Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple viruses (Bearshare spyware, YP.exe...)


  • This topic is locked This topic is locked
22 replies to this topic

#1 Nile

Nile

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 27 April 2011 - 04:43 PM

See original thread in "Am I infected? What do I do?" here: http://www.bleepingcomputer.com/forums/topic393466.html

My brother has a couple viruses on his computer. I identified it and asked for help in the chat, and they linked me to: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011. After following the first three steps, I came to four and couldn't get RKill.exe to open, so I posted my original thread. The computer has Bearshare. Firefox's homepage is search.bearshare.com, and whenever I change it, it just goes back. I think Firefox also has addons that are spyware. It wants me to update "Yontoo Layers" (which I'm not going to, though). I know that's part of the Bearshare package. The computer also has YP.exe.

In the original thread, we ran Mbam and Super Antispyware in safe mode and removed all the results (logs posted in original thread if needed). Then I followed the instructions for posting in this forum.

gmer

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-27 16:24:46
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000054 ST332062 rev.3.AD
Running: gmer.exe; Driver: C:\Users\Joel\AppData\Local\Temp\kxldypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E8B69CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E8B8EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E8B8F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E8B901A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E8B8E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E8B8F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E8B8E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E8B8FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E8B69EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E8B67B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E8B6A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E8B9412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E8B74AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E8B8EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E8B8F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E8B9044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E8B8E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E8B8F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E8B8E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E8B8FF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E8B7370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E8B6A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E8B6A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E8B6812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E8B694E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E8B692A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E8B6972]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8F2A8320]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E8B6A7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F3558DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 82AE9890 4 Bytes [CA, 69, 8B, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1D1 82AE9954 8 Bytes [AC, 8E, 8B, 8E, 04, 8F, 8B, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 82AE9960 4 Bytes [1A, 90, 8B, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1F5 82AE9978 4 Bytes [02, 8E, 8B, 8E]
.text ntkrnlpa.exe!KeSetEvent + 215 82AE9998 8 Bytes [54, 8F, 8B, 8E, 56, 8E, 8B, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C145C7 5 Bytes JMP 8F35129E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82C6D4F3 5 Bytes JMP 8F352D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82C76E18 4 Bytes CALL 8E8B7E3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82C7AA8C 4 Bytes CALL 8E8B7E51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82CCEDAE 7 Bytes JMP 8F3558E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00040030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0004006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0006006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000600A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000601D4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000600E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00060120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0006015C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00060198
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00060030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000700A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000700E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00070120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00070030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[444] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0007006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000800A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000800E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00080120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00080030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[592] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\wininit.exe[600] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00070030
.text C:\Windows\system32\wininit.exe[600] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0007006C
.text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0009006C
.text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000900A8
.text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000901D4
.text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000900E4
.text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00090120
.text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0009015C
.text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00090198
.text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00090030
.text C:\Windows\system32\wininit.exe[600] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000A00A8
.text C:\Windows\system32\wininit.exe[600] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000A00E4
.text C:\Windows\system32\wininit.exe[600] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 000A0120
.text C:\Windows\system32\wininit.exe[600] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 000A0030
.text C:\Windows\system32\wininit.exe[600] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 000A006C
.text C:\Windows\system32\services.exe[644] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\services.exe[644] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\services.exe[644] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\services.exe[644] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\services.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\services.exe[644] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\services.exe[644] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\services.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\services.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\services.exe[644] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\services.exe[644] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000800A8
.text C:\Windows\system32\services.exe[644] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\services.exe[644] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00080120
.text C:\Windows\system32\services.exe[644] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\services.exe[644] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\lsass.exe[660] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\lsass.exe[660] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\lsass.exe[660] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000800A8
.text C:\Windows\system32\lsass.exe[660] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\lsass.exe[660] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00080120
.text C:\Windows\system32\lsass.exe[660] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\lsass.exe[660] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\lsm.exe[668] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\lsm.exe[668] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\winlogon.exe[716] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00030030
.text C:\Windows\system32\winlogon.exe[716] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0003006C
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00050120
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0005015C
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00050198
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00050030
.text C:\Windows\system32\winlogon.exe[716] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000600A8
.text C:\Windows\system32\winlogon.exe[716] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\winlogon.exe[716] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00060120
.text C:\Windows\system32\winlogon.exe[716] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\winlogon.exe[716] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001D00A8
.text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001D00E4
.text C:\Windows\system32\svchost.exe[852] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 001D0120
.text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 001D0030
.text C:\Windows\system32\svchost.exe[852] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 001D006C
.text C:\Windows\system32\nvvsvc.exe[916] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00150030
.text C:\Windows\system32\nvvsvc.exe[916] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\nvvsvc.exe[916] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\nvvsvc.exe[916] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\nvvsvc.exe[916] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\nvvsvc.exe[916] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\nvvsvc.exe[916] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00170120
.text C:\Windows\system32\nvvsvc.exe[916] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0017015C
.text C:\Windows\system32\nvvsvc.exe[916] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00170198
.text C:\Windows\system32\nvvsvc.exe[916] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00170030
.text C:\Windows\system32\nvvsvc.exe[916] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001800A8
.text C:\Windows\system32\nvvsvc.exe[916] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001800E4
.text C:\Windows\system32\nvvsvc.exe[916] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00180120
.text C:\Windows\system32\nvvsvc.exe[916] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00180030
.text C:\Windows\system32\nvvsvc.exe[916] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[948] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000D00A8
.text C:\Windows\system32\svchost.exe[948] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000D00E4
.text C:\Windows\system32\svchost.exe[948] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 000D0120
.text C:\Windows\system32\svchost.exe[948] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 000D0030
.text C:\Windows\system32\svchost.exe[948] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 000D006C
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[992] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000F00A8
.text C:\Windows\System32\svchost.exe[992] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000F00E4
.text C:\Windows\System32\svchost.exe[992] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 000F0120
.text C:\Windows\System32\svchost.exe[992] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 000F0030
.text C:\Windows\System32\svchost.exe[992] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 000F006C
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000B00A8
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000B00E4
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 000B0120
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 000B0030
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 00C900A8
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 00C900E4
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00C90120
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00C90030
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 00C9006C
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0008006C
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000800A8
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000801D4
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000800E4
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00080120
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0008015C
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00080198
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00080030
.text C:\Windows\system32\svchost.exe[1152] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000E00A8
.text C:\Windows\system32\svchost.exe[1152] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000E00E4
.text C:\Windows\system32\svchost.exe[1152] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 000E0120
.text C:\Windows\system32\svchost.exe[1152] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 000E0030
.text C:\Windows\system32\svchost.exe[1152] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 000E006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000900A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000900E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00090120
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00090030
.text C:\Program Files\Bonjour\mDNSResponder.exe[1236] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0009006C
.text C:\Windows\system32\svchost.exe[1268] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1268] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1340] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1340] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 003100A8
.text C:\Windows\system32\svchost.exe[1340] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 003100E4
.text C:\Windows\system32\svchost.exe[1340] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00310120
.text C:\Windows\system32\svchost.exe[1340] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00310030
.text C:\Windows\system32\svchost.exe[1340] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0031006C
.text C:\Windows\system32\nvvsvc.exe[1448] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00150030
.text C:\Windows\system32\nvvsvc.exe[1448] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\nvvsvc.exe[1448] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\nvvsvc.exe[1448] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\nvvsvc.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\nvvsvc.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\nvvsvc.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00170120
.text C:\Windows\system32\nvvsvc.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0017015C
.text C:\Windows\system32\nvvsvc.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00170198
.text C:\Windows\system32\nvvsvc.exe[1448] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00170030
.text C:\Windows\system32\nvvsvc.exe[1448] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001800A8
.text C:\Windows\system32\nvvsvc.exe[1448] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001800E4
.text C:\Windows\system32\nvvsvc.exe[1448] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00180120
.text C:\Windows\system32\nvvsvc.exe[1448] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00180030
.text C:\Windows\system32\nvvsvc.exe[1448] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\svchost.exe[1528] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1528] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1528] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001500A8
.text C:\Windows\system32\svchost.exe[1528] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001500E4
.text C:\Windows\system32\svchost.exe[1528] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00150120
.text C:\Windows\system32\svchost.exe[1528] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00150030
.text C:\Windows\system32\svchost.exe[1528] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0015006C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1664] kernel32.dll!SetUnhandledExceptionFilter 764AA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\system32\dlcxcoms.exe[1728] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00140030
.text C:\Windows\system32\dlcxcoms.exe[1728] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0014006C
.text C:\Windows\system32\dlcxcoms.exe[1728] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001600A8
.text C:\Windows\system32\dlcxcoms.exe[1728] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001600E4
.text C:\Windows\system32\dlcxcoms.exe[1728] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00160120
.text C:\Windows\system32\dlcxcoms.exe[1728] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00160030
.text C:\Windows\system32\dlcxcoms.exe[1728] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0016006C
.text C:\Windows\system32\dlcxcoms.exe[1728] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\dlcxcoms.exe[1728] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\dlcxcoms.exe[1728] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\dlcxcoms.exe[1728] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\dlcxcoms.exe[1728] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00170120
.text C:\Windows\system32\dlcxcoms.exe[1728] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0017015C
.text C:\Windows\system32\dlcxcoms.exe[1728] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00170198
.text C:\Windows\system32\dlcxcoms.exe[1728] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00170030
.text C:\Windows\system32\AERTSrv.exe[1736] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00150030
.text C:\Windows\system32\AERTSrv.exe[1736] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\AERTSrv.exe[1736] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\AERTSrv.exe[1736] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\AERTSrv.exe[1736] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\AERTSrv.exe[1736] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\AERTSrv.exe[1736] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00170120
.text C:\Windows\system32\AERTSrv.exe[1736] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0017015C
.text C:\Windows\system32\AERTSrv.exe[1736] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00170198
.text C:\Windows\system32\AERTSrv.exe[1736] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00170030
