.jpg
[2010/06/23 09:36:24 | 000,002,968 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg3.jpg
[2010/06/23 09:36:11 | 000,003,248 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg2.jpg
[2010/06/23 09:36:01 | 000,002,982 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg1.jpg
[2010/06/23 09:35:37 | 000,003,052 | ---- | M] () -- C:\Users\Amy\Documents\images (2).jpg
[2010/06/23 09:33:39 | 000,003,052 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg
[2010/06/16 16:35:33 | 000,063,212 | ---- | M] () -- C:\Users\Amy\Documents\l_3faac4afbce842a185f33e0e46e8bb31.jpg
[2010/06/16 16:29:53 | 000,016,168 | ---- | M] () -- C:\Users\Amy\Documents\l_1ff4ff1a639b498ea45f16e1a23212a4.jpg
[2010/06/16 16:28:02 | 000,048,357 | ---- | M] () -- C:\Users\Amy\Documents\l_ee036d00310a44c3b141d3e39cf0a025.jpg
[2010/06/11 18:04:04 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 10:17:28 | 001,042,173 | ---- | M] () -- C:\Users\Amy\Documents\100_2690.jpg
[2010/06/10 10:09:04 | 001,057,477 | ---- | M] () -- C:\Users\Amy\Documents\100_2691.jpg
[2010/06/10 10:08:42 | 001,026,534 | ---- | M] () -- C:\Users\Amy\Documents\100_2687.jpg
[2010/06/10 10:08:19 | 001,066,591 | ---- | M] () -- C:\Users\Amy\Documents\100_2734.jpg
[2010/06/10 10:08:06 | 000,982,796 | ---- | M] () -- C:\Users\Amy\Documents\100_2719.jpg
[2010/06/10 10:07:55 | 001,077,277 | ---- | M] () -- C:\Users\Amy\Documents\100_2694.jpg
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/05 18:36:49 | 000,293,376 | ---- | C] () -- C:\Users\Amy\Desktop\bzl9ymql.exe
[2010/07/03 11:05:45 | 000,000,370 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/29 21:23:11 | 000,001,231 | ---- | C] () -- C:\Users\Amy\Desktop\Spybot - Search & Destroy.lnk
[2010/06/29 21:10:00 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 21:08:19 | 000,015,880 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2010/06/29 18:23:04 | 000,001,135 | ---- | C] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/29 18:23:04 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/29 16:10:28 | 002,541,416 | ---- | C] () -- C:\Users\Amy\Documents\unemployment paper.one
[2010/06/29 16:05:26 | 000,001,291 | ---- | C] () -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/06/29 06:40:01 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000002.regtrans-ms
[2010/06/29 06:40:00 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000001.regtrans-ms
[2010/06/29 06:40:00 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TM.blf
[2010/06/26 21:31:04 | 000,000,069 | ---- | C] () -- C:\windows\wininit.ini
[2010/06/26 20:29:19 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3.lnk
[2010/06/25 16:47:09 | 000,266,573 | ---- | C] () -- C:\Users\Amy\Documents\mg20015,1135703050,sacred01_GOTHIC_VAMPIRE_WOMAN_Grave2.jpg
[2010/06/25 16:36:56 | 000,066,412 | ---- | C] () -- C:\Users\Amy\Documents\vampire_20girl_2004_jpg.jpg
[2010/06/23 10:20:17 | 000,277,012 | ---- | C] () -- C:\Users\Amy\Documents\Girls_Gothic_girl_013638_-472868.jpeg
[2010/06/23 10:18:50 | 000,191,180 | ---- | C] () -- C:\Users\Amy\Documents\Demon_Guitar.jpg
[2010/06/23 10:18:34 | 000,090,254 | ---- | C] () -- C:\Users\Amy\Documents\Guitar_Hero_by_frankhong-709132.jpg
[2010/06/23 10:17:53 | 000,004,665 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg13.jpg
[2010/06/23 09:49:50 | 000,003,052 | ---- | C] () -- C:\Users\Amy\Documents\images (2).jpg
[2010/06/23 09:49:41 | 000,004,365 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg8.jpg
[2010/06/23 09:49:41 | 000,004,134 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg12.jpg
[2010/06/23 09:49:41 | 000,003,771 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg7.jpg
[2010/06/23 09:49:41 | 000,003,671 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg9.jpg
[2010/06/23 09:49:41 | 000,003,508 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg11.jpg
[2010/06/23 09:49:41 | 000,003,248 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg2.jpg
[2010/06/23 09:49:41 | 000,002,982 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg1.jpg
[2010/06/23 09:49:41 | 000,002,968 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg3.jpg
[2010/06/23 09:49:41 | 000,002,830 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg6.jpg
[2010/06/23 09:49:41 | 000,002,327 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg4.jpg
[2010/06/16 16:35:32 | 000,063,212 | ---- | C] () -- C:\Users\Amy\Documents\l_3faac4afbce842a185f33e0e46e8bb31.jpg
[2010/06/16 16:29:50 | 000,016,168 | ---- | C] () -- C:\Users\Amy\Documents\l_1ff4ff1a639b498ea45f16e1a23212a4.jpg
[2010/06/16 16:27:57 | 000,048,357 | ---- | C] () -- C:\Users\Amy\Documents\l_ee036d00310a44c3b141d3e39cf0a025.jpg
[2010/06/11 18:04:04 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 10:09:03 | 001,057,477 | ---- | C] () -- C:\Users\Amy\Documents\100_2691.jpg
[2010/06/10 10:08:51 | 001,042,173 | ---- | C] () -- C:\Users\Amy\Documents\100_2690.jpg
[2010/06/10 10:08:41 | 001,026,534 | ---- | C] () -- C:\Users\Amy\Documents\100_2687.jpg
[2010/06/10 10:08:17 | 001,066,591 | ---- | C] () -- C:\Users\Amy\Documents\100_2734.jpg
[2010/06/10 10:08:05 | 000,982,796 | ---- | C] () -- C:\Users\Amy\Documents\100_2719.jpg
[2010/06/10 10:07:52 | 001,077,277 | ---- | C] () -- C:\Users\Amy\Documents\100_2694.jpg
[2010/02/06 14:15:04 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2009/12/08 22:35:03 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/12/08 22:15:25 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2009/12/08 22:10:00 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/04/28 08:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll
[2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\windows\System32\vpnapi.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/07/05 15:49:47 | 000,003,132 | ---- | M] () -- C:\aaw7boot.log
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/08/28 00:25:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/02/18 20:31:18 | 001,443,367 | ---- | M] () -- C:\caisslog.txt
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/07/05 1

#7 djost

djost
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 05 July 2010 - 07:30 PM

OTL log:

OTL logfile created on: 7/5/2010 7:18:57 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Amy\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 178.43 Gb Free Space | 79.89% Space Free | Partition Type: NTFS
Drive D: | 3.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMY-PC
Current User Name: Amy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Amy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Amy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptsp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\UmxSbxExw.dll (CA)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\System32\UmxSbxw.dll (CA)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (CAISafe) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (UmxFwHlp) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (UmxPol) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (UmxCfg) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- C:\windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- C:\windows\System32\Drivers\RtsUStor.sys File not found
DRV - (Lbd) -- C:\windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (KmxAMRT) -- C:\windows\system32\DRIVERS\KmxAMRT.sys (CA)
DRV - (KmxAgent) -- C:\Windows\System32\drivers\KmxAgent.sys (CA)
DRV - (KmxCfg) -- C:\Windows\System32\drivers\KmxCfg.sys (CA)
DRV - (KmxSbx) -- C:\Windows\System32\drivers\KmxSbx.sys (CA)
DRV - (KmxFile) -- C:\Windows\System32\drivers\KmxFile.sys (CA)
DRV - (KmxCF) -- C:\Windows\System32\drivers\KmxCF.sys (CA)
DRV - (KmxFw) -- C:\windows\System32\DRIVERS\kmxfw.sys (CA)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (TVALZ) -- C:\windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (LPCFilter) -- C:\windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (KmxFilter) -- C:\Windows\System32\drivers\KmxFilter.sys (CA)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (KmxAMVet) -- C:\Windows\System32\drivers\KmxAMVet.sys (Computer Associates International, Inc.)
DRV - (RTL8187Se) -- C:\Windows\System32\drivers\RTL8187Se.sys (Realtek Semiconductor Corporation )
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA"
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.1.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\Firefox [2010/04/20 22:05:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\LinkAdvisor\Firefox [2010/04/20 22:05:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 18:10:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 18:10:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\LinkAdvisor\Firefox [2010/04/20 22:05:34 | 000,000,000 | ---D | M]

