Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP-Restore Trojan


  • This topic is locked This topic is locked
29 replies to this topic

#1 cp123

cp123

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 19 June 2011 - 11:43 PM

Greetings,

Got inflected by the Windows XP-Restore Trojan 1-week ago. Tried your uninstall guide in removing it ("Remove Windows Restore") as well as methods mentioned below with limited success. Zero Internet connectivity--the access point is OK but I can't connect to the Internet. I need to remove this trojan completely so that I can access the Internet.

I have AVG, Advanced SystemCare, and Spybot installed and updated those programs and Windows regularly (but no updates for the past week as I have no Internet access). I am behind Window's firewall. I was doing research on ipods, iphones and Cydia apps when the trojan slammed me. If I remember correctly, AVG notified me of this trojan and I immediately quarantined it. However, within a short amount of time, the bug started manifesting itself.

What I've done:
The infected PC connects wirelessly to my ADSL router. Since I'm unable to connect to the Internet on that machine, I've had to download anti-malware via an imac to a portable memory stick and then install programs on to the desktop of the infected PC. I initially used rkill.com, Tdsskiller, and unhide.com to stop the worm. I then scanned my computer in safe mode and normal mode with Malwarebyte's anti-malware program as well as SuperAntiSpyware's program. Today I uninstalled AVG and installed Avast Antivirus. I scanned with Avast and found nothing (however could get no virus updates). In conclusion, the worm seems to be stopped but remnants of it are still in my system preventing proper performance and Internet connectivity. I need to get rid of the trojan completely.

I've got an install disc--probably the 1st version of XP since my computer is nearly 8-years old. I'm almost to the point of reformatting/reinstalling XP. I'm hoping you can point me in the right direction without having to do that. To that end, I'm done tinkering with my PC until wiser minds guide me.


DDS.txt LOG:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Christopher Potts at 17:41:02 on 2011-06-19
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/advanced_search?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Pluck Helper: {09af76dd-6988-4664-97d0-362f1011e311} - c:\program files\pluck corporation\pluck\PluckExplorerBar.dll
BHO: Idea2 SidebarBrowserMonitor Class: {45ad732c-2ce2-4666-b366-b2214ad57a49} - c:\program files\desktop sidebar\sbhelp.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll
TB: Pluck Toolbar: {7385d9f8-418b-4e6a-938f-f7596857cb54} - c:\program files\pluck corporation\pluck\PluckExplorerBar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Uniblue ProcessQuickLink 2] "c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe" /autostart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [Internet Explorer] c:\program files\internet explorer\iexplore.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"
uRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [WebDriveTray] c:\program files\webdrive\webdrive.exe /trayicon
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
mRun: [S3TRAY2] S3Tray2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISS_Certtool] c:\progra~1\ibm\security\certtool.exe
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [CTSysVol] c:\program files\creative\usb sbaudigy2 nx\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDet] c:\program files\creative\usb sbaudigy2 nx\dvdaudio\CTDVDDet.EXE
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0ANQAxADcANwA0ADkAMgAxADgALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFQAMwAtAEYAUAA5ACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADEALQBYAE8AOQArADEALQBGADkATQAyACsAMQAtAEMASQBQACsAMgA"&"prod=90"&"ver=9.0.894
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi"
dRunOnce: [supportdir] cmd /c "rmdir /q /s "c:\windows\temp\{DC78AACC-D3E4-4D92-95E8-42AFD802B8DB}""
uPolicies-explorer: MaxRecentDocs = 21 (0x15)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Customize Menu &4 - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Fill Forms &] - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms &[ - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Subscribe in Desktop Sidebar - c:\program files\desktop sidebar\sbhelp.dll/menuhandler.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {670F87A1-88B0-11d4-9030-000021D9C559} - c:\program files\kmt software\high impact email 2.0\HIemail.exe
IE: {C4A67F75-88B2-11d4-9030-000021D9C559} - c:\program files\kmt software\high impact email 2.0\HIemail.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - c:\program files\pluck corporation\pluck\PluckExplorerBar.dll
IE: {09FE188B-6E85-479e-9411-51FB2220DF80} - {45AD732C-2CE2-4666-B366-B2214AD57A49} - c:\program files\desktop sidebar\sbhelp.dll
IE: {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - c:\program files\pluck corporation\pluck\PluckExplorerBar.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43a0-0d85-11d4-9908-00400523e39a} c:\program files\siber systems\ai roboform\roboformcomshowtoolbar.html - c:\program files\siber systems\ai roboform\roboformcomshowtoolbar.html\inprocserver32 does not exist!
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135201556552
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-3.ibm.com/pc/support/IbmEgath.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/67/install/gtdownls.cab
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://www.omnitrader.com/omnitrader/support/ot2006/updater/installer/setup.exe
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: pluck - {A5DD5FEC-8239-4a12-B791-4B6067F85CCC} - c:\program files\pluck corporation\pluck\PluckExplorerBar.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = scecli ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\christopher potts\application data\mozilla\firefox\profiles\zdqk8yxu.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/weather/local/53216?lswe=53216&lwsa=WeatherLocalUndeclared&from=whatwhere
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\opera\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\opera\program\plugins\npgcplug.dll
FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? IS360service;IS360service
R? PCDSRVC{3037D694-FD904ACA-06020101}_1;PCDSRVC{3037D694-FD904ACA-06020101}_1 - PCDR Kernel Mode Service Helper Driver
R? RFNP32;WebDrive
R? sbusb;Sound Blaster USB Audio Driver
R? WinRM;Windows Remote Management (WS-Management)
R? WiselinkPro;SAMSUNG WiselinkPro Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AdvancedSystemCareService;Advanced SystemCare Service
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? GENERICSMB;IBM - Generic SMB Device Controller
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SMBusDH;IBM - SMB Hub Controller
S? SMBusHC;SMBus Host Controller
S? smi;smi
S? TNET1130x;Wireless-G Notebook Adapter v.2.0
S? TPDIGIMN;TPDIGIMN
S? TPPWR;TPPWR
S? WebDriveFSD;WebDrive File System Driver
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
regfile=regedit.exe "%1" %*
scrfile="%1" %*
scrfile="%1" %*
.
=============== Created Last 30 ================
.
2011-06-19 17:29:51 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-19 17:29:24 40112 ----a-w- c:\windows\avastSS.scr
2011-06-19 17:29:09 -------- d-----w- c:\program files\AVAST Software
2011-06-19 17:29:09 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-06-19 15:14:12 -------- d-----w- c:\documents and settings\christopher potts\application data\SUPERAntiSpyware.com
2011-06-19 15:14:12 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-19 15:13:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-12 22:42:50 -------- d-----w- C:\NewKiller
2011-05-30 02:04:31 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-05-30 02:04:31 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2011-05-30 02:01:12 -------- d-----w- c:\program files\Microsoft
2011-05-30 02:01:02 -------- d-----w- c:\program files\MSN Toolbar
2011-05-30 02:00:39 -------- d-----w- c:\program files\Bing Bar Installer
2011-05-30 01:58:30 -------- d-----w- c:\documents and settings\christopher potts\application data\HpUpdate
2011-05-30 01:57:38 527208 ------w- c:\windows\system32\HPDiscoPM5412.dll
2011-05-30 01:57:29 1792872 ----a-w- c:\windows\system32\HPScanMiniDrv_OJ6500_E710nz.dll
2011-05-30 01:57:23 232296 ----a-w- c:\windows\system32\hpinksts5412.dll
2011-05-30 01:57:21 267112 ----a-w- c:\windows\system32\hpinksts5412LM.dll
2011-05-30 01:57:21 213864 ----a-w- c:\windows\system32\hpinkcoi5412.dll
2011-05-30 01:54:36 -------- d-----w- c:\program files\HP
2011-05-30 01:53:26 -------- d-----w- c:\documents and settings\christopher potts\local settings\application data\HP
.
==================== Find3M ====================
.
2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 10:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 07:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2006-10-21 22:14:37 774144 -c----w- c:\program files\RngInterstitial.dll
.
============= FINISH: 17:45:57.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:13 PM

Posted 27 June 2011 - 11:27 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 cp123

cp123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 28 June 2011 - 08:18 PM

Hi ST

Thanks for your help!