.text C:\Windows\System32\spoolsv.exe[2012] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\spoolsv.exe[2012] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\spoolsv.exe[2012] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\spoolsv.exe[2012] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\spoolsv.exe[2012] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\spoolsv.exe[2012] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\spoolsv.exe[2012] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001200A8
.text C:\Windows\System32\spoolsv.exe[2012] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001200E4
.text C:\Windows\System32\spoolsv.exe[2012] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00120120
.text C:\Windows\System32\spoolsv.exe[2012] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00120030
.text C:\Windows\System32\spoolsv.exe[2012] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0012006C
.text C:\Windows\system32\svchost.exe[2036] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2036] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\svchost.exe[2036] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 009600A8
.text C:\Windows\system32\svchost.exe[2036] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 009600E4
.text C:\Windows\system32\svchost.exe[2036] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00960120
.text C:\Windows\system32\svchost.exe[2036] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00960030
.text C:\Windows\system32\svchost.exe[2036] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0096006C
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001700A8
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00170120
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0017015C
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00170198
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001800A8
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001800E4
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00180120
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00180030
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[2072] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0018006C
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00150030
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0015006C
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001800A8
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001800E4
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00180120
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00180030
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0018006C
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0019006C
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001900A8
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001901D4
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001900E4
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00190120
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0019015C
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00190198
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[2188] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00190030
.text C:\Windows\system32\svchost.exe[2228] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2228] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 000D006C
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000D00A8
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000D01D4
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000D00E4
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 000D0120
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 000D015C
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 000D0198
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 000D0030
.text C:\Windows\system32\svchost.exe[2228] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 002300A8
.text C:\Windows\system32\svchost.exe[2228] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 002300E4
.text C:\Windows\system32\svchost.exe[2228] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00230120
.text C:\Windows\system32\svchost.exe[2228] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00230030
.text C:\Windows\system32\svchost.exe[2228] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0023006C
.text C:\Windows\system32\svchost.exe[2248] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2248] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 000B0120
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 000B015C
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 000B0198
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\SearchIndexer.exe[2304] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\SearchIndexer.exe[2304] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\SearchIndexer.exe[2304] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\SearchIndexer.exe[2304] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\SearchIndexer.exe[2304] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\SearchIndexer.exe[2304] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\SearchIndexer.exe[2304] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\SearchIndexer.exe[2304] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\SearchIndexer.exe[2304] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\SearchIndexer.exe[2304] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\SearchIndexer.exe[2304] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000800A8
.text C:\Windows\system32\SearchIndexer.exe[2304] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\SearchIndexer.exe[2304] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00080120
.text C:\Windows\system32\SearchIndexer.exe[2304] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\SearchIndexer.exe[2304] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\rundll32.exe[2408] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00060030
.text C:\Windows\system32\rundll32.exe[2408] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0006006C
.text C:\Windows\system32\rundll32.exe[2408] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000700A8
.text C:\Windows\system32\rundll32.exe[2408] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000700E4
.text C:\Windows\system32\rundll32.exe[2408] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00070120
.text C:\Windows\system32\rundll32.exe[2408] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00070030
.text C:\Windows\system32\rundll32.exe[2408] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0007006C
.text C:\Windows\system32\rundll32.exe[2408] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0008006C
.text C:\Windows\system32\rundll32.exe[2408] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000800A8
.text C:\Windows\system32\rundll32.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000801D4
.text C:\Windows\system32\rundll32.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000800E4
.text C:\Windows\system32\rundll32.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00080120
.text C:\Windows\system32\rundll32.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0008015C
.text C:\Windows\system32\rundll32.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00080198
.text C:\Windows\system32\rundll32.exe[2408] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00080030
.text C:\Windows\system32\WUDFHost.exe[2548] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\WUDFHost.exe[2548] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\WUDFHost.exe[2548] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\WUDFHost.exe[2548] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\WUDFHost.exe[2548] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\WUDFHost.exe[2548] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\WUDFHost.exe[2548] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00170120
.text C:\Windows\system32\WUDFHost.exe[2548] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0017015C
.text C:\Windows\system32\WUDFHost.exe[2548] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00170198
.text C:\Windows\system32\WUDFHost.exe[2548] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00170030
.text C:\Windows\system32\WUDFHost.exe[2548] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001800A8
.text C:\Windows\system32\WUDFHost.exe[2548] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001800E4
.text C:\Windows\system32\WUDFHost.exe[2548] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00180120
.text C:\Windows\system32\WUDFHost.exe[2548] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00180030
.text C:\Windows\system32\WUDFHost.exe[2548] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\svchost.exe[2564] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00090030
.text C:\Windows\system32\svchost.exe[2564] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0009006C
.text C:\Windows\system32\svchost.exe[2564] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\svchost.exe[2564] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[2564] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\svchost.exe[2564] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[2564] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[2564] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\svchost.exe[2564] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\svchost.exe[2564] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 000B0030
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0009006C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000900A8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000901D4
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000900E4
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00090120
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0009015C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00090198
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00090030
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000A00A8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000A00E4
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 000A0120
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 000A0030
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 000A006C
.text C:\Windows\system32\taskeng.exe[2880] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[2880] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[2880] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[2880] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[2880] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[2880] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[2880] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[2880] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[2880] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[2880] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000C00A8
.text C:\Windows\system32\taskeng.exe[2880] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000C00E4
.text C:\Windows\system32\taskeng.exe[2880] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 000C0120
.text C:\Windows\system32\taskeng.exe[2880] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 000C0030
.text C:\Windows\system32\taskeng.exe[2880] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 000C006C
.text C:\Windows\system32\Dwm.exe[3040] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\Dwm.exe[3040] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\Dwm.exe[3040] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\Dwm.exe[3040] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\Dwm.exe[3040] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\Dwm.exe[3040] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\Dwm.exe[3040] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\Dwm.exe[3040] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\Dwm.exe[3040] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\Dwm.exe[3040] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\Dwm.exe[3040] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000800A8
.text C:\Windows\system32\Dwm.exe[3040] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\Dwm.exe[3040] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00080120
.text C:\Windows\system32\Dwm.exe[3040] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\Dwm.exe[3040] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\taskeng.exe[3072] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[3072] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[3072] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[3072] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[3072] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[3072] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[3072] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[3072] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[3072] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[3072] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[3072] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000800A8
.text C:\Windows\system32\taskeng.exe[3072] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[3072] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[3072] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[3072] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0008006C
.text C:\Program Files\iPod\bin\iPodService.exe[3124] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Program Files\iPod\bin\iPodService.exe[3124] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Program Files\iPod\bin\iPodService.exe[3124] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Program Files\iPod\bin\iPodService.exe[3124] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Program Files\iPod\bin\iPodService.exe[3124] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Program Files\iPod\bin\iPodService.exe[3124] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Program Files\iPod\bin\iPodService.exe[3124] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Program Files\iPod\bin\iPodService.exe[3124] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Program Files\iPod\bin\iPodService.exe[3124] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Program Files\iPod\bin\iPodService.exe[3124] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Program Files\iPod\bin\iPodService.exe[3124] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000800A8
.text C:\Program Files\iPod\bin\iPodService.exe[3124] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000800E4
.text C:\Program Files\iPod\bin\iPodService.exe[3124] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00080120
.text C:\Program Files\iPod\bin\iPodService.exe[3124] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00080030
.text C:\Program Files\iPod\bin\iPodService.exe[3124] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\taskeng.exe[3132] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[3132] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[3132] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\taskeng.exe[3132] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\taskeng.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\taskeng.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\taskeng.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\taskeng.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\taskeng.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\taskeng.exe[3132] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\taskeng.exe[3132] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000C00A8
.text C:\Windows\system32\taskeng.exe[3132] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000C00E4
.text C:\Windows\system32\taskeng.exe[3132] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 000C0120
.text C:\Windows\system32\taskeng.exe[3132] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 000C0030
.text C:\Windows\system32\taskeng.exe[3132] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 000C006C
.text C:\Windows\Explorer.EXE[3148] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00090030
.text C:\Windows\Explorer.EXE[3148] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0009006C
.text C:\Windows\Explorer.EXE[3148] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0053006C
.text C:\Windows\Explorer.EXE[3148] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 005300A8
.text C:\Windows\Explorer.EXE[3148] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 005301D4
.text C:\Windows\Explorer.EXE[3148] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 005300E4
.text C:\Windows\Explorer.EXE[3148] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00530120
.text C:\Windows\Explorer.EXE[3148] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0053015C
.text C:\Windows\Explorer.EXE[3148] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00530198
.text C:\Windows\Explorer.EXE[3148] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00530030
.text C:\Windows\Explorer.EXE[3148] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 005400A8
.text C:\Windows\Explorer.EXE[3148] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 005400E4
.text C:\Windows\Explorer.EXE[3148] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00540120
.text C:\Windows\Explorer.EXE[3148] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00540030
.text C:\Windows\Explorer.EXE[3148] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0054006C
.text C:\Windows\Explorer.EXE[3148] WININET.dll!InternetReadFile 769B654B 5 Bytes JMP 03CC2D20 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Windows\Explorer.EXE[3148] WININET.dll!InternetCloseHandle 769B9088 5 Bytes JMP 03CC2C00 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Windows\Explorer.EXE[3148] WININET.dll!HttpOpenRequestA 769BD508 5 Bytes JMP 03CC2EC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Windows\Explorer.EXE[3148] WININET.dll!InternetConnectA 769BDEAE 5 Bytes JMP 03CC2FC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00150030
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0015006C
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 002B00A8
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 002B00E4
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 002B0120
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 002B0030
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 002B006C
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 002C006C
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 002C00A8
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 002C01D4
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 002C00E4
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 002C0120
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 002C015C
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 002C0198