[2010/02/08 09:34:58 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Mozilla\Extensions
[2010/07/05 08:32:07 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5broe67n.default\extensions
[2010/03/24 05:31:11 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5broe67n.default\extensions\info@djzig.com
[2010/02/08 09:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/26 21:30:24 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\windows\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\windows\System32\UmxWNP.dll (CA)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/05 18:51:59 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2010/06/29 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/29 21:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/29 21:09:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/06/29 21:09:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/06/29 18:24:39 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/06/29 18:24:34 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/06/29 16:05:27 | 000,000,000 | ---D | C] -- C:\Users\Amy\Documents\OneNote Notebooks
[2010/06/29 16:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/06/28 23:30:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/28 23:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/06/28 23:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/28 23:17:57 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Malwarebytes
[2010/06/28 23:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/28 23:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 15:14:24 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/06/26 21:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/06/26 21:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/26 21:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/26 20:46:43 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\CS5
[2010/06/26 20:23:11 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\Adobe Photoshop Lightroom 3.0
[2010/06/16 18:44:20 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Facebook
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/05 19:20:14 | 002,359,296 | -HS- | M] () -- C:\Users\Amy\ntuser.dat
[2010/07/05 19:19:47 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/05 19:16:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/07/05 18:52:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2010/07/05 18:36:58 | 000,293,376 | ---- | M] () -- C:\Users\Amy\Desktop\bzl9ymql.exe
[2010/07/05 15:58:20 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 15:58:20 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 15:51:43 | 000,000,370 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/05 15:50:39 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/05 15:50:07 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/07/05 15:49:48 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/05 15:49:03 | 000,933,733 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k2
[2010/07/05 15:49:03 | 000,116,284 | ---- | M] () -- C:\windows\System32\drivers\KmxAgent.asc
[2010/07/05 15:49:03 | 000,010,417 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k0
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k2
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k1
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k0
[2010/07/05 15:49:03 | 000,000,289 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k1
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k7
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k6
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k5
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k4
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k3
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k7
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k6
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k5
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k4
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k3
[2010/07/05 15:26:48 | 200,420,694 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010/07/03 16:10:17 | 000,002,000 | -H-- | M] () -- C:\Users\Amy\Documents\Default.rdp
[2010/07/02 15:11:10 | 001,029,842 | -H-- | M] () -- C:\Users\Amy\AppData\Local\IconCache.db
[2010/07/02 08:32:44 | 000,713,888 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/07/02 08:32:44 | 000,615,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/07/02 08:32:44 | 000,103,702 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/29 21:23:11 | 000,001,231 | ---- | M] () -- C:\Users\Amy\Desktop\Spybot - Search & Destroy.lnk
[2010/06/29 21:10:00 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 18:25:34 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000002.regtrans-ms
[2010/06/29 18:25:34 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000001.regtrans-ms
[2010/06/29 18:25:34 | 000,065,536 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TM.blf
[2010/06/29 18:24:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/06/29 18:24:31 | 000,015,880 | ---- | M] () -- C:\windows\System32\lsdelete.exe
[2010/06/29 18:24:19 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/06/29 18:23:04 | 000,001,135 | ---- | M] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/29 18:23:04 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/29 16:10:30 | 002,541,416 | ---- | M] () -- C:\Users\Amy\Documents\unemployment paper.one
[2010/06/29 16:05:27 | 000,001,291 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/06/27 07:52:57 | 003,773,672 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/26 21:35:41 | 000,110,816 | ---- | M] () -- C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/26 21:31:04 | 000,000,069 | ---- | M] () -- C:\windows\wininit.ini
[2010/06/26 20:29:19 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.lnk
[2010/06/25 16:47:10 | 000,266,573 | ---- | M] () -- C:\Users\Amy\Documents\mg20015,1135703050,sacred01_GOTHIC_VAMPIRE_WOMAN_Grave2.jpg
[2010/06/25 16:37:02 | 000,066,412 | ---- | M] () -- C:\Users\Amy\Documents\vampire_20girl_2004_jpg.jpg
[2010/06/24 18:37:10 | 000,025,600 | ---- | M] () -- C:\Users\Amy\Documents\Amy Beardsley.doc
[2010/06/23 10:20:19 | 000,277,012 | ---- | M] () -- C:\Users\Amy\Documents\Girls_Gothic_girl_013638_-472868.jpeg
[2010/06/23 10:18:51 | 000,191,180 | ---- | M] () -- C:\Users\Amy\Documents\Demon_Guitar.jpg
[2010/06/23 10:18:35 | 000,090,254 | ---- | M] () -- C:\Users\Amy\Documents\Guitar_Hero_by_frankhong-709132.jpg
[2010/06/23 10:17:56 | 000,004,665 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg13.jpg
[2010/06/23 09:48:26 | 000,004,134 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg12.jpg
[2010/06/23 09:47:56 | 000,003,508 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg11.jpg
[2010/06/23 09:47:43 | 000,003,671 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg9.jpg
[2010/06/23 09:47:30 | 000,004,365 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg8.jpg
[2010/06/23 09:47:10 | 000,003,771 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg7.jpg
[2010/06/23 09:39:02 | 000,002,830 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg6.jpg
[2010/06/23 09:38:46 | 000,002,327 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg4.jpg
[2010/06/23 09:36:24 | 000,002,968 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg3.jpg
[2010/06/23 09:36:11 | 000,003,248 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg2.jpg
[2010/06/23 09:36:01 | 000,002,982 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg1.jpg
[2010/06/23 09:35:37 | 000,003,052 | ---- | M] () -- C:\Users\Amy\Documents\images (2).jpg
[2010/06/23 09:33:39 | 000,003,052 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg
[2010/06/16 16:35:33 | 000,063,212 | ---- | M] () -- C:\Users\Amy\Documents\l_3faac4afbce842a185f33e0e46e8bb31.jpg
[2010/06/16 16:29:53 | 000,016,168 | ---- | M] () -- C:\Users\Amy\Documents\l_1ff4ff1a639b498ea45f16e1a23212a4.jpg
[2010/06/16 16:28:02 | 000,048,357 | ---- | M] () -- C:\Users\Amy\Documents\l_ee036d00310a44c3b141d3e39cf0a025.jpg
[2010/06/11 18:04:04 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 10:17:28 | 001,042,173 | ---- | M] () -- C:\Users\Amy\Documents\100_2690.jpg
[2010/06/10 10:09:04 | 001,057,477 | ---- | M] () -- C:\Users\Amy\Documents\100_2691.jpg
[2010/06/10 10:08:42 | 001,026,534 | ---- | M] () -- C:\Users\Amy\Documents\100_2687.jpg
[2010/06/10 10:08:19 | 001,066,591 | ---- | M] () -- C:\Users\Amy\Documents\100_2734.jpg
[2010/06/10 10:08:06 | 000,982,796 | ---- | M] () -- C:\Users\Amy\Documents\100_2719.jpg
[2010/06/10 10:07:55 | 001,077,277 | ---- | M] () -- C:\Users\Amy\Documents\100_2694.jpg
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/05 18:36:49 | 000,293,376 | ---- | C] () -- C:\Users\Amy\Desktop\bzl9ymql.exe
[2010/07/03 11:05:45 | 000,000,370 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/29 21:23:11 | 000,001,231 | ---- | C] () -- C:\Users\Amy\Desktop\Spybot - Search & Destroy.lnk
[2010/06/29 21:10:00 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 21:08:19 | 000,015,880 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2010/06/29 18:23:04 | 000,001,135 | ---- | C] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/29 18:23:04 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/29 16:10:28 | 002,541,416 | ---- | C] () -- C:\Users\Amy\Documents\unemployment paper.one
[2010/06/29 16:05:26 | 000,001,291 | ---- | C] () -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/06/29 06:40:01 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000002.regtrans-ms
[2010/06/29 06:40:00 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000001.regtrans-ms
[2010/06/29 06:40:00 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TM.blf
[2010/06/26 21:31:04 | 000,000,069 | ---- | C] () -- C:\windows\wininit.ini
[2010/06/26 20:29:19 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3.lnk
[2010/06/25 16:47:09 | 000,266,573 | ---- | C] () -- C:\Users\Amy\Documents\mg20015,1135703050,sacred01_GOTHIC_VAMPIRE_WOMAN_Grave2.jpg
[2010/06/25 16:36:56 | 000,066,412 | ---- | C] () -- C:\Users\Amy\Documents\vampire_20girl_2004_jpg.jpg
[2010/06/23 10:20:17 | 000,277,012 | ---- | C] () -- C:\Users\Amy\Documents\Girls_Gothic_girl_013638_-472868.jpeg
[2010/06/23 10:18:50 | 000,191,180 | ---- | C] () -- C:\Users\Amy\Documents\Demon_Guitar.jpg
[2010/06/23 10:18:34 | 000,090,254 | ---- | C] () -- C:\Users\Amy\Documents\Guitar_Hero_by_frankhong-709132.jpg
[2010/06/23 10:17:53 | 000,004,665 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg13.jpg
[2010/06/23 09:49:50 | 000,003,052 | ---- | C] () -- C:\Users\Amy\Documents\images (2).jpg
[2010/06/23 09:49:41 | 000,004,365 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg8.jpg
[2010/06/23 09:49:41 | 000,004,134 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg12.jpg
[2010/06/23 09:49:41 | 000,003,771 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg7.jpg
[2010/06/23 09:49:41 | 000,003,671 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg9.jpg
[2010/06/23 09:49:41 | 000,003,508 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg11.jpg
[2010/06/23 09:49:41 | 000,003,248 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg2.jpg
[2010/06/23 09:49:41 | 000,002,982 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg1.jpg
[2010/06/23 09:49:41 | 000,002,968 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg3.jpg
[2010/06/23 09:49:41 | 000,002,830 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg6.jpg
[2010/06/23 09:49:41 | 000,002,327 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg4.jpg
[2010/06/16 16:35:32 | 000,063,212 | ---- | C] () -- C:\Users\Amy\Documents\l_3faac4afbce842a185f33e0e46e8bb31.jpg
[2010/06/16 16:29:50 | 000,016,168 | ---- | C] () -- C:\Users\Amy\Documents\l_1ff4ff1a639b498ea45f16e1a23212a4.jpg
[2010/06/16 16:27:57 | 000,048,357 | ---- | C] () -- C:\Users\Amy\Documents\l_ee036d00310a44c3b141d3e39cf0a025.jpg
[2010/06/11 18:04:04 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 10:09:03 | 001,057,477 | ---- | C] () -- C:\Users\Amy\Documents\100_2691.jpg
[2010/06/10 10:08:51 | 001,042,173 | ---- | C] () -- C:\Users\Amy\Documents\100_2690.jpg
[2010/06/10 10:08:41 | 001,026,534 | ---- | C] () -- C:\Users\Amy\Documents\100_2687.jpg
[2010/06/10 10:08:17 | 001,066,591 | ---- | C] () -- C:\Users\Amy\Documents\100_2734.jpg
[2010/06/10 10:08:05 | 000,982,796 | ---- | C] () -- C:\Users\Amy\Documents\100_2719.jpg
[2010/06/10 10:07:52 | 001,077,277 | ---- | C] () -- C:\Users\Amy\Documents\100_2694.jpg
[2010/02/06 14:15:04 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2009/12/08 22:35:03 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/12/08 22:15:25 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2009/12/08 22:10:00 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/04/28 08:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll
[2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\windows\System32\vpnapi.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/07/05 15:49:47 | 000,003,132 | ---- | M] () -- C:\aaw7boot.log
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/08/28 00:25:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/02/18 20:31:18 | 001,443,367 | ---- | M] () -- C:\caisslog.txt
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