I have managed to restore internet connections! Hooray! Turned out that the router had to have a specific broadcast channel rather than an auto-broadcast channel. The trojan messed something up there.

I've downloaded anti-virus and anti-malware updates. Computer is functioning OK but still have folders that are empty.

...

The RkU process is giving me trouble.

When I open the program, I get the message:
Rootkit Unhooker LE
Warning! Windows reports DIFFERENT kernel module detected by RkU hardware scan! However RkU results and work can be compromised!

It ran the Driver scan fine. But then closed near the end of the Stealth Code scan. After a few attempts, I ran the Driver scan alone with success. I then ran the Stealth Code and managed to save a quick report before it closed (obviously missing some data).

Please advise on what I can do to get a full Stealth Code scan. I'll post the OTL results in next response.

BTW...this post was too long. I'll post the Stealth Code results in next post.

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 PnpManager 2328704 bytes
0x804D7000 RAW 2328704 bytes
0x804D7000 C:\WINDOWS\system32\TUKERNEL.EXE 2328704 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 WMIxWDM 2328704 bytes
0xBF0B2000 C:\WINDOWS\System32\ati3duag.dll 2310144 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9922000 C:\WINDOWS\System32\DRIVERS\AGRSM.sys 1200128 bytes (Agere Systems, SoftModem Device Driver)
0xB9CA7000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1200128 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF2E6000 C:\WINDOWS\System32\ativvaxx.dll 606208 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB9AA6000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB6554000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xB9B74000 C:\WINDOWS\System32\DRIVERS\ar5211.sys 475136 bytes (Atheros Communications, Inc., Driver for Atheros AR5001 Wireless Network Adapter)
0xB644A000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xB73A5000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9C10000 C:\WINDOWS\system32\DRIVERS\tnet1130x.sys 389120 bytes (Cisco-Linksys LLC., WPC54Gv2)
0xB981C000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB752C000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB64BA000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0xBF37A000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB3A14000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 245760 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xB2B67000 C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys 233472 bytes
0xB74CC000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xBF04E000 C:\WINDOWS\System32\ati2cqag.dll 204800 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF080000 C:\WINDOWS\System32\atikvmag.dll 204800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB987A000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7416000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9B48000 C:\WINDOWS\System32\DRIVERS\SynTP.sys 180224 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB2A9C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB743D000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9BE8000 C:\WINDOWS\System32\DRIVERS\e1000325.sys 163840 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xB7504000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB737F000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9A82000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9C6F000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9A5F000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB74AA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB7468000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF7482000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74BA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7879000 Apsx86.sys 122880 bytes (Lenovo., Shockproof Disk Driver)
0xF74D9000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF785F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9A47000 C:\WINDOWS\system32\drivers\aeaudio.sys 98304 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF74A2000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB41E3000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB3EA8000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF7443000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB990B000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB41FB000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB41CD000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF745A000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xB4027000 C:\WINDOWS\System32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xB3CB3000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9B34000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9C93000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x80710000 ACPI_HAL 81152 bytes
0x80710000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7585000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7470000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB98FA000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB3823000 C:\Program Files\WebDrive\rffsd.sys 69632 bytes
0xBA3E2000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA3D2000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA382000 C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys 61440 bytes (Funk Software, Inc., Odyssey Intermediate Driver)
0xB40BD000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF76E7000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7637000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA3F2000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA3C2000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA6EF000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xBA3A2000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7647000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xBA72F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA3B2000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7537000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF74F7000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF76B7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7677000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB2EF8000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA6FF000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA402000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA71F000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)
0xBA392000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7527000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA70F000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF771F000 ApsHM86.sys 32768 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0xB98E2000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xF773F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF77B7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77E7000 C:\WINDOWS\System32\drivers\Smapint.sys 32768 bytes (Microsoft Corporation, SMAPI I/O)
0xF7767000 C:\WINDOWS\System32\DRIVERS\smbushc.sys 32768 bytes (International Business Machines Corp., SMB Host Controller driver for Windows 9x/2K®)
0xF77CF000 C:\WINDOWS\System32\drivers\Tppwr.sys 32768 bytes (IBM Corp., IBM ThinkPad Power Management Device Driver)
0xB98F2000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77FF000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB75C8000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7817000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF779F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB98EA000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xF781F000 C:\WINDOWS\System32\DRIVERS\nscirda.sys 28672 bytes (National Semiconductor Corporation, NSC Fast Infrared Driver.)
0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB98D2000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7797000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF7807000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF780F000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF776F000 C:\WINDOWS\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver)
0xB98C2000 C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys 24576 bytes (IObit.com, Registry Filter)
0xF77EF000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF77DF000 C:\WINDOWS\System32\drivers\TDSMAPI.SYS 24576 bytes
0xF77C7000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS 24576 bytes
0xF77F7000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF77A7000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB75C0000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF77BF000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF7737000 C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys 20480 bytes (Lenovo., ThinkPad Power Management Driver)
0xF77AF000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7757000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7717000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7747000 C:\WINDOWS\System32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF775F000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF774F000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77D7000 C:\WINDOWS\System32\Drivers\TPHKDRV.SYS 20480 bytes (IBM Corporation, ThinkPad Hotkey Driver)
0xB98B2000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA687000 C:\WINDOWS\system32\drivers\AtmelTpm.sys 16384 bytes (Atmel, Inc., Atmel TPM Driver)
0xF789F000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA764000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB42A9000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9804000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA7C4000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB4229000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB3A65000 C:\WINDOWS\system32\drivers\PfModNT.sys 16384 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xBA770000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF78A3000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xB97EC000 C:\WINDOWS\System32\drivers\ANC.SYS 12288 bytes (IBM Corp., IBM Access Connections - ANC)
0xF78B3000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB7435000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9810000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA7AC000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA76C000 C:\WINDOWS\System32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xB9800000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA69F000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA7A0000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB9814000 C:\WINDOWS\System32\DRIVERS\smbgen.sys 12288 bytes (International Business Machines Corp., SMBus Generic Device driver for Windows 9x/2K®)
0xBA143000 C:\WINDOWS\System32\DRIVERS\smbusdh.sys 12288 bytes (International Business Machines Corp., SMB Device Hub Controller driver for Windows 9x/2K®)
0xBA774000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xB2D74000 C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys 12288 bytes (IObit.com, URL Filter)
0xF79BB000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79B7000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xB6433000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7993000 C:\WINDOWS\SYSTEM32\EGATHDRV.SYS 8192 bytes (IBM Corporation, IBM eGatherer Kernel Module)
0xF79B9000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF79C1000 C:\WINDOWS\system32\Drivers\IBMBLDID.sys 8192 bytes
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79BD000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB6431000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79BF000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79AD000 C:\WINDOWS\System32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF79AF000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79AB000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A7E000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA29B000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7AAF000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB9E6E000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A50000 C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7AA1000 C:\WINDOWS\system32\drivers\smi.sys 4096 bytes (PHD Computer Consultants Ltd, PHDIo)

#4 cp123

cp123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 28 June 2011 - 08:21 PM

This post was also too long. So I cut about helf of the report out.