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3272] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 002C0030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00090030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0009006C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 000B006C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000B00A8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000B01D4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000B00E4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 000B0120
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 000B015C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 000B0198
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 000B0030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000C00A8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000C00E4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 000C0120
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 000C0030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3292] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 000C006C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 000D006C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000D00A8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000D01D4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000D00E4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 000D0120
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 000D015C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 000D0198
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 000D0030
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000E00A8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000E00E4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 000E0120
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 000E0030
.text C:\Program Files\Windows Sidebar\sidebar.exe[3384] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 000E006C
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000800A8
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000800E4
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00080120
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00080030
.text C:\Program Files\Windows Defender\MSASCui.exe[3420] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0008006C
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00140030
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0014006C
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001600A8
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001600E4
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00160120
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00160030
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0016006C
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001700A8
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00170120
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0017015C
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00170198
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3556] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00170030
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00150030
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0015006C
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001700A8
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001700E4
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00170120
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00170030
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001800A8
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00180120
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0018015C
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00180198
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3572] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00180030
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00160030
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0016006C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001700A8
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00170120
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0017015C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00170198
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00170030
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001800A8
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001800E4
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00180120
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00180030
.text C:\Program Files\Java\jre6\bin\jusched.exe[3596] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0018006C
.text C:\Windows\RtHDVCpl.exe[3632] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00150030
.text C:\Windows\RtHDVCpl.exe[3632] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0015006C
.text C:\Windows\RtHDVCpl.exe[3632] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0017006C
.text C:\Windows\RtHDVCpl.exe[3632] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001700A8
.text C:\Windows\RtHDVCpl.exe[3632] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001701D4
.text C:\Windows\RtHDVCpl.exe[3632] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001700E4
.text C:\Windows\RtHDVCpl.exe[3632] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00170120
.text C:\Windows\RtHDVCpl.exe[3632] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0017015C
.text C:\Windows\RtHDVCpl.exe[3632] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00170198
.text C:\Windows\RtHDVCpl.exe[3632] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00170030
.text C:\Windows\RtHDVCpl.exe[3632] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001800A8
.text C:\Windows\RtHDVCpl.exe[3632] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001800E4
.text C:\Windows\RtHDVCpl.exe[3632] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00180120
.text C:\Windows\RtHDVCpl.exe[3632] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00180030
.text C:\Windows\RtHDVCpl.exe[3632] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0018006C
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001700A8
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001700E4
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00170120
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001800A8
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00180120
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0018015C
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00180198
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3640] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00180030
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00150030
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0015006C
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 002C00A8
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 002C00E4
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 002C0120
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 002C0030
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 002C006C
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 002D006C
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 002D00A8
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 002D01D4
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 002D00E4
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 002D0120
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 002D015C
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 002D0198
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3644] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 002D0030
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000800A8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000800E4
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00080120
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00080030
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3704] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0008006C
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000800A8
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000800E4
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00080120
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00080030
.text C:\Program Files\iTunes\iTunesHelper.exe[3716] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0008006C
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00150030
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0015006C
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001700A8
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001700E4
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00170120
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00170030
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0017006C
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001800A8
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00180120
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0018015C
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00180198
.text C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe[3728] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00180030
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0009006C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000900A8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000901D4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000900E4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00090120
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0009015C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00090198
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00090030
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000A00A8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000A00E4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 000A0120
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 000A0030
.text C:\Program Files\Windows Sidebar\sidebar.exe[3764] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 000A006C
.text C:\Program Files\Curse\CurseClient.exe[3816] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00150030
.text C:\Program Files\Curse\CurseClient.exe[3816] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0015006C
.text C:\Program Files\Curse\CurseClient.exe[3816] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Curse\CurseClient.exe[3816] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001700A8
.text C:\Program Files\Curse\CurseClient.exe[3816] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Curse\CurseClient.exe[3816] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Curse\CurseClient.exe[3816] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00170120
.text C:\Program Files\Curse\CurseClient.exe[3816] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0017015C
.text C:\Program Files\Curse\CurseClient.exe[3816] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00170198
.text C:\Program Files\Curse\CurseClient.exe[3816] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00170030
.text C:\Program Files\Curse\CurseClient.exe[3816] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001800A8
.text C:\Program Files\Curse\CurseClient.exe[3816] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001800E4
.text C:\Program Files\Curse\CurseClient.exe[3816] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00180120
.text C:\Program Files\Curse\CurseClient.exe[3816] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00180030
.text C:\Program Files\Curse\CurseClient.exe[3816] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0018006C
.text C:\Program Files\Skype\Phone\Skype.exe[3836] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00150030
.text C:\Program Files\Skype\Phone\Skype.exe[3836] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0015006C
.text C:\Program Files\Skype\Phone\Skype.exe[3836] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001800A8
.text C:\Program Files\Skype\Phone\Skype.exe[3836] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001800E4
.text C:\Program Files\Skype\Phone\Skype.exe[3836] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00180120
.text C:\Program Files\Skype\Phone\Skype.exe[3836] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00180030
.text C:\Program Files\Skype\Phone\Skype.exe[3836] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0018006C
.text C:\Program Files\Skype\Phone\Skype.exe[3836] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0019006C
.text C:\Program Files\Skype\Phone\Skype.exe[3836] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001900A8
.text C:\Program Files\Skype\Phone\Skype.exe[3836] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001901D4
.text C:\Program Files\Skype\Phone\Skype.exe[3836] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001900E4
.text C:\Program Files\Skype\Phone\Skype.exe[3836] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00190120
.text C:\Program Files\Skype\Phone\Skype.exe[3836] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0019015C
.text C:\Program Files\Skype\Phone\Skype.exe[3836] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00190198
.text C:\Program Files\Skype\Phone\Skype.exe[3836] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00190030
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000700A8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000700E4
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00070120
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00070030
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0007006C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0008006C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000800A8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000801D4
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000800E4
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00080120
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0008015C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00080198
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3848] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00080030
.text C:\Windows\system32\svchost.exe[5000] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[5000] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[5000] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[5000] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[5000] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[5000] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[5000] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[5000] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[5000] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[5000] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\sdclt.exe[5132] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\sdclt.exe[5132] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\sdclt.exe[5132] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\sdclt.exe[5132] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\sdclt.exe[5132] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\sdclt.exe[5132] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\sdclt.exe[5132] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\sdclt.exe[5132] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\sdclt.exe[5132] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\sdclt.exe[5132] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\sdclt.exe[5132] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000800A8
.text C:\Windows\system32\sdclt.exe[5132] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\sdclt.exe[5132] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00080120
.text C:\Windows\system32\sdclt.exe[5132] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\sdclt.exe[5132] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0008006C
.text C:\Users\Joel\Desktop\gmer.exe[5324] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00150030
.text C:\Users\Joel\Desktop\gmer.exe[5324] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0015006C
.text C:\Users\Joel\Desktop\gmer.exe[5324] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 001A006C
.text C:\Users\Joel\Desktop\gmer.exe[5324] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 001A00A8
.text C:\Users\Joel\Desktop\gmer.exe[5324] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 001A01D4
.text C:\Users\Joel\Desktop\gmer.exe[5324] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 001A00E4
.text C:\Users\Joel\Desktop\gmer.exe[5324] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 001A0120
.text C:\Users\Joel\Desktop\gmer.exe[5324] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 001A015C
.text C:\Users\Joel\Desktop\gmer.exe[5324] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 001A0198
.text C:\Users\Joel\Desktop\gmer.exe[5324] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 001A0030
.text C:\Users\Joel\Desktop\gmer.exe[5324] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 001B00A8
.text C:\Users\Joel\Desktop\gmer.exe[5324] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 001B00E4
.text C:\Users\Joel\Desktop\gmer.exe[5324] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 001B0120
.text C:\Users\Joel\Desktop\gmer.exe[5324] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 001B0030
.text C:\Users\Joel\Desktop\gmer.exe[5324] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 001B006C
.text C:\Windows\System32\mobsync.exe[5736] ntdll.dll!LdrLoadDll 778F93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\mobsync.exe[5736] ntdll.dll!LdrUnloadDll 7790B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\mobsync.exe[5736] ADVAPI32.dll!CreateServiceW 75FB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\mobsync.exe[5736] ADVAPI32.dll!DeleteService 75FBA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\mobsync.exe[5736] ADVAPI32.dll!SetServiceObjectSecurity 75FF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\mobsync.exe[5736] ADVAPI32.dll!ChangeServiceConfigA 75FF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\mobsync.exe[5736] ADVAPI32.dll!ChangeServiceConfigW 75FF6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\mobsync.exe[5736] ADVAPI32.dll!ChangeServiceConfig2A 75FF7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\mobsync.exe[5736] ADVAPI32.dll!ChangeServiceConfig2W 75FF71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\mobsync.exe[5736] ADVAPI32.dll!CreateServiceA 75FF72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\mobsync.exe[5736] USER32.dll!SetWindowsHookExA 77A86322 5 Bytes JMP 000800A8
.text C:\Windows\System32\mobsync.exe[5736] USER32.dll!SetWindowsHookExW 77A887AD 5 Bytes JMP 000800E4
.text C:\Windows\System32\mobsync.exe[5736] USER32.dll!UnhookWindowsHookEx 77A898DB 5 Bytes JMP 00080120
.text C:\Windows\System32\mobsync.exe[5736] USER32.dll!SetWinEventHook 77A89F3A 5 Bytes JMP 00080030
.text C:\Windows\System32\mobsync.exe[5736] USER32.dll!UnhookWinEvent 77A8C06F 5 Bytes JMP 0008006C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