#8 djost

djost
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 05 July 2010 - 07:32 PM

OTL log:(Part 1)

OTL logfile created on: 7/5/2010 7:18:57 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Amy\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 178.43 Gb Free Space | 79.89% Space Free | Partition Type: NTFS
Drive D: | 3.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMY-PC
Current User Name: Amy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Amy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Amy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptsp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\UmxSbxExw.dll (CA)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\System32\UmxSbxw.dll (CA)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (CAISafe) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (UmxFwHlp) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (UmxPol) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (UmxCfg) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- C:\windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- C:\windows\System32\Drivers\RtsUStor.sys File not found
DRV - (Lbd) -- C:\windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (KmxAMRT) -- C:\windows\system32\DRIVERS\KmxAMRT.sys (CA)
DRV - (KmxAgent) -- C:\Windows\System32\drivers\KmxAgent.sys (CA)
DRV - (KmxCfg) -- C:\Windows\System32\drivers\KmxCfg.sys (CA)
DRV - (KmxSbx) -- C:\Windows\System32\drivers\KmxSbx.sys (CA)
DRV - (KmxFile) -- C:\Windows\System32\drivers\KmxFile.sys (CA)
DRV - (KmxCF) -- C:\Windows\System32\drivers\KmxCF.sys (CA)
DRV - (KmxFw) -- C:\windows\System32\DRIVERS\kmxfw.sys (CA)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (TVALZ) -- C:\windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (LPCFilter) -- C:\windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (KmxFilter) -- C:\Windows\System32\drivers\KmxFilter.sys (CA)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (KmxAMVet) -- C:\Windows\System32\drivers\KmxAMVet.sys (Computer Associates International, Inc.)
DRV - (RTL8187Se) -- C:\Windows\System32\drivers\RTL8187Se.sys (Realtek Semiconductor Corporation )
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA"
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.1.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\Firefox [2010/04/20 22:05:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\LinkAdvisor\Firefox [2010/04/20 22:05:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 18:10:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 18:10:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\LinkAdvisor\Firefox [2010/04/20 22:05:34 | 000,000,000 | ---D | M]

[2010/02/08 09:34:58 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Mozilla\Extensions
[2010/07/05 08:32:07 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5broe67n.default\extensions
[2010/03/24 05:31:11 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5broe67n.default\extensions\info@djzig.com
[2010/02/08 09:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/26 21:30:24 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\windows\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\windows\System32\UmxWNP.dll (CA)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.92625640\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*







OTL Log:(Part 2)

#9 djost

djost
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 05 July 2010 - 07:36 PM