Make that 3/4's I cut....



RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
0x8055A220 Faked ServiceTable-->services.exe [ ETHREAD 0x8A0D3830 ] TID: 276, 393592 bytes
Masqueraded service-->NtAcceptConnectPort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAccessCheck [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAccessCheckAndAuditAlarm [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAccessCheckByType [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAccessCheckByTypeAndAuditAlarm [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAccessCheckByTypeResultList [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarm [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarmByHandle [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAddAtom [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAddBootEntry [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAdjustGroupsToken [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAdjustPrivilegesToken [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAlertResumeThread [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAlertThread [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAllocateLocallyUniqueId [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAllocateUserPhysicalPages [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAllocateUuids [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAllocateVirtualMemory [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAreMappedFilesTheSame [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtAssignProcessToJobObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCallbackReturn [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCancelDeviceWakeupRequest [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCancelIoFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCancelTimer [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtClearEvent [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtClose [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCloseObjectAuditAlarm [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCompactKeys [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCompareTokens [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCompleteConnectPort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCompressKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtConnectPort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtContinue [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateDebugObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateDirectoryObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateEvent [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateEventPair [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateIoCompletion [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateJobObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateJobSet [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateMailslotFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateMutant [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateNamedPipeFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreatePagingFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreatePort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateProcess [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateProcessEx [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateProfile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateSection [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateSemaphore [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateSymbolicLinkObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateThread [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateTimer [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateToken [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateWaitablePort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtDebugActiveProcess [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtDebugContinue [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtDelayExecution [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtDeleteAtom [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtDeleteBootEntry [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtDeleteFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtDeleteKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtDeleteObjectAuditAlarm [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtDeleteValueKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtDeviceIoControlFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtDisplayString [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtDuplicateObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtDuplicateToken [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtEnumerateBootEntries [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtEnumerateKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtEnumerateSystemEnvironmentValuesEx [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtEnumerateValueKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtExtendSection [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtFilterToken [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtFindAtom [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtFlushBuffersFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtFlushInstructionCache [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtFlushKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtFlushVirtualMemory [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtFlushWriteBuffer [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtFreeUserPhysicalPages [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtFreeVirtualMemory [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtFsControlFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtGetContextThread [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtGetDevicePowerState [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtGetPlugPlayEvent [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtGetWriteWatch [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtImpersonateAnonymousToken [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtImpersonateClientOfPort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtImpersonateThread [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtInitializeRegistry [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtInitiatePowerAction [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtIsProcessInJob [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtIsSystemResumeAutomatic [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtListenPort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtLoadDriver [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtLoadKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtLoadKey2 [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtLockFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtLockProductActivationKeys [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtLockRegistryKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtLockVirtualMemory [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtMakePermanentObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtMakeTemporaryObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtMapUserPhysicalPages [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtMapUserPhysicalPagesScatter [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtMapViewOfSection [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtModifyBootEntry [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtNotifyChangeDirectoryFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtNotifyChangeKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtNotifyChangeMultipleKeys [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenDirectoryObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenEvent [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenEventPair [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenIoCompletion [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenJobObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenMutant [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenObjectAuditAlarm [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenProcess [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenProcessToken [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenProcessTokenEx [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenSection [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenSemaphore [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenSymbolicLinkObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenThread [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenThreadToken [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenThreadTokenEx [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenTimer [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtPlugPlayControl [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtPowerInformation [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtPrivilegeCheck [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtPrivilegeObjectAuditAlarm [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtPrivilegedServiceAuditAlarm [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtProtectVirtualMemory [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtPulseEvent [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryAttributesFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryBootEntryOrder [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryBootOptions [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryDebugFilterState [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryDefaultLocale [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryDefaultUILanguage [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryDirectoryFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryDirectoryObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryEaFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryEvent [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryFullAttributesFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryInformationAtom [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryInformationFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryInformationJobObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryInformationPort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryInformationProcess [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryInformationThread [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryInformationToken [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryInstallUILanguage [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryIntervalProfile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryIoCompletion [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryMultipleValueKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryMutant [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryOpenSubKeys [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryPerformanceCounter [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryQuotaInformationFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQuerySection [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQuerySecurityObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQuerySemaphore [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQuerySymbolicLinkObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQuerySystemEnvironmentValue [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQuerySystemEnvironmentValueEx [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQuerySystemInformation [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQuerySystemTime [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryTimer [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryTimerResolution [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryValueKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryVirtualMemory [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryVolumeInformationFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueueApcThread [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtRaiseException [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtRaiseHardError [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtReadFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtReadFileScatter [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtReadRequestData [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtReadVirtualMemory [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtRegisterThreadTerminatePort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtReleaseMutant [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtReleaseSemaphore [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtRemoveIoCompletion [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtRemoveProcessDebug [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtRenameKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtReplaceKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtReplyPort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtReplyWaitReceivePort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtReplyWaitReceivePortEx [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtReplyWaitReplyPort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtRequestDeviceWakeup [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtRequestPort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtRequestWaitReplyPort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtRequestWakeupLatency [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtResetEvent [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtResetWriteWatch [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtRestoreKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtResumeProcess [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtResumeThread [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSaveKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSaveKeyEx [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSaveMergedKeys [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSecureConnectPort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetBootEntryOrder [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetBootOptions [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetContextThread [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetDebugFilterState [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetDefaultHardErrorPort [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetDefaultLocale [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetDefaultUILanguage [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetEaFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetEvent [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetEventBoostPriority [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetHighEventPair [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetHighWaitLowEventPair [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetInformationDebugObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetInformationFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetInformationJobObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetInformationKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetInformationObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetInformationProcess [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetInformationThread [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetInformationToken [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetIntervalProfile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetIoCompletion [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetLdtEntries [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetLowEventPair [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetLowWaitHighEventPair [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetQuotaInformationFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetSecurityObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetSystemEnvironmentValue [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetSystemEnvironmentValueEx [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetSystemInformation [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetSystemPowerState [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetSystemTime [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetThreadExecutionState [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetTimer [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetTimerResolution [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetUuidSeed [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetValueKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSetVolumeInformationFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtShutdownSystem [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSignalAndWaitForSingleObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtStartProfile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtStopProfile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSuspendProcess [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSuspendThread [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtSystemDebugControl [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtTerminateJobObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtTerminateProcess [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtTerminateThread [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtTestAlert [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtTraceEvent [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtTranslateFilePath [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtUnloadDriver [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtUnloadKey [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtUnloadKeyEx [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtUnlockFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtUnlockVirtualMemory [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtUnmapViewOfSection [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtVdmControl [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtWaitForDebugEvent [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtWaitForMultipleObjects [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtWaitForSingleObject [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtWaitHighEventPair [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtWaitLowEventPair [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtWriteFile [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtWriteFileGather [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtWriteRequestData [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtWriteVirtualMemory [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtYieldExecution [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtCreateKeyedEvent [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtOpenKeyedEvent [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtReleaseKeyedEvent [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtWaitForKeyedEvent [ ETHREAD 0x8A0D3830 ] TID: 276
Masqueraded service-->NtQueryPortInformationProcess [ ETHREAD 0x8A0D3830 ] TID: 276
0x8055A220 Faked ServiceTable-->svchost.exe [ ETHREAD 0x895B2460 ] TID: 288, 393592 bytes