(post to long, continued)
DDS

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Joel at 12:24:45.77 on Tue 04/26/2011
Internet Explorer: 8.0.6001.19048
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1124 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Joel\Downloads\iExplore.exe
C:\Users\Joel\AppData\Local\Temp\RarSFX3\procs\iexplore.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Users\Joel\AppData\Local\Temp\RarSFX3\procs\iexplore.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Users\Joel\AppData\Local\Temp\RarSFX3\h\iexplore.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Runtime Software\DriveImage XML\dixml.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Joel\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.wowhead.com/
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joel\appdata\roaming\mozilla\firefox\profiles\70gpl1to.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: myFireFox: {e213bb8f-8ebd-11db-96b7-005056c00008} - %profile%\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2009-11-8 4608]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-10 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-27 301528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-27 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-3-27 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-27 42184]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-11-8 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-6-5 88176]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-26 17:17:07 -------- d-----w- c:\program files\Runtime Software
2011-04-26 17:15:10 -------- d-----w- c:\users\joel\appdata\local\MigWiz
2011-04-26 11:32:54 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{c15632e8-d94d-4790-acd1-1e116abe5a39}\mpengine.dll
2011-04-25 03:04:28 388096 ----a-r- c:\users\joel\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-25 03:04:27 -------- d-----w- c:\program files\Trend Micro
2011-04-20 21:36:55 -------- d-----w- c:\users\joel\appdata\local\{A98B4E6F-AF80-4D7E-9702-200A7CB08D79}
2011-04-20 21:35:15 -------- d-----w- c:\users\joel\appdata\roaming\079F8EDF9968C979723FA9280D109501
2011-04-14 04:55:40 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-09 22:44:36 -------- d-----w- c:\users\joel\appdata\roaming\.minecraft
2011-04-05 04:40:44 -------- d-----w- c:\program files\BearShare Applications
2011-04-05 04:39:40 -------- dc-h--w- c:\progra~2\~0
2011-04-05 04:39:40 -------- d--h--w- c:\progra~2\{888803CF-24CB-4360-955A-9B6EE8BEEDC1}
2011-04-05 04:39:20 -------- d-----w- c:\users\joel\appdata\local\PackageAware
.
==================== Find3M ====================
.
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 06:23:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
c:\windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce™ SATA Driver
1 ntkrnlpa!IofCallDriver[0x82A4A912] -> \Device\Harddisk0\DR0[0x866A0AC8]
3 CLASSPNP[0x88F9E8B3] -> ntkrnlpa!IofCallDriver[0x82A4A912] -> [0x858848F8]
5 acpi[0x8880B6BC] -> ntkrnlpa!IofCallDriver[0x82A4A912] -> \Device\00000055[0x85866C90]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!
.
============= FINISH: 12:26:32.13 ===============


Thanks in advanced.