OTL Log:(Part 2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/05 18:51:59 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2010/06/29 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/29 21:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/29 21:09:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/06/29 21:09:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/06/29 18:24:39 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/06/29 18:24:34 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/06/29 16:05:27 | 000,000,000 | ---D | C] -- C:\Users\Amy\Documents\OneNote Notebooks
[2010/06/29 16:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/06/28 23:30:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/28 23:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/06/28 23:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/28 23:17:57 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Malwarebytes
[2010/06/28 23:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/28 23:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 15:14:24 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/06/26 21:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/06/26 21:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/26 21:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/26 20:46:43 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\CS5
[2010/06/26 20:23:11 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\Adobe Photoshop Lightroom 3.0
[2010/06/16 18:44:20 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Facebook
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/05 19:20:14 | 002,359,296 | -HS- | M] () -- C:\Users\Amy\ntuser.dat
[2010/07/05 19:19:47 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/05 19:16:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/07/05 18:52:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2010/07/05 18:36:58 | 000,293,376 | ---- | M] () -- C:\Users\Amy\Desktop\bzl9ymql.exe
[2010/07/05 15:58:20 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 15:58:20 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 15:51:43 | 000,000,370 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/05 15:50:39 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/05 15:50:07 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/07/05 15:49:48 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/05 15:49:03 | 000,933,733 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k2
[2010/07/05 15:49:03 | 000,116,284 | ---- | M] () -- C:\windows\System32\drivers\KmxAgent.asc
[2010/07/05 15:49:03 | 000,010,417 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k0
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k2
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k1
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k0
[2010/07/05 15:49:03 | 000,000,289 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k1
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k7
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k6
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k5
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k4
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k3
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k7
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k6
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k5
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k4
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k3
[2010/07/05 15:26:48 | 200,420,694 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010/07/03 16:10:17 | 000,002,000 | -H-- | M] () -- C:\Users\Amy\Documents\Default.rdp
[2010/07/02 15:11:10 | 001,029,842 | -H-- | M] () -- C:\Users\Amy\AppData\Local\IconCache.db
[2010/07/02 08:32:44 | 000,713,888 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/07/02 08:32:44 | 000,615,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/07/02 08:32:44 | 000,103,702 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/29 21:23:11 | 000,001,231 | ---- | M] () -- C:\Users\Amy\Desktop\Spybot - Search & Destroy.lnk
[2010/06/29 21:10:00 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 18:25:34 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000002.regtrans-ms
[2010/06/29 18:25:34 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000001.regtrans-ms
[2010/06/29 18:25:34 | 000,065,536 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TM.blf
[2010/06/29 18:24:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/06/29 18:24:31 | 000,015,880 | ---- | M] () -- C:\windows\System32\lsdelete.exe
[2010/06/29 18:24:19 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/06/29 18:23:04 | 000,001,135 | ---- | M] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/29 18:23:04 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/29 16:10:30 | 002,541,416 | ---- | M] () -- C:\Users\Amy\Documents\unemployment paper.one
[2010/06/29 16:05:27 | 000,001,291 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/06/27 07:52:57 | 003,773,672 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/26 21:35:41 | 000,110,816 | ---- | M] () -- C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/26 21:31:04 | 000,000,069 | ---- | M] () -- C:\windows\wininit.ini
[2010/06/26 20:29:19 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.lnk
[2010/06/25 16:47:10 | 000,266,573 | ---- | M] () -- C:\Users\Amy\Documents\mg20015,1135703050,sacred01_GOTHIC_VAMPIRE_WOMAN_Grave2.jpg
[2010/06/25 16:37:02 | 000,066,412 | ---- | M] () -- C:\Users\Amy\Documents\vampire_20girl_2004_jpg.jpg
[2010/06/24 18:37:10 | 000,025,600 | ---- | M] () -- C:\Users\Amy\Documents\Amy Beardsley.doc
[2010/06/23 10:20:19 | 000,277,012 | ---- | M] () -- C:\Users\Amy\Documents\Girls_Gothic_girl_013638_-472868.jpeg
[2010/06/23 10:18:51 | 000,191,180 | ---- | M] () -- C:\Users\Amy\Documents\Demon_Guitar.jpg
[2010/06/23 10:18:35 | 000,090,254 | ---- | M] () -- C:\Users\Amy\Documents\Guitar_Hero_by_frankhong-709132.jpg
[2010/06/23 10:17:56 | 000,004,665 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg13.jpg
[2010/06/23 09:48:26 | 000,004,134 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg12.jpg
[2010/06/23 09:47:56 | 000,003,508 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg11.jpg
[2010/06/23 09:47:43 | 000,003,671 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg9.jpg
[2010/06/23 09:47:30 | 000,004,365 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg8.jpg
[2010/06/23 09:47:10 | 000,003,771 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg7.jpg
[2010/06/23 09:39:02 | 000,002,830 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg6.jpg
[2010/06/23 09:38:46 | 000,002,327 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg4.jpg
[2010/06/23 09:36:24 | 000,002,968 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg3.jpg
[2010/06/23 09:36:11 | 000,003,248 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg2.jpg
[2010/06/23 09:36:01 | 000,002,982 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg1.jpg
[2010/06/23 09:35:37 | 000,003,052 | ---- | M] () -- C:\Users\Amy\Documents\images (2).jpg
[2010/06/23 09:33:39 | 000,003,052 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg
[2010/06/16 16:35:33 | 000,063,212 | ---- | M] () -- C:\Users\Amy\Documents\l_3faac4afbce842a185f33e0e46e8bb31.jpg
[2010/06/16 16:29:53 | 000,016,168 | ---- | M] () -- C:\Users\Amy\Documents\l_1ff4ff1a639b498ea45f16e1a23212a4.jpg
[2010/06/16 16:28:02 | 000,048,357 | ---- | M] () -- C:\Users\Amy\Documents\l_ee036d00310a44c3b141d3e39cf0a025.jpg
[2010/06/11 18:04:04 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 10:17:28 | 001,042,173 | ---- | M] () -- C:\Users\Amy\Documents\100_2690.jpg
[2010/06/10 10:09:04 | 001,057,477 | ---- | M] () -- C:\Users\Amy\Documents\100_2691.jpg
[2010/06/10 10:08:42 | 001,026,534 | ---- | M] () -- C:\Users\Amy\Documents\100_2687.jpg
[2010/06/10 10:08:19 | 001,066,591 | ---- | M] () -- C:\Users\Amy\Documents\100_2734.jpg
[2010/06/10 10:08:06 | 000,982,796 | ---- | M] () -- C:\Users\Amy\Documents\100_2719.jpg
[2010/06/10 10:07:55 | 001,077,277 | ---- | M] () -- C:\Users\Amy\Documents\100_2694.jpg
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/05 18:36:49 | 000,293,376 | ---- | C] () -- C:\Users\Amy\Desktop\bzl9ymql.exe
[2010/07/03 11:05:45 | 000,000,370 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/29 21:23:11 | 000,001,231 | ---- | C] () -- C:\Users\Amy\Desktop\Spybot - Search & Destroy.lnk
[2010/06/29 21:10:00 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 21:08:19 | 000,015,880 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2010/06/29 18:23:04 | 000,001,135 | ---- | C] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/29 18:23:04 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/29 16:10:28 | 002,541,416 | ---- | C] () -- C:\Users\Amy\Documents\unemployment paper.one
[2010/06/29 16:05:26 | 000,001,291 | ---- | C] () -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/06/29 06:40:01 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000002.regtrans-ms
[2010/06/29 06:40:00 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000001.regtrans-ms
[2010/06/29 06:40:00 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TM.blf
[2010/06/26 21:31:04 | 000,000,069 | ---- | C] () -- C:\windows\wininit.ini
[2010/06/26 20:29:19 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3.lnk
[2010/06/25 16:47:09 | 000,266,573 | ---- | C] () -- C:\Users\Amy\Documents\mg20015,1135703050,sacred01_GOTHIC_VAMPIRE_WOMAN_Grave2.jpg
[2010/06/25 16:36:56 | 000,066,412 | ---- | C] () -- C:\Users\Amy\Documents\vampire_20girl_2004_jpg.jpg
[2010/06/23 10:20:17 | 000,277,012 | ---- | C] () -- C:\Users\Amy\Documents\Girls_Gothic_girl_013638_-472868.jpeg
[2010/06/23 10:18:50 | 000,191,180 | ---- | C] () -- C:\Users\Amy\Documents\Demon_Guitar.jpg
[2010/06/23 10:18:34 | 000,090,254 | ---- | C] () -- C:\Users\Amy\Documents\Guitar_Hero_by_frankhong-709132.jpg
[2010/06/23 10:17:53 | 000,004,665 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg13.jpg
[2010/06/23 09:49:50 | 000,003,052 | ---- | C] () -- C:\Users\Amy\Documents\images (2).jpg
[2010/06/23 09:49:41 | 000,004,365 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg8.jpg
[2010/06/23 09:49:41 | 000,004,134 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg12.jpg
[2010/06/23 09:49:41 | 000,003,771 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg7.jpg
[2010/06/23 09:49:41 | 000,003,671 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg9.jpg
[2010/06/23 09:49:41 | 000,003,508 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg11.jpg
[2010/06/23 09:49:41 | 000,003,248 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg2.jpg
[2010/06/23 09:49:41 | 000,002,982 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg1.jpg
[2010/06/23 09:49:41 | 000,002,968 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg3.jpg
[2010/06/23 09:49:41 | 000,002,830 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg6.jpg
[2010/06/23 09:49:41 | 000,002,327 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg4.jpg
[2010/06/16 16:35:32 | 000,063,212 | ---- | C] () -- C:\Users\Amy\Documents\l_3faac4afbce842a185f33e0e46e8bb31.jpg
[2010/06/16 16:29:50 | 000,016,168 | ---- | C] () -- C:\Users\Amy\Documents\l_1ff4ff1a639b498ea45f16e1a23212a4.jpg
[2010/06/16 16:27:57 | 000,048,357 | ---- | C] () -- C:\Users\Amy\Documents\l_ee036d00310a44c3b141d3e39cf0a025.jpg
[2010/06/11 18:04:04 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 10:09:03 | 001,057,477 | ---- | C] () -- C:\Users\Amy\Documents\100_2691.jpg
[2010/06/10 10:08:51 | 001,042,173 | ---- | C] () -- C:\Users\Amy\Documents\100_2690.jpg
[2010/06/10 10:08:41 | 001,026,534 | ---- | C] () -- C:\Users\Amy\Documents\100_2687.jpg
[2010/06/10 10:08:17 | 001,066,591 | ---- | C] () -- C:\Users\Amy\Documents\100_2734.jpg
[2010/06/10 10:08:05 | 000,982,796 | ---- | C] () -- C:\Users\Amy\Documents\100_2719.jpg
[2010/06/10 10:07:52 | 001,077,277 | ---- | C] () -- C:\Users\Amy\Documents\100_2694.jpg
[2010/02/06 14:15:04 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2009/12/08 22:35:03 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/12/08 22:15:25 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2009/12/08 22:10:00 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/04/28 08:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll
[2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\windows\System32\vpnapi.dll

========== Custom Scans ==========


[color=#A23BEC

#10 djost

djost
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 05 July 2010 - 07:40 PM