Masqueraded service-->NtAcceptConnectPort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAccessCheck [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAccessCheckAndAuditAlarm [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAccessCheckByType [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAccessCheckByTypeAndAuditAlarm [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAccessCheckByTypeResultList [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarm [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarmByHandle [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAddAtom [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAddBootEntry [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAdjustGroupsToken [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAdjustPrivilegesToken [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAlertResumeThread [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAlertThread [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAllocateLocallyUniqueId [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAllocateUserPhysicalPages [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAllocateUuids [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAllocateVirtualMemory [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAreMappedFilesTheSame [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtAssignProcessToJobObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCallbackReturn [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCancelDeviceWakeupRequest [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCancelIoFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCancelTimer [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtClearEvent [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtClose [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCloseObjectAuditAlarm [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCompactKeys [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCompareTokens [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCompleteConnectPort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCompressKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtConnectPort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtContinue [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateDebugObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateDirectoryObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateEvent [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateEventPair [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateIoCompletion [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateJobObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateJobSet [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateMailslotFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateMutant [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateNamedPipeFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreatePagingFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreatePort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateProcess [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateProcessEx [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateProfile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateSection [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateSemaphore [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateSymbolicLinkObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateThread [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateTimer [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateToken [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateWaitablePort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtDebugActiveProcess [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtDebugContinue [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtDelayExecution [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtDeleteAtom [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtDeleteBootEntry [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtDeleteFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtDeleteKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtDeleteObjectAuditAlarm [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtDeleteValueKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtDeviceIoControlFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtDisplayString [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtDuplicateObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtDuplicateToken [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtEnumerateBootEntries [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtEnumerateKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtEnumerateSystemEnvironmentValuesEx [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtEnumerateValueKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtExtendSection [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtFilterToken [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtFindAtom [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtFlushBuffersFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtFlushInstructionCache [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtFlushKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtFlushVirtualMemory [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtFlushWriteBuffer [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtFreeUserPhysicalPages [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtFreeVirtualMemory [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtFsControlFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtGetContextThread [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtGetDevicePowerState [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtGetPlugPlayEvent [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtGetWriteWatch [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtImpersonateAnonymousToken [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtImpersonateClientOfPort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtImpersonateThread [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtInitializeRegistry [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtInitiatePowerAction [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtIsProcessInJob [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtIsSystemResumeAutomatic [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtListenPort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtLoadDriver [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtLoadKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtLoadKey2 [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtLockFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtLockProductActivationKeys [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtLockRegistryKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtLockVirtualMemory [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtMakePermanentObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtMakeTemporaryObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtMapUserPhysicalPages [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtMapUserPhysicalPagesScatter [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtMapViewOfSection [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtModifyBootEntry [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtNotifyChangeDirectoryFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtNotifyChangeKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtNotifyChangeMultipleKeys [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenDirectoryObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenEvent [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenEventPair [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenIoCompletion [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenJobObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenMutant [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenObjectAuditAlarm [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenProcess [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenProcessToken [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenProcessTokenEx [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenSection [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenSemaphore [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenSymbolicLinkObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenThread [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenThreadToken [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenThreadTokenEx [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenTimer [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtPlugPlayControl [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtPowerInformation [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtPrivilegeCheck [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtPrivilegeObjectAuditAlarm [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtPrivilegedServiceAuditAlarm [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtProtectVirtualMemory [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtPulseEvent [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryAttributesFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryBootEntryOrder [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryBootOptions [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryDebugFilterState [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryDefaultLocale [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryDefaultUILanguage [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryDirectoryFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryDirectoryObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryEaFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryEvent [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryFullAttributesFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryInformationAtom [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryInformationFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryInformationJobObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryInformationPort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryInformationProcess [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryInformationThread [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryInformationToken [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryInstallUILanguage [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryIntervalProfile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryIoCompletion [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryMultipleValueKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryMutant [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryOpenSubKeys [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryPerformanceCounter [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryQuotaInformationFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQuerySection [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQuerySecurityObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQuerySemaphore [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQuerySymbolicLinkObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQuerySystemEnvironmentValue [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQuerySystemEnvironmentValueEx [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQuerySystemInformation [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQuerySystemTime [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryTimer [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryTimerResolution [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryValueKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryVirtualMemory [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryVolumeInformationFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueueApcThread [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtRaiseException [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtRaiseHardError [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtReadFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtReadFileScatter [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtReadRequestData [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtReadVirtualMemory [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtRegisterThreadTerminatePort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtReleaseMutant [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtReleaseSemaphore [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtRemoveIoCompletion [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtRemoveProcessDebug [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtRenameKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtReplaceKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtReplyPort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtReplyWaitReceivePort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtReplyWaitReceivePortEx [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtReplyWaitReplyPort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtRequestDeviceWakeup [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtRequestPort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtRequestWaitReplyPort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtRequestWakeupLatency [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtResetEvent [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtResetWriteWatch [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtRestoreKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtResumeProcess [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtResumeThread [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSaveKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSaveKeyEx [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSaveMergedKeys [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSecureConnectPort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetBootEntryOrder [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetBootOptions [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetContextThread [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetDebugFilterState [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetDefaultHardErrorPort [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetDefaultLocale [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetDefaultUILanguage [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetEaFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetEvent [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetEventBoostPriority [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetHighEventPair [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetHighWaitLowEventPair [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetInformationDebugObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetInformationFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetInformationJobObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetInformationKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetInformationObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetInformationProcess [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetInformationThread [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetInformationToken [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetIntervalProfile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetIoCompletion [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetLdtEntries [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetLowEventPair [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetLowWaitHighEventPair [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetQuotaInformationFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetSecurityObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetSystemEnvironmentValue [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetSystemEnvironmentValueEx [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetSystemInformation [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetSystemPowerState [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetSystemTime [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetThreadExecutionState [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetTimer [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetTimerResolution [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetUuidSeed [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetValueKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSetVolumeInformationFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtShutdownSystem [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSignalAndWaitForSingleObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtStartProfile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtStopProfile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSuspendProcess [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSuspendThread [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtSystemDebugControl [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtTerminateJobObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtTerminateProcess [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtTerminateThread [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtTestAlert [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtTraceEvent [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtTranslateFilePath [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtUnloadDriver [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtUnloadKey [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtUnloadKeyEx [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtUnlockFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtUnlockVirtualMemory [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtUnmapViewOfSection [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtVdmControl [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtWaitForDebugEvent [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtWaitForMultipleObjects [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtWaitForSingleObject [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtWaitHighEventPair [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtWaitLowEventPair [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtWriteFile [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtWriteFileGather [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtWriteRequestData [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtWriteVirtualMemory [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtYieldExecution [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtCreateKeyedEvent [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtOpenKeyedEvent [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtReleaseKeyedEvent [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtWaitForKeyedEvent [ ETHREAD 0x895B2460 ] TID: 288
Masqueraded service-->NtQueryPortInformationProcess [ ETHREAD 0x895B2460 ] TID: 288
0x8055A220 Faked ServiceTable-->svchost.exe [ ETHREAD 0x895B4B38 ] TID: 292, 393592 bytes