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 27 April 2011 - 04:58 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:57 AM

Posted 07 May 2011 - 02:34 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Nile

Nile
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 07 May 2011 - 09:11 PM

RKUnhooker

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8D80E000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11001856 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 258.96 )
0x8F00A000 C:\Windows\system32\DRIVERS\lvuvc.sys 6836224 bytes (Logitech Inc., Logitech USB Video Class Driver)
0x82A49000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82A49000 PnpManager 3907584 bytes
0x82A49000 RAW 3907584 bytes
0x82A49000 WMIxWDM 3907584 bytes
0x98600000 Win32k 2113536 bytes
0x98600000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8E800000 C:\Windows\system32\drivers\RTKVHDA.sys 2052096 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x88A01000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x83677000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8D00F000 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 1064960 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8D29C000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1048576 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x88805000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x80666000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA0E9B000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8D113000 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9D205000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8E28E000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8D20F000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80746000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x83606000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9D310000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8E4A5000 C:\Windows\System32\Drivers\aswSnx.SYS 385024 bytes (AVAST Software, avast! Virtualization Driver)
0x8F6E5000 C:\Windows\system32\DRIVERS\WG11TND5.sys 364544 bytes (NETGEAR, Inc., Driver for NETGEAR WG111T)
0xA0E0C000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x834A6000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8E5AD000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8EEFB000 C:\Windows\System32\Drivers\aswSP.SYS 294912 bytes (AVAST Software, avast! self protection module)
0x88985000 C:\Windows\system32\DRIVERS\VSTBS23.SYS 294912 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x8340A000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80625000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x83548000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x88938000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8EE9E000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x837AD000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8EFB3000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88B11000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8EF5C000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8E40D000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82A16000 ACPI_HAL 208896 bytes
0x82A16000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x835A6000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8EE0E000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8E33A000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8E453000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x83782000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x889CD000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9D2C9000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA0E73000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8D1D3000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88B61000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x83461000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8E480000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8E396000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x88B99000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9D3C8000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8EE77000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8E526000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8EF94000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8351D000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8F7C1000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes
0x83589000 C:\Windows\system32\DRIVERS\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x9D37D000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x888EF000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8F6A1000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9D39A000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8D39C000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8F6C7000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8EEE4000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8E374000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8EF43000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8F794000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8EE40000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8E579000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9D3B3000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8E3DC000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8F76E000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA0F8F000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8E3C8000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8E599000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x9D2FD000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8EE64000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8F68F000 C:\Windows\system32\drivers\usbaudio.sys 73728 bytes (Microsoft Corporation, USB Audio Class Driver)
0xA0FA4000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x88B88000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8E442000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8060C000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8891E000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x835D8000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8F747000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9D2B9000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x83505000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8D3BA000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8F7E8000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88B52000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x83488000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8E3B9000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x88976000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x83497000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x98840000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8EE56000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8E562000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x834F7000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8F7AA000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D1C6000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8353B000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x8D3D4000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8F757000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
0x807C2000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA0F83000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8E51A000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8E32E000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8E3F1000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8D800000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8E557000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E38B000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E369000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8890A000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E58F000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x8F7B7000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8F7DE000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8D3CA000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9D2F3000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8EEDA000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA0F79000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8892E000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8F764000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0x88BBA000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8E9F5000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8F73E000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA0FDD000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xA0E00000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8E570000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x98820000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88915000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x83450000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x83515000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8061D000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0xA0FE6000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x83459000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8E547000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8E54F000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88B4A000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8E503000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8E513000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80605000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x88BC3000 C:\Windows\system32\DRIVERS\null.sys 28672 bytes (Microsoft Corporation, NULL Driver)
0x834F0000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8D3B4000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8EE98000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xA0FEE000 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 24576 bytes ( SUPERAdBlocker.com and SUPERAntiSpyware.com, SASENUM.SYS)
0x8E5F5000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xA0FB6000 C:\Windows\system32\Drivers\LVPr2Mon.sys 20480 bytes (-, -)
0x9D2B5000 C:\Windows\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0x8F6BC000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8E28C000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 258.96 )
0x8D80B000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8EF5A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================


OTL

OTL logfile created on: 5/7/2011 9:04:51 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Joel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 58.20 Gb Free Space | 20.21% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive E: | 177.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOSHY | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 21:03:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
PRC - [2011/04/12 19:51:02 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/02/08 12:21:52 | 001,114,040 | ---- | M] (MusicLab, LLC) -- C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2010/12/14 09:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/03/29 10:29:04 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/02/28 17:32:43 | 001,845,248 | ---- | M] () -- C:\Program Files\Curse\CurseClient.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/01/12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/11/03 20:07:04 | 000,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe
PRC - [2006/11/03 17:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\memcard.exe


========== Modules (SafeList) ==========

MOD - [2011/05/07 21:03:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
MOD - [2011/03/28 11:48:30 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2006/11/03 20:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 09:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2010/07/27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 08:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/02/17 13:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 13:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/02 02:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2005/09/05 14:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WG11TND5.sys -- (AR5523)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1397536673-1070165821-878011073-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.gmail.com/http://www.facebook.com/ [binary data]
IE - HKU\S-1-5-21-1397536673-1070165821-878011073-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wowhead.com/
IE - HKU\S-1-5-21-1397536673-1070165821-878011073-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1397536673-1070165821-878011073-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1397536673-1070165821-878011073-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1397536673-1070165821-878011073-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&systemid=2&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/07 20:52:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 06:40:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 06:40:25 | 000,000,000 | ---D | M]