OTL log:(Part 2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/05 18:51:59 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2010/06/29 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/29 21:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/29 21:09:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/06/29 21:09:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/06/29 18:24:39 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/06/29 18:24:34 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/06/29 16:05:27 | 000,000,000 | ---D | C] -- C:\Users\Amy\Documents\OneNote Notebooks
[2010/06/29 16:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/06/28 23:30:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/28 23:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/06/28 23:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/28 23:17:57 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Malwarebytes
[2010/06/28 23:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/28 23:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 15:14:24 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/06/26 21:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/06/26 21:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/26 21:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/26 20:46:43 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\CS5
[2010/06/26 20:23:11 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\Adobe Photoshop Lightroom 3.0
[2010/06/16 18:44:20 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Facebook
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/05 19:20:14 | 002,359,296 | -HS- | M] () -- C:\Users\Amy\ntuser.dat
[2010/07/05 19:19:47 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/05 19:16:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/07/05 18:52:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2010/07/05 18:36:58 | 000,293,376 | ---- | M] () -- C:\Users\Amy\Desktop\bzl9ymql.exe
[2010/07/05 15:58:20 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 15:58:20 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 15:51:43 | 000,000,370 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/05 15:50:39 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/05 15:50:07 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/07/05 15:49:48 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/05 15:49:03 | 000,933,733 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k2
[2010/07/05 15:49:03 | 000,116,284 | ---- | M] () -- C:\windows\System32\drivers\KmxAgent.asc
[2010/07/05 15:49:03 | 000,010,417 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k0
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k2
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k1
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k0
[2010/07/05 15:49:03 | 000,000,289 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k1
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k7
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k6
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k5
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k4
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k3
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k7
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k6
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k5
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k4
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k3
[2010/07/05 15:26:48 | 200,420,694 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010/07/03 16:10:17 | 000,002,000 | -H-- | M] () -- C:\Users\Amy\Documents\Default.rdp
[2010/07/02 15:11:10 | 001,029,842 | -H-- | M] () -- C:\Users\Amy\AppData\Local\IconCache.db
[2010/07/02 08:32:44 | 000,713,888 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/07/02 08:32:44 | 000,615,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/07/02 08:32:44 | 000,103,702 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/29 21:23:11 | 000,001,231 | ---- | M] () -- C:\Users\Amy\Desktop\Spybot - Search & Destroy.lnk
[2010/06/29 21:10:00 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 18:25:34 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000002.regtrans-ms
[2010/06/29 18:25:34 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000001.regtrans-ms
[2010/06/29 18:25:34 | 000,065,536 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TM.blf
[2010/06/29 18:24:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/06/29 18:24:31 | 000,015,880 | ---- | M] () -- C:\windows\System32\lsdelete.exe
[2010/06/29 18:24:19 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/06/29 18:23:04 | 000,001,135 | ---- | M] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/29 18:23:04 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/29 16:10:30 | 002,541,416 | ---- | M] () -- C:\Users\Amy\Documents\unemployment paper.one
[2010/06/29 16:05:27 | 000,001,291 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/06/27 07:52:57 | 003,773,672 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/26 21:35:41 | 000,110,816 | ---- | M] () -- C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/26 21:31:04 | 000,000,069 | ---- | M] () -- C:\windows\wininit.ini
[2010/06/26 20:29:19 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.lnk
[2010/06/25 16:47:10 | 000,266,573 | ---- | M] () -- C:\Users\Amy\Documents\mg20015,1135703050,sacred01_GOTHIC_VAMPIRE_WOMAN_Grave2.jpg
[2010/06/25 16:37:02 | 000,066,412 | ---- | M] () -- C:\Users\Amy\Documents\vampire_20girl_2004_jpg.jpg
[2010/06/24 18:37:10 | 000,025,600 | ---- | M] () -- C:\Users\Amy\Documents\Amy Beardsley.doc
[2010/06/23 10:20:19 | 000,277,012 | ---- | M] () -- C:\Users\Amy\Documents\Girls_Gothic_girl_013638_-472868.jpeg
[2010/06/23 10:18:51 | 000,191,180 | ---- | M] () -- C:\Users\Amy\Documents\Demon_Guitar.jpg
[2010/06/23 10:18:35 | 000,090,254 | ---- | M] () -- C:\Users\Amy\Documents\Guitar_Hero_by_frankhong-709132.jpg
[2010/06/23 10:17:56 | 000,004,665 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg13.jpg
[2010/06/23 09:48:26 | 000,004,134 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg12.jpg
[2010/06/23 09:47:56 | 000,003,508 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg11.jpg
[2010/06/23 09:47:43 | 000,003,671 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg9.jpg
[2010/06/23 09:47:30 | 000,004,365 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg8.jpg
[2010/06/23 09:47:10 | 000,003,771 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg7.jpg
[2010/06/23 09:39:02 | 000,002,830 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg6.jpg
[2010/06/23 09:38:46 | 000,002,327 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg4.jpg
[2010/06/23 09:36:24 | 000,002,968 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg3.jpg
[2010/06/23 09:36:11 | 000,003,248 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg2.jpg
[2010/06/23 09:36:01 | 000,002,982 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg1.jpg
[2010/06/23 09:35:37 | 000,003,052 | ---- | M] () -- C:\Users\Amy\Documents\images (2).jpg
[2010/06/23 09:33:39 | 000,003,052 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg
[2010/06/16 16:35:33 | 000,063,212 | ---- | M] () -- C:\Users\Amy\Documents\l_3faac4afbce842a185f33e0e46e8bb31.jpg
[2010/06/16 16:29:53 | 000,016,168 | ---- | M] () -- C:\Users\Amy\Documents\l_1ff4ff1a639b498ea45f16e1a23212a4.jpg
[2010/06/16 16:28:02 | 000,048,357 | ---- | M] () -- C:\Users\Amy\Documents\l_ee036d00310a44c3b141d3e39cf0a025.jpg
[2010/06/11 18:04:04 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 10:17:28 | 001,042,173 | ---- | M] () -- C:\Users\Amy\Documents\100_2690.jpg
[2010/06/10 10:09:04 | 001,057,477 | ---- | M] () -- C:\Users\Amy\Documents\100_2691.jpg
[2010/06/10 10:08:42 | 001,026,534 | ---- | M] () -- C:\Users\Amy\Documents\100_2687.jpg
[2010/06/10 10:08:19 | 001,066,591 | ---- | M] () -- C:\Users\Amy\Documents\100_2734.jpg
[2010/06/10 10:08:06 | 000,982,796 | ---- | M] () -- C:\Users\Amy\Documents\100_2719.jpg
[2010/06/10 10:07:55 | 001,077,277 | ---- | M] () -- C:\Users\Amy\Documents\100_2694.jpg
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/05 18:36:49 | 000,293,376 | ---- | C] () -- C:\Users\Amy\Desktop\bzl9ymql.exe
[2010/07/03 11:05:45 | 000,000,370 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/29 21:23:11 | 000,001,231 | ---- | C] () -- C:\Users\Amy\Desktop\Spybot - Search & Destroy.lnk
[2010/06/29 21:10:00 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 21:08:19 | 000,015,880 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2010/06/29 18:23:04 | 000,001,135 | ---- | C] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/29 18:23:04 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/29 16:10:28 | 002,541,416 | ---- | C] () -- C:\Users\Amy\Documents\unemployment paper.one
[2010/06/29 16:05:26 | 000,001,291 | ---- | C] () -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/06/29 06:40:01 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000002.regtrans-ms
[2010/06/29 06:40:00 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000001.regtrans-ms
[2010/06/29 06:40:00 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TM.blf
[2010/06/26 21:31:04 | 000,000,069 | ---- | C] () -- C:\windows\wininit.ini
[2010/06/26 20:29:19 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3.lnk
[2010/06/25 16:47:09 | 000,266,573 | ---- | C] () -- C:\Users\Amy\Documents\mg20015,1135703050,sacred01_GOTHIC_VAMPIRE_WOMAN_Grave2.jpg
[2010/06/25 16:36:56 | 000,066,412 | ---- | C] () -- C:\Users\Amy\Documents\vampire_20girl_2004_jpg.jpg
[2010/06/23 10:20:17 | 000,277,012 | ---- | C] () -- C:\Users\Amy\Documents\Girls_Gothic_girl_013638_-472868.jpeg
[2010/06/23 10:18:50 | 000,191,180 | ---- | C] () -- C:\Users\Amy\Documents\Demon_Guitar.jpg
[2010/06/23 10:18:34 | 000,090,254 | ---- | C] () -- C:\Users\Amy\Documents\Guitar_Hero_by_frankhong-709132.jpg
[2010/06/23 10:17:53 | 000,004,665 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg13.jpg
[2010/06/23 09:49:50 | 000,003,052 | ---- | C] () -- C:\Users\Amy\Documents\images (2).jpg
[2010/06/23 09:49:41 | 000,004,365 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg8.jpg
[2010/06/23 09:49:41 | 000,004,134 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg12.jpg
[2010/06/23 09:49:41 | 000,003,771 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg7.jpg
[2010/06/23 09:49:41 | 000,003,671 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg9.jpg
[2010/06/23 09:49:41 | 000,003,508 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg11.jpg
[2010/06/23 09:49:41 | 000,003,248 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg2.jpg
[2010/06/23 09:49:41 | 000,002,982 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg1.jpg
[2010/06/23 09:49:41 | 000,002,968 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg3.jpg
[2010/06/23 09:49:41 | 000,002,830 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg6.jpg
[2010/06/23 09:49:41 | 000,002,327 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg4.jpg
[2010/06/16 16:35:32 | 000,063,212 | ---- | C] () -- C:\Users\Amy\Documents\l_3faac4afbce842a185f33e0e46e8bb31.jpg
[2010/06/16 16:29:50 | 000,016,168 | ---- | C] () -- C:\Users\Amy\Documents\l_1ff4ff1a639b498ea45f16e1a23212a4.jpg
[2010/06/16 16:27:57 | 000,048,357 | ---- | C] () -- C:\Users\Amy\Documents\l_ee036d00310a44c3b141d3e39cf0a025.jpg
[2010/06/11 18:04:04 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 10:09:03 | 001,057,477 | ---- | C] () -- C:\Users\Amy\Documents\100_2691.jpg
[2010/06/10 10:08:51 | 001,042,173 | ---- | C] () -- C:\Users\Amy\Documents\100_2690.jpg
[2010/06/10 10:08:41 | 001,026,534 | ---- | C] () -- C:\Users\Amy\Documents\100_2687.jpg
[2010/06/10 10:08:17 | 001,066,591 | ---- | C] () -- C:\Users\Amy\Documents\100_2734.jpg
[2010/06/10 10:08:05 | 000,982,796 | ---- | C] () -- C:\Users\Amy\Documents\100_2719.jpg
[2010/06/10 10:07:52 | 001,077,277 | ---- | C] () -- C:\Users\Amy\Documents\100_2694.jpg
[2010/02/06 14:15:04 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2009/12/08 22:35:03 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/12/08 22:15:25 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2009/12/08 22:10:00 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/04/28 08:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll
[2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\windows\System32\vpnapi.dll