Masqueraded service-->NtAcceptConnectPort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAccessCheck [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAccessCheckAndAuditAlarm [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAccessCheckByType [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAccessCheckByTypeAndAuditAlarm [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAccessCheckByTypeResultList [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarm [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarmByHandle [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAddAtom [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAddBootEntry [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAdjustGroupsToken [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAdjustPrivilegesToken [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAlertResumeThread [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAlertThread [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAllocateLocallyUniqueId [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAllocateUserPhysicalPages [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAllocateUuids [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAllocateVirtualMemory [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAreMappedFilesTheSame [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtAssignProcessToJobObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCallbackReturn [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCancelDeviceWakeupRequest [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCancelIoFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCancelTimer [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtClearEvent [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtClose [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCloseObjectAuditAlarm [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCompactKeys [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCompareTokens [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCompleteConnectPort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCompressKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtConnectPort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtContinue [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateDebugObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateDirectoryObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateEvent [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateEventPair [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateIoCompletion [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateJobObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateJobSet [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateMailslotFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateMutant [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateNamedPipeFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreatePagingFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreatePort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateProcess [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateProcessEx [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateProfile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateSection [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateSemaphore [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateSymbolicLinkObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateThread [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateTimer [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateToken [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateWaitablePort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtDebugActiveProcess [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtDebugContinue [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtDelayExecution [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtDeleteAtom [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtDeleteBootEntry [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtDeleteFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtDeleteKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtDeleteObjectAuditAlarm [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtDeleteValueKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtDeviceIoControlFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtDisplayString [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtDuplicateObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtDuplicateToken [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtEnumerateBootEntries [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtEnumerateKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtEnumerateSystemEnvironmentValuesEx [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtEnumerateValueKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtExtendSection [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtFilterToken [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtFindAtom [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtFlushBuffersFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtFlushInstructionCache [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtFlushKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtFlushVirtualMemory [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtFlushWriteBuffer [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtFreeUserPhysicalPages [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtFreeVirtualMemory [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtFsControlFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtGetContextThread [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtGetDevicePowerState [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtGetPlugPlayEvent [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtGetWriteWatch [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtImpersonateAnonymousToken [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtImpersonateClientOfPort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtImpersonateThread [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtInitializeRegistry [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtInitiatePowerAction [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtIsProcessInJob [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtIsSystemResumeAutomatic [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtListenPort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtLoadDriver [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtLoadKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtLoadKey2 [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtLockFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtLockProductActivationKeys [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtLockRegistryKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtLockVirtualMemory [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtMakePermanentObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtMakeTemporaryObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtMapUserPhysicalPages [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtMapUserPhysicalPagesScatter [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtMapViewOfSection [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtModifyBootEntry [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtNotifyChangeDirectoryFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtNotifyChangeKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtNotifyChangeMultipleKeys [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenDirectoryObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenEvent [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenEventPair [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenIoCompletion [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenJobObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenMutant [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenObjectAuditAlarm [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenProcess [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenProcessToken [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenProcessTokenEx [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenSection [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenSemaphore [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenSymbolicLinkObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenThread [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenThreadToken [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenThreadTokenEx [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenTimer [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtPlugPlayControl [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtPowerInformation [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtPrivilegeCheck [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtPrivilegeObjectAuditAlarm [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtPrivilegedServiceAuditAlarm [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtProtectVirtualMemory [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtPulseEvent [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryAttributesFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryBootEntryOrder [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryBootOptions [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryDebugFilterState [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryDefaultLocale [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryDefaultUILanguage [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryDirectoryFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryDirectoryObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryEaFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryEvent [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryFullAttributesFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryInformationAtom [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryInformationFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryInformationJobObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryInformationPort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryInformationProcess [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryInformationThread [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryInformationToken [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryInstallUILanguage [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryIntervalProfile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryIoCompletion [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryMultipleValueKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryMutant [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryOpenSubKeys [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryPerformanceCounter [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryQuotaInformationFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQuerySection [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQuerySecurityObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQuerySemaphore [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQuerySymbolicLinkObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQuerySystemEnvironmentValue [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQuerySystemEnvironmentValueEx [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQuerySystemInformation [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQuerySystemTime [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryTimer [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryTimerResolution [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryValueKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryVirtualMemory [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryVolumeInformationFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueueApcThread [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtRaiseException [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtRaiseHardError [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtReadFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtReadFileScatter [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtReadRequestData [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtReadVirtualMemory [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtRegisterThreadTerminatePort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtReleaseMutant [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtReleaseSemaphore [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtRemoveIoCompletion [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtRemoveProcessDebug [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtRenameKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtReplaceKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtReplyPort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtReplyWaitReceivePort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtReplyWaitReceivePortEx [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtReplyWaitReplyPort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtRequestDeviceWakeup [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtRequestPort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtRequestWaitReplyPort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtRequestWakeupLatency [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtResetEvent [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtResetWriteWatch [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtRestoreKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtResumeProcess [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtResumeThread [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSaveKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSaveKeyEx [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSaveMergedKeys [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSecureConnectPort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetBootEntryOrder [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetBootOptions [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetContextThread [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetDebugFilterState [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetDefaultHardErrorPort [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetDefaultLocale [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetDefaultUILanguage [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetEaFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetEvent [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetEventBoostPriority [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetHighEventPair [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetHighWaitLowEventPair [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetInformationDebugObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetInformationFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetInformationJobObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetInformationKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetInformationObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetInformationProcess [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetInformationThread [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetInformationToken [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetIntervalProfile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetIoCompletion [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetLdtEntries [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetLowEventPair [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetLowWaitHighEventPair [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetQuotaInformationFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetSecurityObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetSystemEnvironmentValue [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetSystemEnvironmentValueEx [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetSystemInformation [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetSystemPowerState [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetSystemTime [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetThreadExecutionState [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetTimer [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetTimerResolution [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetUuidSeed [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetValueKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSetVolumeInformationFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtShutdownSystem [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSignalAndWaitForSingleObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtStartProfile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtStopProfile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSuspendProcess [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSuspendThread [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtSystemDebugControl [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtTerminateJobObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtTerminateProcess [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtTerminateThread [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtTestAlert [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtTraceEvent [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtTranslateFilePath [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtUnloadDriver [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtUnloadKey [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtUnloadKeyEx [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtUnlockFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtUnlockVirtualMemory [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtUnmapViewOfSection [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtVdmControl [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtWaitForDebugEvent [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtWaitForMultipleObjects [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtWaitForSingleObject [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtWaitHighEventPair [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtWaitLowEventPair [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtWriteFile [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtWriteFileGather [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtWriteRequestData [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtWriteVirtualMemory [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtYieldExecution [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtCreateKeyedEvent [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtOpenKeyedEvent [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtReleaseKeyedEvent [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtWaitForKeyedEvent [ ETHREAD 0x895B4B38 ] TID: 292
Masqueraded service-->NtQueryPortInformationProcess [ ETHREAD 0x895B4B38 ] TID: 292
0x8055A220 Faked ServiceTable-->svchost.exe [ ETHREAD 0x895B48C0 ] TID: 296, 393592 bytes