[2011/04/04 23:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Extensions
[2011/04/27 16:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\70gpl1to.default\extensions
[2010/06/05 23:21:10 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\70gpl1to.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/08/17 22:47:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\70gpl1to.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/13 19:53:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\70gpl1to.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/30 05:57:17 | 000,000,000 | ---D | M] (ShopToWin2) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\70gpl1to.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2011/03/29 10:26:30 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\70gpl1to.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/04/04 23:42:59 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\70gpl1to.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2010/06/05 23:18:29 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\70gpl1to.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010/06/05 23:27:40 | 000,000,000 | ---D | M] (Glasser) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\70gpl1to.default\extensions\glasser@sixxgate.com
[2010/06/05 23:24:44 | 000,000,000 | ---D | M] (myFireFox &amp; Vista-aero Modifier) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\70gpl1to.default\extensions\myfxva@Merci.chao
[2011/03/06 15:21:39 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\70gpl1to.default\extensions\plugin@yontoo.com
[2010/06/05 23:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\70gpl1to.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2011/03/30 05:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\70gpl1to.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\extensionManager
[2010/06/05 23:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\70gpl1to.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010/09/14 07:48:25 | 000,002,506 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\70gpl1to.default\searchplugins\BearShareWebSearch.xml
[2011/04/05 20:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/14 07:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2010/06/12 17:27:16 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1397536673-1070165821-878011073-1000..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe ()
O4 - HKU\S-1-5-21-1397536673-1070165821-878011073-1000..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKU\S-1-5-21-1397536673-1070165821-878011073-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Joel\Desktop\Sunset.jpg
O24 - Desktop BackupWallPaper: C:\Users\Joel\Desktop\Sunset.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999/05/29 03:08:54 | 000,000,061 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{26690e31-d046-11de-922f-00146ce863fb}\Shell - "" = AutoRun
O33 - MountPoints2\{26690e31-d046-11de-922f-00146ce863fb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{2dcb1785-c712-11de-979c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2dcb1785-c712-11de-979c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe
O33 - MountPoints2\{d4dfd082-fcce-11df-91cd-00146ce863fb}\Shell - "" = AutoRun
O33 - MountPoints2\{d4dfd082-fcce-11df-91cd-00146ce863fb}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1999/05/29 03:08:54 | 000,082,432 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1397536673-1070165821-878011073-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1397536673-1070165821-878011073-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 21:03:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
[2011/04/26 17:37:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/26 17:37:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/26 17:37:12 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/26 12:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
[2011/04/26 12:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2011/04/26 12:15:10 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\MigWiz
[2011/04/24 22:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/24 22:04:27 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/24 19:18:10 | 000,000,000 | ---D | C] -- C:\Users\Joel\Desktop\World1
[2011/04/20 16:36:55 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\{A98B4E6F-AF80-4D7E-9702-200A7CB08D79}
[2011/04/20 16:35:15 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\079F8EDF9968C979723FA9280D109501
[2011/04/13 23:56:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/13 23:56:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/13 23:56:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/13 23:56:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/13 23:56:30 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/13 23:56:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/13 23:56:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/13 23:56:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/13 23:56:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/13 23:56:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/13 23:56:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/13 23:56:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/13 23:56:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/13 23:56:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/13 23:56:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/13 23:56:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/13 23:56:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/13 23:56:23 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/13 23:56:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/13 23:56:18 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/13 23:56:17 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/13 23:56:12 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/13 23:56:08 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/13 23:56:03 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/13 23:56:03 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/09 17:44:36 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\.minecraft
[2010/03/13 19:30:14 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2010/03/13 19:30:14 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2010/03/13 19:30:14 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2010/03/13 19:30:13 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2006/11/03 20:07:06 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2006/11/03 20:07:04 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2006/11/03 20:07:02 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2006/10/11 21:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2006/10/11 20:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2006/10/11 20:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2006/10/11 20:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2006/10/11 20:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2006/10/11 20:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2006/10/11 20:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2006/10/11 20:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/05/07 21:09:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/07 21:03:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
[2011/05/07 20:53:59 | 000,133,632 | ---- | M] () -- C:\Users\Joel\Desktop\RKUnhookerLE.EXE
[2011/05/07 20:52:01 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/07 20:52:01 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/07 20:49:03 | 000,055,637 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/07 20:49:03 | 000,055,637 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/07 20:48:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/07 20:47:14 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 20:47:13 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 20:47:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 20:47:06 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/07 20:47:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/04/26 12:23:53 | 000,625,664 | ---- | M] () -- C:\Users\Joel\Desktop\dds.scr
[2011/04/26 12:22:20 | 000,000,000 | ---- | M] () -- C:\Users\Joel\defogger_reenable
[2011/04/26 12:17:09 | 000,000,938 | ---- | M] () -- C:\Users\Joel\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2011/04/26 12:17:09 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2011/04/26 07:09:42 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/04/24 22:55:17 | 000,000,539 | ---- | M] () -- C:\Users\Joel\Desktop\iExplore - Shortcut.lnk
[2011/04/24 22:04:27 | 000,001,946 | ---- | M] () -- C:\Users\Joel\Desktop\HiJackThis.lnk
[2011/04/24 21:10:11 | 000,014,336 | ---- | M] () -- C:\Users\Joel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/24 20:51:18 | 000,000,806 | ---- | M] () -- C:\Users\Joel\Desktop\World of Warcraft.lnk
[2011/04/24 19:36:59 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/24 19:36:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/24 18:33:58 | 000,011,984 | -HS- | M] () -- C:\Users\Joel\AppData\Local\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3
[2011/04/24 18:33:58 | 000,011,984 | -HS- | M] () -- C:\ProgramData\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3
[2011/04/14 03:28:48 | 000,314,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/05/07 20:53:55 | 000,133,632 | ---- | C] () -- C:\Users\Joel\Desktop\RKUnhookerLE.EXE
[2011/04/26 12:30:17 | 000,301,568 | ---- | C] () -- C:\Users\Joel\Desktop\gmer.exe
[2011/04/26 12:23:46 | 000,625,664 | ---- | C] () -- C:\Users\Joel\Desktop\dds.scr
[2011/04/26 12:22:20 | 000,000,000 | ---- | C] () -- C:\Users\Joel\defogger_reenable
[2011/04/26 12:17:09 | 000,000,938 | ---- | C] () -- C:\Users\Joel\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2011/04/26 12:17:09 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2011/04/25 18:56:58 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/24 22:55:17 | 000,000,539 | ---- | C] () -- C:\Users\Joel\Desktop\iExplore - Shortcut.lnk
[2011/04/24 19:36:59 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/24 18:31:46 | 000,011,984 | -HS- | C] () -- C:\Users\Joel\AppData\Local\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3
[2011/04/24 18:31:46 | 000,011,984 | -HS- | C] () -- C:\ProgramData\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3
[2011/04/06 16:04:13 | 000,000,680 | ---- | C] () -- C:\Users\Joel\AppData\Local\d3d9caps.dat
[2011/04/05 18:46:12 | 000,012,858 | -HS- | C] () -- C:\Users\Joel\AppData\Local\3lhqy33xpt11p
[2011/04/05 18:46:12 | 000,012,858 | -HS- | C] () -- C:\ProgramData\3lhqy33xpt11p
[2011/02/05 22:35:37 | 000,014,336 | ---- | C] () -- C:\Users\Joel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/09 14:54:35 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/01 16:08:00 | 000,055,637 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/01 16:08:00 | 000,055,637 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/01 07:04:53 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 07:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/04/10 20:55:16 | 000,000,227 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/04/10 20:55:14 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2010/03/13 19:30:15 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2010/01/30 00:48:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/30 01:45:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/12/29 11:11:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/12/29 11:11:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/07 22:32:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/07 21:51:44 | 000,000,000 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\wklnhst.dat
[2009/11/14 20:31:53 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2009/11/14 20:31:53 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2009/11/01 14:31:35 | 000,651,264 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2009/11/01 14:31:35 | 000,192,512 | R--- | C] () -- C:\Windows\System32\AegisI5.exe
[2009/11/01 14:31:35 | 000,149,392 | ---- | C] () -- C:\Windows\System32\drivers\ar5523.bin
[2009/11/01 14:31:35 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,314,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/28 13:31:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2006/10/20 23:07:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2006/10/20 23:06:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2006/10/20 23:03:28 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2006/10/20 22:57:40 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2006/10/20 22:56:52 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2006/10/20 22:55:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2006/10/20 22:54:42 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2006/10/20 22:48:38 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2006/10/20 22:46:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2006/09/22 10:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/09/06 09:13:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2006/08/08 18:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/04/24 18:09:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2006/03/19 22:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