========== Custom Scans ==========

OTL log:(Part 2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========


[2010/07/05 18:51:59 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2010/06/29 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/29 21:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/29 21:09:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/06/29 21:09:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/06/29 18:24:39 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/06/29 18:24:34 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/06/29 16:05:27 | 000,000,000 | ---D | C] -- C:\Users\Amy\Documents\OneNote Notebooks
[2010/06/29 16:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/06/28 23:30:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/28 23:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/06/28 23:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/28 23:17:57 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Malwarebytes
[2010/06/28 23:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/28 23:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 15:14:24 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/06/26 21:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/06/26 21:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/26 21:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/26 20:46:43 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\CS5
[2010/06/26 20:23:11 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\Adobe Photoshop Lightroom 3.0
[2010/06/16 18:44:20 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Facebook
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/05 19:20:14 | 002,359,296 | -HS- | M] () -- C:\Users\Amy\ntuser.dat
[2010/07/05 19:19:47 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/05 19:16:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/07/05 18:52:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2010/07/05 18:36:58 | 000,293,376 | ---- | M] () -- C:\Users\Amy\Desktop\bzl9ymql.exe
[2010/07/05 15:58:20 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 15:58:20 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 15:51:43 | 000,000,370 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/05 15:50:39 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/05 15:50:07 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/07/05 15:49:48 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/05 15:49:03 | 000,933,733 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k2
[2010/07/05 15:49:03 | 000,116,284 | ---- | M] () -- C:\windows\System32\drivers\KmxAgent.asc
[2010/07/05 15:49:03 | 000,010,417 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k0
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k2
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k1
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k0
[2010/07/05 15:49:03 | 000,000,289 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k1
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k7
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k6
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k5
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k4
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k3
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k7
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k6
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k5
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k4
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k3
[2010/07/05 15:26:48 | 200,420,694 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010/07/03 16:10:17 | 000,002,000 | -H-- | M] () -- C:\Users\Amy\Documents\Default.rdp
[2010/07/02 15:11:10 | 001,029,842 | -H-- | M] () -- C:\Users\Amy\AppData\Local\IconCache.db
[2010/07/02 08:32:44 | 000,713,888 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/07/02 08:32:44 | 000,615,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/07/02 08:32:44 | 000,103,702 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/29 21:23:11 | 000,001,231 | ---- | M] () -- C:\Users\Amy\Desktop\Spybot - Search & Destroy.lnk
[2010/06/29 21:10:00 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 18:25:34 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000002.regtrans-ms
[2010/06/29 18:25:34 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000001.regtrans-ms
[2010/06/29 18:25:34 | 000,065,536 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TM.blf
[2010/06/29 18:24:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/06/29 18:24:31 | 000,015,880 | ---- | M] () -- C:\windows\System32\lsdelete.exe
[2010/06/29 18:24:19 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/06/29 18:23:04 | 000,001,135 | ---- | M] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/29 18:23:04 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/29 16:10:30 | 002,541,416 | ---- | M] () -- C:\Users\Amy\Documents\unemployment paper.one
[2010/06/29 16:05:27 | 000,001,291 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/06/27 07:52:57 | 003,773,672 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/26 21:35:41 | 000,110,816 | ---- | M] () -- C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/26 21:31:04 | 000,000,069 | ---- | M] () -- C:\windows\wininit.ini
[2010/06/26 20:29:19 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.lnk
[2010/06/25 16:47:10 | 000,266,573 | ---- | M] () -- C:\Users\Amy\Documents\mg20015,1135703050,sacred01_GOTHIC_VAMPIRE_WOMAN_Grave2.jpg
[2010/06/25 16:37:02 | 000,066,412 | ---- | M] () -- C:\Users\Amy\Documents\vampire_20girl_2004_jpg.jpg
[2010/06/24 18:37:10 | 000,025,600 | ---- | M] () -- C:\Users\Amy\Documents\Amy Beardsley.doc
[2010/06/23 10:20:19 | 000,277,012 | ---- | M] () -- C:\Users\Amy\Documents\Girls_Gothic_girl_013638_-472868.jpeg
[2010/06/23 10:18:51 | 000,191,180 | ---- | M] () -- C:\Users\Amy\Documents\Demon_Guitar.jpg
[2010/06/23 10:18:35 | 000,090,254 | ---- | M] () -- C:\Users\Amy\Documents\Guitar_Hero_by_frankhong-709132.jpg
[2010/06/23 10:17:56 | 000,004,665 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg13.jpg
[2010/06/23 09:48:26 | 000,004,134 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg12.jpg
[2010/06/23 09:47:56 | 000,003,508 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg11.jpg
[2010/06/23 09:47:43 | 000,003,671 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg9.jpg
[2010/06/23 09:47:30 | 000,004,365 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg8.jpg
[2010/06/23 09:47:10 | 000,003,771 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg7.jpg
[2010/06/23 09:39:02 | 000,002,830 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg6.jpg
[2010/06/23 09:38:46 | 000,002,327 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg4.jpg
[2010/06/23 09:36:24 | 000,002,968 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg3.jpg
[2010/06/23 09:36:11 | 000,003,248 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg2.jpg
[2010/06/23 09:36:01 | 000,002,982 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg1.jpg
[2010/06/23 09:35:37 | 000,003,052 | ---- | M] () -- C:\Users\Amy\Documents\images (2).jpg
[2010/06/23 09:33:39 | 000,003,052 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg
[2010/06/16 16:35:33 | 000,063,212 | ---- | M] () -- C:\Users\Amy\Documents\l_3faac4afbce842a185f33e0e46e8bb31.jpg
[2010/06/16 16:29:53 | 000,016,168 | ---- | M] () -- C:\Users\Amy\Documents\l_1ff4ff1a639b498ea45f16e1a23212a4.jpg
[2010/06/16 16:28:02 | 000,048,357 | ---- | M] () -- C:\Users\Amy\Documents\l_ee036d00310a44c3b141d3e39cf0a025.jpg
[2010/06/11 18:04:04 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 10:17:28 | 001,042,173 | ---- | M] () -- C:\Users\Amy\Documents\100_2690.jpg
[2010/06/10 10:09:04 | 001,057,477 | ---- | M] () -- C:\Users\Amy\Documents\100_2691.jpg
[2010/06/10 10:08:42 | 001,026,534 | ---- | M] () -- C:\Users\Amy\Documents\100_2687.jpg
[2010/06/10 10:08:19 | 001,066,591 | ---- | M] () -- C:\Users\Amy\Documents\100_2734.jpg
[2010/06/10 10:08:06 | 000,982,796 | ---- | M] () -- C:\Users\Amy\Documents\100_2719.jpg
[2010/06/10 10:07:55 | 001,077,277 | ---- | M] () -- C:\Users\Amy\Documents\100_2694.jpg
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/05 18:36:49 | 000,293,376 | ---- | C] () -- C:\Users\Amy\Desktop\bzl9ymql.exe
[2010/07/03 11:05:45 | 000,000,370 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/29 21:23:11 | 000,001,231 | ---- | C] () -- C:\Users\Amy\Desktop\Spybot - Search & Destroy.lnk
[2010/06/29 21:10:00 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 21:08:19 | 000,015,880 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2010/06/29 18:23:04 | 000,001,135 | ---- | C] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/29 18:23:04 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/29 16:10:28 | 002,541,416 | ---- | C] () -- C:\Users\Amy\Documents\unemployment paper.one
[2010/06/29 16:05:26 | 000,001,291 | ---- | C] () -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/06/29 06:40:01 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000002.regtrans-ms
[2010/06/29 06:40:00 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000001.regtrans-ms
[2010/06/29 06:40:00 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TM.blf
[2010/06/26 21:31:04 | 000,000,069 | ---- | C] () -- C:\windows\wininit.ini
[2010/06/26 20:29:19 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3.lnk
[2010/06/25 16:47:09 | 000,266,573 | ---- | C] () -- C:\Users\Amy\Documents\mg20015,1135703050,sacred01_GOTHIC_VAMPIRE_WOMAN_Grave2.jpg
[2010/06/25 16:36:56 | 000,066,412 | ---- | C] () -- C:\Users\Amy\Documents\vampire_20girl_2004_jpg.jpg
[2010/06/23 10:20:17 | 000,277,012 | ---- | C] () -- C:\Users\Amy\Documents\Girls_Gothic_girl_013638_-472868.jpeg
[2010/06/23 10:18:50 | 000,191,180 | ---- | C] () -- C:\Users\Amy\Documents\Demon_Guitar.jpg
[2010/06/23 10:18:34 | 000,090,254 | ---- | C] () -- C:\Users\Amy\Documents\Guitar_Hero_by_frankhong-709132.jpg
[2010/06/23 10:17:53 | 000,004,665 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg13.jpg
[2010/06/23 09:49:50 | 000,003,052 | ---- | C] () -- C:\Users\Amy\Documents\images (2).jpg
[2010/06/23 09:49:41 | 000,004,365 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg8.jpg
[2010/06/23 09:49:41 | 000,004,134 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg12.jpg
[2010/06/23 09:49:41 | 000,003,771 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg7.jpg
[2010/06/23 09:49:41 | 000,003,671 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg9.jpg
[2010/06/23 09:49:41 | 000,003,508 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg11.jpg
[2010/06/23 09:49:41 | 000,003,248 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg2.jpg
[2010/06/23 09:49:41 | 000,002,982 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg1.jpg
[2010/06/23 09:49:41 | 000,002,968 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg3.jpg
[2010/06/23 09:49:41 | 000,002,830 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg6.jpg
[2010/06/23 09:49:41 | 000,002,327 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg4.jpg
[2010/06/16 16:35:32 | 000,063,212 | ---- | C] () -- C:\Users\Amy\Documents\l_3faac4afbce842a185f33e0e46e8bb31.jpg
[2010/06/16 16:29:50 | 000,016,168 | ---- | C] () -- C:\Users\Amy\Documents\l_1ff4ff1a639b498ea45f16e1a23212a4.jpg
[2010/06/16 16:27:57 | 000,048,357 | ---- | C] () -- C:\Users\Amy\Documents\l_ee036d00310a44c3b141d3e39cf0a025.jpg
[2010/06/11 18:04:04 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 10:09:03 | 001,057,477 | ---- | C] () -- C:\Users\Amy\Documents\100_2691.jpg
[2010/06/10 10:08:51 | 001,042,173 | ---- | C] () -- C:\Users\Amy\Documents\100_2690.jpg
[2010/06/10 10:08:41 | 001,026,534 | ---- | C] () -- C:\Users\Amy\Documents\100_2687.jpg
[2010/06/10 10:08:17 | 001,066,591 | ---- | C] () -- C:\Users\Amy\Documents\100_2734.jpg
[2010/06/10 10:08:05 | 000,982,796 | ---- | C] () -- C:\Users\Amy\Documents\100_2719.jpg
[2010/06/10 10:07:52 | 001,077,277 | ---- | C] () -- C:\Users\Amy\Documents\100_2694.jpg
[2010/02/06 14:15:04 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2009/12/08 22:35:03 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/12/08 22:15:25 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2009/12/08 22:10:00 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/04/28 08:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll
[2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\windows\System32\vpnapi.dll