Masqueraded service-->NtAcceptConnectPort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAccessCheck [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAccessCheckAndAuditAlarm [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAccessCheckByType [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAccessCheckByTypeAndAuditAlarm [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAccessCheckByTypeResultList [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarm [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarmByHandle [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAddAtom [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAddBootEntry [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAdjustGroupsToken [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAdjustPrivilegesToken [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAlertResumeThread [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAlertThread [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAllocateLocallyUniqueId [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAllocateUserPhysicalPages [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAllocateUuids [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAllocateVirtualMemory [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAreMappedFilesTheSame [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtAssignProcessToJobObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCallbackReturn [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCancelDeviceWakeupRequest [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCancelIoFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCancelTimer [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtClearEvent [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtClose [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCloseObjectAuditAlarm [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCompactKeys [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCompareTokens [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCompleteConnectPort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCompressKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtConnectPort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtContinue [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateDebugObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateDirectoryObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateEvent [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateEventPair [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateIoCompletion [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateJobObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateJobSet [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateMailslotFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateMutant [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateNamedPipeFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreatePagingFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreatePort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateProcess [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateProcessEx [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateProfile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateSection [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateSemaphore [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateSymbolicLinkObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateThread [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateTimer [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateToken [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateWaitablePort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtDebugActiveProcess [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtDebugContinue [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtDelayExecution [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtDeleteAtom [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtDeleteBootEntry [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtDeleteFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtDeleteKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtDeleteObjectAuditAlarm [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtDeleteValueKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtDeviceIoControlFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtDisplayString [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtDuplicateObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtDuplicateToken [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtEnumerateBootEntries [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtEnumerateKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtEnumerateSystemEnvironmentValuesEx [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtEnumerateValueKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtExtendSection [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtFilterToken [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtFindAtom [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtFlushBuffersFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtFlushInstructionCache [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtFlushKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtFlushVirtualMemory [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtFlushWriteBuffer [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtFreeUserPhysicalPages [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtFreeVirtualMemory [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtFsControlFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtGetContextThread [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtGetDevicePowerState [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtGetPlugPlayEvent [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtGetWriteWatch [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtImpersonateAnonymousToken [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtImpersonateClientOfPort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtImpersonateThread [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtInitializeRegistry [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtInitiatePowerAction [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtIsProcessInJob [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtIsSystemResumeAutomatic [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtListenPort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtLoadDriver [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtLoadKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtLoadKey2 [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtLockFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtLockProductActivationKeys [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtLockRegistryKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtLockVirtualMemory [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtMakePermanentObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtMakeTemporaryObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtMapUserPhysicalPages [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtMapUserPhysicalPagesScatter [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtMapViewOfSection [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtModifyBootEntry [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtNotifyChangeDirectoryFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtNotifyChangeKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtNotifyChangeMultipleKeys [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenDirectoryObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenEvent [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenEventPair [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenIoCompletion [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenJobObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenMutant [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenObjectAuditAlarm [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenProcess [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenProcessToken [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenProcessTokenEx [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenSection [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenSemaphore [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenSymbolicLinkObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenThread [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenThreadToken [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenThreadTokenEx [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenTimer [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtPlugPlayControl [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtPowerInformation [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtPrivilegeCheck [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtPrivilegeObjectAuditAlarm [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtPrivilegedServiceAuditAlarm [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtProtectVirtualMemory [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtPulseEvent [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryAttributesFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryBootEntryOrder [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryBootOptions [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryDebugFilterState [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryDefaultLocale [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryDefaultUILanguage [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryDirectoryFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryDirectoryObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryEaFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryEvent [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryFullAttributesFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryInformationAtom [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryInformationFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryInformationJobObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryInformationPort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryInformationProcess [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryInformationThread [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryInformationToken [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryInstallUILanguage [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryIntervalProfile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryIoCompletion [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryMultipleValueKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryMutant [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryOpenSubKeys [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryPerformanceCounter [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryQuotaInformationFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQuerySection [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQuerySecurityObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQuerySemaphore [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQuerySymbolicLinkObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQuerySystemEnvironmentValue [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQuerySystemEnvironmentValueEx [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQuerySystemInformation [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQuerySystemTime [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryTimer [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryTimerResolution [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryValueKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryVirtualMemory [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryVolumeInformationFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueueApcThread [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtRaiseException [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtRaiseHardError [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtReadFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtReadFileScatter [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtReadRequestData [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtReadVirtualMemory [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtRegisterThreadTerminatePort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtReleaseMutant [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtReleaseSemaphore [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtRemoveIoCompletion [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtRemoveProcessDebug [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtRenameKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtReplaceKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtReplyPort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtReplyWaitReceivePort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtReplyWaitReceivePortEx [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtReplyWaitReplyPort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtRequestDeviceWakeup [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtRequestPort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtRequestWaitReplyPort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtRequestWakeupLatency [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtResetEvent [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtResetWriteWatch [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtRestoreKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtResumeProcess [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtResumeThread [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSaveKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSaveKeyEx [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSaveMergedKeys [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSecureConnectPort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetBootEntryOrder [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetBootOptions [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetContextThread [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetDebugFilterState [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetDefaultHardErrorPort [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetDefaultLocale [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetDefaultUILanguage [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetEaFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetEvent [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetEventBoostPriority [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetHighEventPair [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetHighWaitLowEventPair [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetInformationDebugObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetInformationFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetInformationJobObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetInformationKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetInformationObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetInformationProcess [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetInformationThread [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetInformationToken [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetIntervalProfile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetIoCompletion [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetLdtEntries [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetLowEventPair [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetLowWaitHighEventPair [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetQuotaInformationFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetSecurityObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetSystemEnvironmentValue [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetSystemEnvironmentValueEx [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetSystemInformation [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetSystemPowerState [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetSystemTime [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetThreadExecutionState [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetTimer [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetTimerResolution [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetUuidSeed [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetValueKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSetVolumeInformationFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtShutdownSystem [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSignalAndWaitForSingleObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtStartProfile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtStopProfile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSuspendProcess [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSuspendThread [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtSystemDebugControl [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtTerminateJobObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtTerminateProcess [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtTerminateThread [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtTestAlert [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtTraceEvent [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtTranslateFilePath [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtUnloadDriver [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtUnloadKey [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtUnloadKeyEx [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtUnlockFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtUnlockVirtualMemory [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtUnmapViewOfSection [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtVdmControl [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtWaitForDebugEvent [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtWaitForMultipleObjects [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtWaitForSingleObject [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtWaitHighEventPair [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtWaitLowEventPair [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtWriteFile [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtWriteFileGather [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtWriteRequestData [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtWriteVirtualMemory [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtYieldExecution [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtCreateKeyedEvent [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtOpenKeyedEvent [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtReleaseKeyedEvent [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtWaitForKeyedEvent [ ETHREAD 0x895B48C0 ] TID: 296
Masqueraded service-->NtQueryPortInformationProcess [ ETHREAD 0x895B48C0 ] TID: 296
0x8055A220 Faked ServiceTable-->svchost.exe [ ETHREAD 0x895B4648 ] TID: 300, 393592 bytes