< End of report >



EXTRAS

OTL Extras logfile created on: 5/7/2011 9:04:51 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Joel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 58.20 Gb Free Space | 20.21% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive E: | 177.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOSHY | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1397536673-1070165821-878011073-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108BAD89-E44C-447A-8C56-8E3E397E96AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{133A66FC-6124-4529-9514-75DDF28098AE}" = lport=445 | protocol=6 | dir=in | app=system |
"{1C336694-C84C-44CB-81C2-E7CCF494F337}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1CDA61DF-9171-4C8D-BD41-F09F9848A771}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20A1F8AB-6FE2-46E1-AA33-D3809B764D11}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2E9562F3-49D8-4A5F-931F-1DC3D324E8B9}" = rport=139 | protocol=6 | dir=out | app=system |
"{2F658FC9-911E-4541-BBA2-204BDB261CEB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{89CBB38B-36B3-41BF-A0C1-B954BA8C80D3}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{918F0BD4-86F3-4DF5-BF46-B432553A0BFD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{96D205DD-AD27-4C35-900F-653CA2EAA89B}" = lport=138 | protocol=17 | dir=in | app=system |
"{97100944-18FD-406F-8C4A-D27F174DEDBB}" = lport=137 | protocol=17 | dir=in | app=system |
"{A71FCC06-772A-41CB-B32D-8C21511618DF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AA527A11-68CB-4972-B612-63D6F4624E27}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B274DB3E-9994-4D8C-B973-5F4EE6EDC7FC}" = rport=138 | protocol=17 | dir=out | app=system |
"{B99209F2-83E4-414F-BCE2-2AFE7ED109C7}" = lport=139 | protocol=6 | dir=in | app=system |
"{C860BC4C-2692-488B-AFED-88CD82AB0A2E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CABA7786-866F-40E2-B9E6-A02B29D543AE}" = rport=137 | protocol=17 | dir=out | app=system |
"{D23F5CB0-0A96-458A-9D04-32EF505023EB}" = rport=445 | protocol=6 | dir=out | app=system |
"{F0FC365E-6CCE-4294-9E5C-F0EF618AD5EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0101E3CC-10F8-417F-B756-8FF45044426E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{01504B61-488D-46FD-AC3A-C67E9D57D9A1}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{02AC7BA1-8D71-4821-826F-F064EDA472F1}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{0D83E539-956A-4F5A-B92F-066389E24539}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{0E9E7847-F951-4C23-BCFD-33927FD05062}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{19AD7359-9528-429A-A042-888E75FA77DE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1C20844D-5104-4281-AE4D-E6298EBA23E7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{22513DAA-6076-43B9-B502-125D05C54B0F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{22E4EA46-099D-4E09-80C1-BF07426D15E5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{259D0A29-71EA-482C-B2BD-E817F7580D09}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{25C1D827-2DF2-4D97-9572-344071CAFBD5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A34DB15-D30D-4A1C-972B-6B74EBA0B393}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{2AF9313F-DC9D-4647-826C-3F02DC94B1F6}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlcxpswx.exe |
"{2D5594A5-EE71-4904-9759-59160BBD9756}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{34420C1C-C7CC-4404-99E8-8EDA4CB2BDEE}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{39429394-E7C2-4AA3-B727-2B04495828CB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{3A024849-833E-4932-8C58-E11869E5744F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{496EA7C2-AC72-4C38-94C0-A6ADCA5376D9}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{504FEFBD-9BDF-43A0-9851-C25E39BEF2EF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{5B864455-277B-4423-AD6C-749E8337581E}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{5CA0A3F3-87BF-433B-87A3-BA605B303412}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5D10242D-C384-415C-AC04-C6CCDD13F84F}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{6193FC71-D597-44CB-B3D1-9E9F96D5C025}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{694FF918-5ACA-45FD-80D8-757295E4C203}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{6DF3F9B0-AF25-4B40-9BBD-0B292D423A5A}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{8089E7CB-35B0-4367-A10A-5537DA21DE6F}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{82F0A7DD-75FB-4575-BD2D-1FD237AF7BA3}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{83088248-9138-497D-8FD7-1EFBFB0FF984}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{83DEBBCF-BE40-41E2-B9A4-1456990B1D2D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85340F9B-4F99-4EEB-8AEB-06B777D056C7}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{9610FC90-9ABE-43B2-9D5A-9DF2212DA511}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{96E8879F-D942-4A7F-8553-0A18A4AA90A3}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{A8A20D3B-D4B6-4452-B36F-6D932D6F2B66}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B03B15CB-68A3-4120-A4CB-06DEF0D6D2FF}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{B23AE655-FE9B-4ACA-8736-9A74DAB3079B}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B457AF20-3ED7-4FDB-BE56-4FC1BE4E4708}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{BAB0D173-66F0-46D2-B681-5B6389AB5FBB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BDB4AAB7-00B3-4077-B26E-43FD0A502C43}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{C82FF8F3-0C25-4CA9-A41D-51CE430109DD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CA427091-8FC5-45C1-8235-01289FE57A29}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{CAEF0488-EEC7-4841-A679-8AA28451926E}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{D14C0DD7-53FA-4154-8ABF-42088BD155D0}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{D44474B4-827F-4773-AD49-1FAECD2BA8A2}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{DDEAAA2C-A6FD-478D-8EAC-BE77806D5767}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF86DB81-BC1F-4DF6-A451-C3198D872D40}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{E30C7B3E-4C24-418F-9165-E3C4D2951514}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{E587F661-1EDD-4990-B7DD-07D1D7418B0A}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{E5BE5A9C-2A6B-4CDA-AF53-3F653786B8D4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlcxpswx.exe |
"{EF1EFE3E-4AA6-4BE8-98A0-2ACC74FE5D3E}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{EFB6ED9F-1B97-4C3A-B397-2D015C552C4F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F6F28355-97AB-4C0A-889E-5AD92712D781}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{F8F4FBC8-125D-4687-860F-F86227FFDE60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F94094FF-22CB-43E5-AA81-48434D2A52FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEDCE43A-B2DE-487F-9AD9-6F44453B2AC5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"TCP Query User{10AFB3A7-0657-446A-AFA5-8986C28DD9EA}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{13CBBE93-CB11-4F74-B253-BC5262553914}C:\program files\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{16C46C1C-84F2-4601-A0E2-292B88530D33}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{1937A406-F7EE-4C2F-BBAA-70A7BFBBEF2A}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |
"TCP Query User{3A5DCB45-E02E-458F-854E-D8D20AFEB63C}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{3B8294A4-9F2B-4642-9801-C2D2F3A0D1AC}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{44C5D65C-31CD-40BB-B881-3DCFEF182EB2}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |
"TCP Query User{6C5AA723-E61E-41B0-BBA1-9733A1ACA5A1}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{87946935-6C54-45C1-A228-A1309D612485}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"TCP Query User{94AD14D3-65FD-458A-97EC-06D3691259A6}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{9E4ACE2D-F295-49ED-AB78-D0398DF2690A}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{ADE71665-1EC2-4AEE-B089-FE361B2D0D33}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
"TCP Query User{AF3DD162-188F-4061-B7DF-9DB40451E156}C:\users\joel\desktop\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\joel\desktop\wow-3.0.1.8874-ptr-us-installer-downloader.exe |
"TCP Query User{C6EB62E7-E2EA-4720-A27E-13389604E517}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"TCP Query User{C7759D8D-B3D2-4E06-8C86-802C6BE9EBBE}C:\users\joel\desktop\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\joel\desktop\wow-3.0.1.8874-ptr-us-installer-downloader.exe |
"TCP Query User{CBB9996F-E806-4930-9522-C4E933879F48}C:\users\joel\appdata\local\microsoft\windows\temporary internet files\content.ie5\u5nqfozq\wow-3.0.1.8874-ptr-us-installer-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\joel\appdata\local\microsoft\windows\temporary internet files\content.ie5\u5nqfozq\wow-3.0.1.8874-ptr-us-installer-downloader[1].exe |
"TCP Query User{CD0AF906-3AA2-4587-9D4E-DCAB00071598}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"TCP Query User{D2190FBC-42F5-4EB5-BBFC-41491B635EE2}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{E7B2B47F-4F4C-4F16-9C76-A2B1A2867BBD}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{E8349A6B-E96E-4373-A1CF-F3632C18072E}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"TCP Query User{EFCE3B11-5027-420C-B97E-43416F791193}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"UDP Query User{0B34975F-2447-45B6-A42B-08A9F0E248A5}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{0C862B23-A736-4CEF-AD4B-44D37C74F822}C:\users\joel\appdata\local\microsoft\windows\temporary internet files\content.ie5\u5nqfozq\wow-3.0.1.8874-ptr-us-installer-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\joel\appdata\local\microsoft\windows\temporary internet files\content.ie5\u5nqfozq\wow-3.0.1.8874-ptr-us-installer-downloader[1].exe |
"UDP Query User{1012AABD-DB34-4843-A41A-AFB57DECD5D8}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"UDP Query User{14762A1E-26FC-4740-B849-D0FDB15407DE}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"UDP Query User{27FDD0D3-3F63-46CF-9CC6-5836718CE013}C:\program files\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{2EB83430-CEA1-48B2-81A2-0C6BF099DF8A}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{3484B242-2164-4DD2-883F-489D60A5CD65}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{387F8D0C-4367-46E5-BDCC-0144FFF4884A}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{4B051ACE-9834-4B58-87C1-7F5845E79A1A}C:\users\joel\desktop\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\joel\desktop\wow-3.0.1.8874-ptr-us-installer-downloader.exe |
"UDP Query User{63C638BC-74CC-49A6-A216-10A73EE3F389}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |
"UDP Query User{7AABF3F5-074E-406A-8768-FB13861CB578}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
"UDP Query User{9D4B2CEB-450D-42AA-AA86-EDA1896FD12C}C:\users\joel\desktop\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\joel\desktop\wow-3.0.1.8874-ptr-us-installer-downloader.exe |
"UDP Query User{B953E919-C5D9-4C01-8630-6F0E31BD1737}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{BD6C35AD-C0FC-4AC9-935E-35D8D736440A}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"UDP Query User{C1155670-D5C4-41C2-A98A-FDA5C0D68931}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"UDP Query User{D0F355EF-C72C-4191-80DE-9F9631879343}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{E0403F28-5BA7-46FB-8649-D4A69A55D362}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{E58BDBE9-9F70-48CB-859D-EAC027584932}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{E8D93BE1-F7EC-4DB7-A63D-B7737326AB63}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |
"UDP Query User{E98B9A52-878B-4166-B2BC-F2E990008EB7}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"UDP Query User{F8965CD2-E6A8-464B-B521-B237276595F5}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A7F6127-CF84-476E-B2DE-F3CC912CBF6C}" = RuneScape
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"BearShare" = BearShare
"BearShare 2 MediaBar" = MediaBar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CurseClient" = Curse Client
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"ESET Online Scanner" = ESET Online Scanner v3
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3
"Native Instruments Audio 8 DJ" = Native Instruments Audio 8 DJ
"Native Instruments Service Center" = Native Instruments Service Center
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"RollerCoaster Tycoon Setup" = Roll
"StarCraft II" = StarCraft II
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1397536673-1070165821-878011073-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"NetAssistant" = NetAssistant for Firefox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Everythings running the same, I guess.

Thanks in advanced

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:57 AM

Posted 08 May 2011 - 07:33 AM

Hi!

Peer to Peer Program
While reviewing your logs I noticed that you currently have Peer to Peer program(s) installed on your computer.

You currently have the following P2P programs installed:
  • Bearshare
Most of the infections that we see today are through P2P file sharing. By uninstalling the programs that I mentioned above you will be doing yourself a favor. It's impossible to trust the source of what is being downloaded from them and a file may or may not be what it appears to be.