========== Custom Scans ==========

OTL log:(Part 2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========


[2010/07/05 18:51:59 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2010/06/29 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/29 21:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/29 21:09:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/06/29 21:09:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/06/29 18:24:39 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/06/29 18:24:34 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/06/29 16:05:27 | 000,000,000 | ---D | C] -- C:\Users\Amy\Documents\OneNote Notebooks
[2010/06/29 16:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/06/28 23:30:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/28 23:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/06/28 23:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/28 23:17:57 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Malwarebytes
[2010/06/28 23:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/28 23:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 15:14:24 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/06/26 21:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/06/26 21:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/26 21:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/26 20:46:43 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\CS5
[2010/06/26 20:23:11 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\Adobe Photoshop Lightroom 3.0
[2010/06/16 18:44:20 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Facebook
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/05 19:20:14 | 002,359,296 | -HS- | M] () -- C:\Users\Amy\ntuser.dat
[2010/07/05 19:19:47 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/05 19:16:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/07/05 18:52:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2010/07/05 18:36:58 | 000,293,376 | ---- | M] () -- C:\Users\Amy\Desktop\bzl9ymql.exe
[2010/07/05 15:58:20 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 15:58:20 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 15:51:43 | 000,000,370 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/05 15:50:39 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/05 15:50:07 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/07/05 15:49:48 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/05 15:49:03 | 000,933,733 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k2
[2010/07/05 15:49:03 | 000,116,284 | ---- | M] () -- C:\windows\System32\drivers\KmxAgent.asc
[2010/07/05 15:49:03 | 000,010,417 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k0
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k2
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k1
[2010/07/05 15:49:03 | 000,000,443 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k0
[2010/07/05 15:49:03 | 000,000,289 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k1
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k7
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k6
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k5
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k4
[2010/07/05 15:49:03 | 000,000,081 | ---- | M] () -- C:\windows\System32\drivers\kmxcfg.u2k3
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k7
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k6
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k5
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k4
[2010/07/05 15:49:03 | 000,000,045 | ---- | M] () -- C:\windows\System32\drivers\kmxzone.u2k3
[2010/07/05 15:26:48 | 200,420,694 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010/07/03 16:10:17 | 000,002,000 | -H-- | M] () -- C:\Users\Amy\Documents\Default.rdp
[2010/07/02 15:11:10 | 001,029,842 | -H-- | M] () -- C:\Users\Amy\AppData\Local\IconCache.db
[2010/07/02 08:32:44 | 000,713,888 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/07/02 08:32:44 | 000,615,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/07/02 08:32:44 | 000,103,702 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/29 21:23:11 | 000,001,231 | ---- | M] () -- C:\Users\Amy\Desktop\Spybot - Search & Destroy.lnk
[2010/06/29 21:10:00 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 18:25:34 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000002.regtrans-ms
[2010/06/29 18:25:34 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000001.regtrans-ms
[2010/06/29 18:25:34 | 000,065,536 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TM.blf
[2010/06/29 18:24:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/06/29 18:24:31 | 000,015,880 | ---- | M] () -- C:\windows\System32\lsdelete.exe
[2010/06/29 18:24:19 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/06/29 18:23:04 | 000,001,135 | ---- | M] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/29 18:23:04 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/29 16:10:30 | 002,541,416 | ---- | M] () -- C:\Users\Amy\Documents\unemployment paper.one
[2010/06/29 16:05:27 | 000,001,291 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/06/27 07:52:57 | 003,773,672 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/26 21:35:41 | 000,110,816 | ---- | M] () -- C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/26 21:31:04 | 000,000,069 | ---- | M] () -- C:\windows\wininit.ini
[2010/06/26 20:29:19 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.lnk
[2010/06/25 16:47:10 | 000,266,573 | ---- | M] () -- C:\Users\Amy\Documents\mg20015,1135703050,sacred01_GOTHIC_VAMPIRE_WOMAN_Grave2.jpg
[2010/06/25 16:37:02 | 000,066,412 | ---- | M] () -- C:\Users\Amy\Documents\vampire_20girl_2004_jpg.jpg
[2010/06/24 18:37:10 | 000,025,600 | ---- | M] () -- C:\Users\Amy\Documents\Amy Beardsley.doc
[2010/06/23 10:20:19 | 000,277,012 | ---- | M] () -- C:\Users\Amy\Documents\Girls_Gothic_girl_013638_-472868.jpeg
[2010/06/23 10:18:51 | 000,191,180 | ---- | M] () -- C:\Users\Amy\Documents\Demon_Guitar.jpg
[2010/06/23 10:18:35 | 000,090,254 | ---- | M] () -- C:\Users\Amy\Documents\Guitar_Hero_by_frankhong-709132.jpg
[2010/06/23 10:17:56 | 000,004,665 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg13.jpg
[2010/06/23 09:48:26 | 000,004,134 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg12.jpg
[2010/06/23 09:47:56 | 000,003,508 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg11.jpg
[2010/06/23 09:47:43 | 000,003,671 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg9.jpg
[2010/06/23 09:47:30 | 000,004,365 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg8.jpg
[2010/06/23 09:47:10 | 000,003,771 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg7.jpg
[2010/06/23 09:39:02 | 000,002,830 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg6.jpg
[2010/06/23 09:38:46 | 000,002,327 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg4.jpg
[2010/06/23 09:36:24 | 000,002,968 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg3.jpg
[2010/06/23 09:36:11 | 000,003,248 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg2.jpg
[2010/06/23 09:36:01 | 000,002,982 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg1.jpg
[2010/06/23 09:35:37 | 000,003,052 | ---- | M] () -- C:\Users\Amy\Documents\images (2).jpg
[2010/06/23 09:33:39 | 000,003,052 | ---- | M] () -- C:\Users\Amy\Documents\images.jpg
[2010/06/16 16:35:33 | 000,063,212 | ---- | M] () -- C:\Users\Amy\Documents\l_3faac4afbce842a185f33e0e46e8bb31.jpg
[2010/06/16 16:29:53 | 000,016,168 | ---- | M] () -- C:\Users\Amy\Documents\l_1ff4ff1a639b498ea45f16e1a23212a4.jpg
[2010/06/16 16:28:02 | 000,048,357 | ---- | M] () -- C:\Users\Amy\Documents\l_ee036d00310a44c3b141d3e39cf0a025.jpg
[2010/06/11 18:04:04 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 10:17:28 | 001,042,173 | ---- | M] () -- C:\Users\Amy\Documents\100_2690.jpg
[2010/06/10 10:09:04 | 001,057,477 | ---- | M] () -- C:\Users\Amy\Documents\100_2691.jpg
[2010/06/10 10:08:42 | 001,026,534 | ---- | M] () -- C:\Users\Amy\Documents\100_2687.jpg
[2010/06/10 10:08:19 | 001,066,591 | ---- | M] () -- C:\Users\Amy\Documents\100_2734.jpg
[2010/06/10 10:08:06 | 000,982,796 | ---- | M] () -- C:\Users\Amy\Documents\100_2719.jpg
[2010/06/10 10:07:55 | 001,077,277 | ---- | M] () -- C:\Users\Amy\Documents\100_2694.jpg
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/05 18:36:49 | 000,293,376 | ---- | C] () -- C:\Users\Amy\Desktop\bzl9ymql.exe
[2010/07/03 11:05:45 | 000,000,370 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/29 21:23:11 | 000,001,231 | ---- | C] () -- C:\Users\Amy\Desktop\Spybot - Search & Destroy.lnk
[2010/06/29 21:10:00 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 21:08:19 | 000,015,880 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2010/06/29 18:23:04 | 000,001,135 | ---- | C] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/29 18:23:04 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/29 16:10:28 | 002,541,416 | ---- | C] () -- C:\Users\Amy\Documents\unemployment paper.one
[2010/06/29 16:05:26 | 000,001,291 | ---- | C] () -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/06/29 06:40:01 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000002.regtrans-ms
[2010/06/29 06:40:00 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TMContainer00000000000000000001.regtrans-ms
[2010/06/29 06:40:00 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b53eb46f-8361-11df-b30f-002622f17893}.TM.blf
[2010/06/26 21:31:04 | 000,000,069 | ---- | C] () -- C:\windows\wininit.ini
[2010/06/26 20:29:19 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3.lnk
[2010/06/25 16:47:09 | 000,266,573 | ---- | C] () -- C:\Users\Amy\Documents\mg20015,1135703050,sacred01_GOTHIC_VAMPIRE_WOMAN_Grave2.jpg
[2010/06/25 16:36:56 | 000,066,412 | ---- | C] () -- C:\Users\Amy\Documents\vampire_20girl_2004_jpg.jpg
[2010/06/23 10:20:17 | 000,277,012 | ---- | C] () -- C:\Users\Amy\Documents\Girls_Gothic_girl_013638_-472868.jpeg
[2010/06/23 10:18:50 | 000,191,180 | ---- | C] () -- C:\Users\Amy\Documents\Demon_Guitar.jpg
[2010/06/23 10:18:34 | 000,090,254 | ---- | C] () -- C:\Users\Amy\Documents\Guitar_Hero_by_frankhong-709132.jpg
[2010/06/23 10:17:53 | 000,004,665 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg13.jpg
[2010/06/23 09:49:50 | 000,003,052 | ---- | C] () -- C:\Users\Amy\Documents\images (2).jpg
[2010/06/23 09:49:41 | 000,004,365 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg8.jpg
[2010/06/23 09:49:41 | 000,004,134 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg12.jpg
[2010/06/23 09:49:41 | 000,003,771 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg7.jpg
[2010/06/23 09:49:41 | 000,003,671 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg9.jpg
[2010/06/23 09:49:41 | 000,003,508 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg11.jpg
[2010/06/23 09:49:41 | 000,003,248 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg2.jpg
[2010/06/23 09:49:41 | 000,002,982 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg1.jpg
[2010/06/23 09:49:41 | 000,002,968 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg3.jpg
[2010/06/23 09:49:41 | 000,002,830 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg6.jpg
[2010/06/23 09:49:41 | 000,002,327 | ---- | C] () -- C:\Users\Amy\Documents\images.jpg4.jpg
[2010/06/16 16:35:32 | 000,063,212 | ---- | C] () -- C:\Users\Amy\Documents\l_3faac4afbce842a185f33e0e46e8bb31.jpg
[2010/06/16 16:29:50 | 000,016,168 | ---- | C] () -- C:\Users\Amy\Documents\l_1ff4ff1a639b498ea45f16e1a23212a4.jpg
[2010/06/16 16:27:57 | 000,048,357 | ---- | C] () -- C:\Users\Amy\Documents\l_ee036d00310a44c3b141d3e39cf0a025.jpg
[2010/06/11 18:04:04 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 10:09:03 | 001,057,477 | ---- | C] () -- C:\Users\Amy\Documents\100_2691.jpg
[2010/06/10 10:08:51 | 001,042,173 | ---- | C] () -- C:\Users\Amy\Documents\100_2690.jpg
[2010/06/10 10:08:41 | 001,026,534 | ---- | C] () -- C:\Users\Amy\Documents\100_2687.jpg
[2010/06/10 10:08:17 | 001,066,591 | ---- | C] () -- C:\Users\Amy\Documents\100_2734.jpg
[2010/06/10 10:08:05 | 000,982,796 | ---- | C] () -- C:\Users\Amy\Documents\100_2719.jpg
[2010/06/10 10:07:52 | 001,077,277 | ---- | C] () -- C:\Users\Amy\Documents\100_2694.jpg
[2010/02/06 14:15:04 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2009/12/08 22:35:03 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/12/08 22:15:25 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2009/12/08 22:10:00 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/04/28 08:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll
[2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\windows\System32\vpnapi.dll