Masqueraded service-->NtAcceptConnectPort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAccessCheck [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAccessCheckAndAuditAlarm [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAccessCheckByType [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAccessCheckByTypeAndAuditAlarm [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAccessCheckByTypeResultList [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarm [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarmByHandle [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAddAtom [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAddBootEntry [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAdjustGroupsToken [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAdjustPrivilegesToken [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAlertResumeThread [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAlertThread [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAllocateLocallyUniqueId [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAllocateUserPhysicalPages [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAllocateUuids [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAllocateVirtualMemory [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAreMappedFilesTheSame [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtAssignProcessToJobObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCallbackReturn [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCancelDeviceWakeupRequest [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCancelIoFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCancelTimer [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtClearEvent [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtClose [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCloseObjectAuditAlarm [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCompactKeys [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCompareTokens [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCompleteConnectPort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCompressKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtConnectPort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtContinue [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateDebugObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateDirectoryObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateEvent [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateEventPair [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateIoCompletion [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateJobObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateJobSet [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateMailslotFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateMutant [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateNamedPipeFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreatePagingFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreatePort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateProcess [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateProcessEx [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateProfile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateSection [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateSemaphore [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateSymbolicLinkObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateThread [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateTimer [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateToken [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateWaitablePort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtDebugActiveProcess [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtDebugContinue [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtDelayExecution [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtDeleteAtom [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtDeleteBootEntry [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtDeleteFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtDeleteKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtDeleteObjectAuditAlarm [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtDeleteValueKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtDeviceIoControlFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtDisplayString [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtDuplicateObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtDuplicateToken [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtEnumerateBootEntries [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtEnumerateKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtEnumerateSystemEnvironmentValuesEx [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtEnumerateValueKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtExtendSection [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtFilterToken [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtFindAtom [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtFlushBuffersFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtFlushInstructionCache [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtFlushKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtFlushVirtualMemory [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtFlushWriteBuffer [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtFreeUserPhysicalPages [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtFreeVirtualMemory [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtFsControlFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtGetContextThread [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtGetDevicePowerState [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtGetPlugPlayEvent [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtGetWriteWatch [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtImpersonateAnonymousToken [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtImpersonateClientOfPort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtImpersonateThread [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtInitializeRegistry [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtInitiatePowerAction [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtIsProcessInJob [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtIsSystemResumeAutomatic [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtListenPort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtLoadDriver [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtLoadKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtLoadKey2 [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtLockFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtLockProductActivationKeys [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtLockRegistryKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtLockVirtualMemory [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtMakePermanentObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtMakeTemporaryObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtMapUserPhysicalPages [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtMapUserPhysicalPagesScatter [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtMapViewOfSection [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtModifyBootEntry [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtNotifyChangeDirectoryFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtNotifyChangeKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtNotifyChangeMultipleKeys [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenDirectoryObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenEvent [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenEventPair [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenIoCompletion [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenJobObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenMutant [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenObjectAuditAlarm [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenProcess [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenProcessToken [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenProcessTokenEx [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenSection [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenSemaphore [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenSymbolicLinkObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenThread [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenThreadToken [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenThreadTokenEx [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenTimer [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtPlugPlayControl [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtPowerInformation [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtPrivilegeCheck [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtPrivilegeObjectAuditAlarm [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtPrivilegedServiceAuditAlarm [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtProtectVirtualMemory [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtPulseEvent [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryAttributesFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryBootEntryOrder [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryBootOptions [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryDebugFilterState [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryDefaultLocale [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryDefaultUILanguage [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryDirectoryFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryDirectoryObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryEaFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryEvent [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryFullAttributesFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryInformationAtom [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryInformationFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryInformationJobObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryInformationPort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryInformationProcess [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryInformationThread [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryInformationToken [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryInstallUILanguage [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryIntervalProfile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryIoCompletion [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryMultipleValueKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryMutant [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryOpenSubKeys [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryPerformanceCounter [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryQuotaInformationFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQuerySection [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQuerySecurityObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQuerySemaphore [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQuerySymbolicLinkObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQuerySystemEnvironmentValue [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQuerySystemEnvironmentValueEx [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQuerySystemInformation [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQuerySystemTime [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryTimer [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryTimerResolution [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryValueKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryVirtualMemory [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryVolumeInformationFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueueApcThread [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtRaiseException [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtRaiseHardError [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtReadFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtReadFileScatter [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtReadRequestData [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtReadVirtualMemory [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtRegisterThreadTerminatePort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtReleaseMutant [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtReleaseSemaphore [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtRemoveIoCompletion [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtRemoveProcessDebug [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtRenameKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtReplaceKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtReplyPort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtReplyWaitReceivePort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtReplyWaitReceivePortEx [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtReplyWaitReplyPort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtRequestDeviceWakeup [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtRequestPort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtRequestWaitReplyPort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtRequestWakeupLatency [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtResetEvent [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtResetWriteWatch [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtRestoreKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtResumeProcess [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtResumeThread [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSaveKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSaveKeyEx [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSaveMergedKeys [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSecureConnectPort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetBootEntryOrder [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetBootOptions [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetContextThread [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetDebugFilterState [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetDefaultHardErrorPort [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetDefaultLocale [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetDefaultUILanguage [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetEaFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetEvent [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetEventBoostPriority [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetHighEventPair [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetHighWaitLowEventPair [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetInformationDebugObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetInformationFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetInformationJobObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetInformationKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetInformationObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetInformationProcess [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetInformationThread [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetInformationToken [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetIntervalProfile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetIoCompletion [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetLdtEntries [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetLowEventPair [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetLowWaitHighEventPair [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetQuotaInformationFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetSecurityObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetSystemEnvironmentValue [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetSystemEnvironmentValueEx [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetSystemInformation [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetSystemPowerState [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetSystemTime [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetThreadExecutionState [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetTimer [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetTimerResolution [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetUuidSeed [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetValueKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSetVolumeInformationFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtShutdownSystem [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSignalAndWaitForSingleObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtStartProfile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtStopProfile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSuspendProcess [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSuspendThread [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtSystemDebugControl [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtTerminateJobObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtTerminateProcess [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtTerminateThread [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtTestAlert [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtTraceEvent [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtTranslateFilePath [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtUnloadDriver [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtUnloadKey [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtUnloadKeyEx [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtUnlockFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtUnlockVirtualMemory [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtUnmapViewOfSection [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtVdmControl [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtWaitForDebugEvent [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtWaitForMultipleObjects [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtWaitForSingleObject [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtWaitHighEventPair [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtWaitLowEventPair [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtWriteFile [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtWriteFileGather [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtWriteRequestData [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtWriteVirtualMemory [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtYieldExecution [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtCreateKeyedEvent [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtOpenKeyedEvent [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtReleaseKeyedEvent [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtWaitForKeyedEvent [ ETHREAD 0x895B4648 ] TID: 300
Masqueraded service-->NtQueryPortInformationProcess [ ETHREAD 0x895B4648 ] TID: 300
0x8055A220 Faked ServiceTable-->services.exe [ ETHREAD 0x8A0596D8 ] TID: 316, 393592 bytes