Should you decide to keep these programs installed on your computer PLEASE do not use these programs while we are getting your P.C. cleaned up.

How to Uninstall the P2P Programs:

For Vista Users:
  • Click on Start > Control Panel and double click on Programs and Features.
  • Locate Bearshare and click on the Uninstall button to uninstall it.
  • Close Control Panel when done.

PLEASE NOTE: When your uninstalling the P2P Program(s) some questions are worded in various ways to try and deceive you and keep you from uninstalling their Program.



NEXT:



We need to remove a program. To do this please do the following:
For Vista Users:
  • Click on Start > Control Panel and double click on Programs and Features.
  • Locate Google Toolbar for Internet Explorer and click on the Uninstall button to uninstall it.
  • Repeat for MediaBar. & Yontoo Layers Client 1.10.01
  • Close Control Panel when done.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
    FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&systemid=2&q="
    FF - prefs.js..network.proxy.type: 4
    [2010/09/14 07:48:25 | 000,002,506 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\70gpl1to.default\searchplugins\BearShareWebSearch.xml
    [2010/09/14 07:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
    O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{26690e31-d046-11de-922f-00146ce863fb}\Shell - "" = AutoRun
    O33 - MountPoints2\{26690e31-d046-11de-922f-00146ce863fb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
    O33 - MountPoints2\{2dcb1785-c712-11de-979c-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{2dcb1785-c712-11de-979c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe
    O33 - MountPoints2\{d4dfd082-fcce-11df-91cd-00146ce863fb}\Shell - "" = AutoRun
    O33 - MountPoints2\{d4dfd082-fcce-11df-91cd-00146ce863fb}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1999/05/29 03:08:54 | 000,082,432 | R--- | M] ()
    [2011/04/20 16:36:55 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\{A98B4E6F-AF80-4D7E-9702-200A7CB08D79}
    [2011/04/20 16:35:15 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\079F8EDF9968C979723FA9280D109501
    [2011/04/24 18:33:58 | 000,011,984 | -HS- | M] () -- C:\Users\Joel\AppData\Local\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3
    [2011/04/24 18:33:58 | 000,011,984 | -HS- | M] () -- C:\ProgramData\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3
    [2011/04/24 18:31:46 | 000,011,984 | -HS- | C] () -- C:\Users\Joel\AppData\Local\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3
    [2011/04/24 18:31:46 | 000,011,984 | -HS- | C] () -- C:\ProgramData\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3
    [2011/04/05 18:46:12 | 000,012,858 | -HS- | C] () -- C:\ProgramData\3lhqy33xpt11p
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Nile

Nile
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 08 May 2011 - 09:08 AM

Alright, I had to stop right after the step of uninstalling BearShare. When I try to click Uninstall, a window pops up saying:

[title:Microsoft Windows]
BearShare has stopped working
A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.


Also, please note that Yontoo Layers is also installed.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:57 AM

Posted 08 May 2011 - 09:19 AM

Hi Nile!

Please try to remove BearShare with this tool:

RevoUninstaller
Download and install Revo Uninstaller
  • Double click the Revo Uninstaller icon on your desktop to start the program
  • Scroll through the listed programs and Right Click on the program you wish to uninstall
  • From the pop out menu choose Uninstall
  • Click Yes to the confirmation dialogue
  • In the next window select the Advanced mode
  • Click Next to start uninstalling the program
  • Answer Yes to confirm the uninstall
  • When the program has completed the four steps, click Next to allow the program to search for leftovers
  • Once complete, click Next, then Finish
  • Repeat the above steps for any other programs you wish to remove.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Nile

Nile
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 08 May 2011 - 09:30 AM

I'm at the leftover step, and I'm not sure if I'm supposed to Delete All?

Thanks

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:57 AM

Posted 08 May 2011 - 09:41 AM

Take a screenshot of it for me please.

Please take a screenshot of that window.
  • You can do this by pressing the PrintScreen key.
  • Then go to Start > All Programs > Accessories > Paint
  • In Paint, go up to Edit > Paste
  • Then Go up to File > Save As. Click the drop-down box to change the "Save As Type" to "JPEG", name it what you want, and save it where you want.
  • Then click Reply in this topic.
  • Scroll down to Attachments.
  • Click the Browse button.
  • Locate the file you just saved, click on it, then click Open.
  • Click Upload and submit the reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Nile

Nile
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 08 May 2011 - 09:47 AM

Here you go.

Attached Files



#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:57 AM

Posted 08 May 2011 - 09:56 AM

Please click on Select All and then Delete followed by clicking on Next.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Nile

Nile
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 08 May 2011 - 10:54 AM

Alright, I uninstalled Yontoo Layers and Bearshare.

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:57 AM

Posted 08 May 2011 - 10:57 AM

Okay, please proceed with the rest of my instructions in my previous post.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 Nile

Nile
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 08 May 2011 - 03:23 PM

mbam

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6533

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

5/8/2011 11:29:09 AM
mbam-log-2011-05-08 (11-29-09).txt

Scan type: Quick scan
Objects scanned: 167875
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


otl fix

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Prefs.js: "http://search.bearshare.com/" removed from browser.startup.homepage
Prefs.js: "http://search.bearshare.com/web?src=ffb&systemid=2&q=" removed from keyword.URL
Prefs.js: 4 removed from network.proxy.type
File C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\70gpl1to.default\searchplugins\BearShareWebSearch.xml not found.
File C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found.
File C:\Program Files\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26690e31-d046-11de-922f-00146ce863fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26690e31-d046-11de-922f-00146ce863fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26690e31-d046-11de-922f-00146ce863fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26690e31-d046-11de-922f-00146ce863fb}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dcb1785-c712-11de-979c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dcb1785-c712-11de-979c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dcb1785-c712-11de-979c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dcb1785-c712-11de-979c-806e6f6e6963}\ not found.
File E:\Installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4dfd082-fcce-11df-91cd-00146ce863fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4dfd082-fcce-11df-91cd-00146ce863fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4dfd082-fcce-11df-91cd-00146ce863fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4dfd082-fcce-11df-91cd-00146ce863fb}\ not found.
File move failed. E:\Setup.exe scheduled to be moved on reboot.
Folder C:\Users\Joel\AppData\Local\{A98B4E6F-AF80-4D7E-9702-200A7CB08D79}\ not found.
Folder C:\Users\Joel\AppData\Roaming\079F8EDF9968C979723FA9280D109501\ not found.
File C:\Users\Joel\AppData\Local\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3 not found.
File C:\ProgramData\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3 not found.
File C:\Users\Joel\AppData\Local\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3 not found.
File C:\ProgramData\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3 not found.
File C:\ProgramData\3lhqy33xpt11p not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Joel\Desktop\cmd.bat deleted successfully.
C:\Users\Joel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Joel
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 606342 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Thing
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25481162 bytes
RecycleBin emptied: 44069998 bytes

Total Files Cleaned = 67.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: Joel
->Flash cache emptied: 0 bytes

User: Public

User: Thing

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05082011_110802

Files\Folders moved on Reboot...
File move failed. E:\Setup.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP000000407C6C58A7F1491F35 not found!
File\Folder C:\Windows\temp\TMP0000004148B1831773EA9D24 not found!
File\Folder C:\Windows\temp\TMP000000421FF38E8ABD1B726A not found!
File\Folder C:\Windows\temp\TMP00000043611CDA3C2DEC4556 not found!
File\Folder C:\Windows\temp\TMP000000445EC1BAC1DAC47D23 not found!
File\Folder C:\Windows\temp\TMP000000452423220E807432B4 not found!
File\Folder C:\Windows\temp\TMP0000004607667036AE031263 not found!
File\Folder C:\Windows\temp\TMP00000047FCEBB5AB40E64802 not found!

Registry entries deleted on Reboot...


As for the OTL fix, the computer shut down in the middle of the first time I ran it (the power cord had issues), so I guess it did half the tasks.

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:57 AM

Posted 08 May 2011 - 03:47 PM

Hi!

Thanks for that information.


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 Nile

Nile
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 09 May 2011 - 08:53 PM

eset

C:\_OTL\MovedFiles\05082011_110216\C_Users\Joel\AppData\Roaming\079F8EDF9968C979723FA9280D109501\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application


security check

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.2.152.26
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.16)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
windows defender MpCmdRun.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````


Edited by Nile, 09 May 2011 - 09:25 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users