[color=#E56717]========== Custom Scans ==========

#11 djost

djost
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 05 July 2010 - 07:45 PM

Extras

OTL Extras logfile created on: 7/5/2010 7:19:03 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Amy\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 178.43 Gb Free Space | 79.89% Space Free | Partition Type: NTFS
Drive D: | 3.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMY-PC
Current User Name: Amy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{01A3E75B-54C0-407F-8B95-B77705C7DCC4}" = AMRT
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1367D815-EC9F-4e2f-9FB9-E40A075AD19B}" = DNAMigrator
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23DD8A17-65DB-4D49-A2E0-164C6F460E3F}" = Adobe Photoshop Lightroom 3
"{2681A52E-FCFA-4982-A030-7B652BDD346C}" = CA Personal Firewall
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 18
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}" = CA Website Inspector
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eTrust Suite Personal" = CA Internet Security Suite
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/24/2010 11:27:18 AM | Computer Name = Amy-PC | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
registration timeout

Error - 6/24/2010 12:47:34 PM | Computer Name = Amy-PC | Source = UmxAgent | ID = 67
Description = Cannot send event. Process C:\Program Files\CA\CA Internet Security
Suite\ccEvtMgr.exe ended.

Error - 6/24/2010 3:51:10 PM | Computer Name = Amy-PC | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
registration timeout

Error - 6/24/2010 4:46:37 PM | Computer Name = Amy-PC | Source = UmxAgent | ID = 67
Description = Cannot send event. Process C:\Program Files\CA\CA Internet Security
Suite\ccEvtMgr.exe ended.

Error - 6/26/2010 8:27:46 PM | Computer Name = Amy-PC | Source = VSS | ID = 8193
Description =

Error - 6/27/2010 4:28:30 PM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.3814,
time stamp: 0x4c12b3be Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x00046b90 Faulting
process id: 0x90c Faulting application start time: 0x01cb1626e5a23b11 Faulting application
path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:
C:\windows\SYSTEM32\ntdll.dll Report Id: 8bf49ec7-822a-11df-9a49-002622f17893

Error - 6/27/2010 4:32:54 PM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: Flash10b.ocx, version: 10.0.22.87, time
stamp: 0x4987a6c3 Exception code: 0xc0000005 Fault offset: 0x00093c32 Faulting process
id: 0x3c4 Faulting application start time: 0x01cb15ef2c255c1a Faulting application
path: C:\windows\system32\svchost.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash10b.ocx
Report
Id: 29768683-822b-11df-9a49-002622f17893

Error - 6/27/2010 5:16:22 PM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x6e650000 Faulting process id: 0x177c Faulting application
start time: 0x01cb16381fa8e68a Faulting application path: C:\windows\System32\svchost.exe
Faulting
module path: unknown Report Id: 3bbc7c3b-8231-11df-9a49-002622f17893

Error - 6/27/2010 6:00:07 PM | Computer Name = Amy-PC | Source = VSS | ID = 8193
Description =

Error - 6/28/2010 7:59:22 AM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: Flash10b.ocx, version: 10.0.22.87, time
stamp: 0x4987a6c3 Exception code: 0xc0000005 Fault offset: 0x000a57b2 Faulting process
id: 0x3e4 Faulting application start time: 0x01cb16b43baa1e21 Faulting application
path: C:\windows\system32\svchost.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash10b.ocx
Report
Id: 963a65c5-82ac-11df-873c-002622f17893

[ System Events ]
Error - 7/2/2010 3:01:29 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7000
Description = The Multimedia Class Scheduler service failed to start due to the
following error: %%1053

Error - 7/2/2010 3:01:59 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the MMCSS service.

Error - 7/2/2010 3:01:59 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7000
Description = The Multimedia Class Scheduler service failed to start due to the
following error: %%1053

Error - 7/2/2010 3:02:29 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the MMCSS service.

Error - 7/2/2010 3:02:29 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7000
Description = The Multimedia Class Scheduler service failed to start due to the
following error: %%1053

Error - 7/2/2010 3:02:59 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the MMCSS service.

Error - 7/2/2010 3:02:59 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7000
Description = The Multimedia Class Scheduler service failed to start due to the
following error: %%1053

Error - 7/2/2010 3:03:29 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the MMCSS service.

Error - 7/2/2010 3:03:29 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7000
Description = The Multimedia Class Scheduler service failed to start due to the
following error: %%1053

Error - 7/2/2010 3:03:59 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the MMCSS service.


< End of report >


#12 djost

djost
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 05 July 2010 - 07:48 PM

Let me know if you need anything else. Sorry for all the duplicate information, the forum was giving me a lot of trouble.

#13 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:31 PM

Posted 05 July 2010 - 07:54 PM

Hi there,

Not a problem, I think the admins were doing something with the forum as I was unable to access the site for a short period of time.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#14 djost

djost
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 06 July 2010 - 08:32 PM

Having a problem with the program. I keep getting a message that the file is corrupt and that I need to download another copy. Tried from both links and received the same message after I tried running it.

#15 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:31 PM

Posted 06 July 2010 - 09:19 PM

Is your antivirus disabled?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users