Masqueraded service-->NtAcceptConnectPort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAccessCheck [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAccessCheckAndAuditAlarm [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAccessCheckByType [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAccessCheckByTypeAndAuditAlarm [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAccessCheckByTypeResultList [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarm [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarmByHandle [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAddAtom [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAddBootEntry [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAdjustGroupsToken [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAdjustPrivilegesToken [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAlertResumeThread [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAlertThread [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAllocateLocallyUniqueId [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAllocateUserPhysicalPages [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAllocateUuids [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAllocateVirtualMemory [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAreMappedFilesTheSame [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtAssignProcessToJobObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCallbackReturn [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCancelDeviceWakeupRequest [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCancelIoFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCancelTimer [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtClearEvent [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtClose [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCloseObjectAuditAlarm [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCompactKeys [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCompareTokens [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCompleteConnectPort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCompressKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtConnectPort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtContinue [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateDebugObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateDirectoryObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateEvent [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateEventPair [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateIoCompletion [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateJobObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateJobSet [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateMailslotFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateMutant [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateNamedPipeFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreatePagingFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreatePort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateProcess [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateProcessEx [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateProfile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateSection [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateSemaphore [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateSymbolicLinkObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateThread [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateTimer [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateToken [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateWaitablePort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtDebugActiveProcess [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtDebugContinue [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtDelayExecution [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtDeleteAtom [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtDeleteBootEntry [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtDeleteFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtDeleteKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtDeleteObjectAuditAlarm [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtDeleteValueKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtDeviceIoControlFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtDisplayString [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtDuplicateObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtDuplicateToken [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtEnumerateBootEntries [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtEnumerateKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtEnumerateSystemEnvironmentValuesEx [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtEnumerateValueKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtExtendSection [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtFilterToken [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtFindAtom [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtFlushBuffersFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtFlushInstructionCache [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtFlushKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtFlushVirtualMemory [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtFlushWriteBuffer [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtFreeUserPhysicalPages [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtFreeVirtualMemory [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtFsControlFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtGetContextThread [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtGetDevicePowerState [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtGetPlugPlayEvent [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtGetWriteWatch [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtImpersonateAnonymousToken [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtImpersonateClientOfPort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtImpersonateThread [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtInitializeRegistry [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtInitiatePowerAction [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtIsProcessInJob [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtIsSystemResumeAutomatic [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtListenPort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtLoadDriver [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtLoadKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtLoadKey2 [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtLockFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtLockProductActivationKeys [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtLockRegistryKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtLockVirtualMemory [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtMakePermanentObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtMakeTemporaryObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtMapUserPhysicalPages [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtMapUserPhysicalPagesScatter [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtMapViewOfSection [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtModifyBootEntry [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtNotifyChangeDirectoryFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtNotifyChangeKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtNotifyChangeMultipleKeys [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenDirectoryObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenEvent [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenEventPair [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenIoCompletion [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenJobObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenMutant [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenObjectAuditAlarm [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenProcess [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenProcessToken [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenProcessTokenEx [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenSection [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenSemaphore [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenSymbolicLinkObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenThread [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenThreadToken [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenThreadTokenEx [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenTimer [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtPlugPlayControl [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtPowerInformation [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtPrivilegeCheck [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtPrivilegeObjectAuditAlarm [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtPrivilegedServiceAuditAlarm [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtProtectVirtualMemory [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtPulseEvent [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryAttributesFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryBootEntryOrder [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryBootOptions [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryDebugFilterState [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryDefaultLocale [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryDefaultUILanguage [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryDirectoryFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryDirectoryObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryEaFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryEvent [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryFullAttributesFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryInformationAtom [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryInformationFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryInformationJobObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryInformationPort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryInformationProcess [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryInformationThread [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryInformationToken [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryInstallUILanguage [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryIntervalProfile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryIoCompletion [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryMultipleValueKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryMutant [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryOpenSubKeys [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryPerformanceCounter [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryQuotaInformationFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQuerySection [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQuerySecurityObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQuerySemaphore [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQuerySymbolicLinkObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQuerySystemEnvironmentValue [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQuerySystemEnvironmentValueEx [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQuerySystemInformation [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQuerySystemTime [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryTimer [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryTimerResolution [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryValueKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryVirtualMemory [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryVolumeInformationFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueueApcThread [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtRaiseException [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtRaiseHardError [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtReadFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtReadFileScatter [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtReadRequestData [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtReadVirtualMemory [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtRegisterThreadTerminatePort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtReleaseMutant [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtReleaseSemaphore [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtRemoveIoCompletion [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtRemoveProcessDebug [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtRenameKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtReplaceKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtReplyPort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtReplyWaitReceivePort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtReplyWaitReceivePortEx [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtReplyWaitReplyPort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtRequestDeviceWakeup [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtRequestPort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtRequestWaitReplyPort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtRequestWakeupLatency [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtResetEvent [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtResetWriteWatch [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtRestoreKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtResumeProcess [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtResumeThread [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSaveKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSaveKeyEx [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSaveMergedKeys [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSecureConnectPort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetBootEntryOrder [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetBootOptions [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetContextThread [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetDebugFilterState [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetDefaultHardErrorPort [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetDefaultLocale [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetDefaultUILanguage [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetEaFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetEvent [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetEventBoostPriority [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetHighEventPair [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetHighWaitLowEventPair [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetInformationDebugObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetInformationFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetInformationJobObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetInformationKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetInformationObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetInformationProcess [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetInformationThread [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetInformationToken [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetIntervalProfile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetIoCompletion [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetLdtEntries [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetLowEventPair [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetLowWaitHighEventPair [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetQuotaInformationFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetSecurityObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetSystemEnvironmentValue [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetSystemEnvironmentValueEx [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetSystemInformation [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetSystemPowerState [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetSystemTime [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetThreadExecutionState [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetTimer [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetTimerResolution [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetUuidSeed [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetValueKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSetVolumeInformationFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtShutdownSystem [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSignalAndWaitForSingleObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtStartProfile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtStopProfile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSuspendProcess [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSuspendThread [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtSystemDebugControl [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtTerminateJobObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtTerminateProcess [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtTerminateThread [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtTestAlert [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtTraceEvent [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtTranslateFilePath [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtUnloadDriver [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtUnloadKey [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtUnloadKeyEx [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtUnlockFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtUnlockVirtualMemory [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtUnmapViewOfSection [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtVdmControl [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtWaitForDebugEvent [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtWaitForMultipleObjects [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtWaitForSingleObject [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtWaitHighEventPair [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtWaitLowEventPair [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtWriteFile [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtWriteFileGather [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtWriteRequestData [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtWriteVirtualMemory [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtYieldExecution [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtCreateKeyedEvent [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtOpenKeyedEvent [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtReleaseKeyedEvent [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtWaitForKeyedEvent [ ETHREAD 0x8A0596D8 ] TID: 316
Masqueraded service-->NtQueryPortInformationProcess [ ETHREAD 0x8A0596D8 ] TID: 316
0x8055A220 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A071A20 ] TID: 320, 393592 bytes
Masqueraded service-->NtAcceptConnectPort [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAccessCheck [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAccessCheckAndAuditAlarm [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAccessCheckByType [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAccessCheckByTypeAndAuditAlarm [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAccessCheckByTypeResultList [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarm [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarmByHandle [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAddAtom [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAddBootEntry [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAdjustGroupsToken [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAdjustPrivilegesToken [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAlertResumeThread [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAlertThread [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAllocateLocallyUniqueId [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAllocateUserPhysicalPages [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAllocateUuids [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAllocateVirtualMemory [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAreMappedFilesTheSame [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtAssignProcessToJobObject [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCallbackReturn [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCancelDeviceWakeupRequest [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCancelIoFile [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCancelTimer [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtClearEvent [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtClose [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCloseObjectAuditAlarm [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCompactKeys [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCompareTokens [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCompleteConnectPort [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCompressKey [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtConnectPort [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtContinue [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateDebugObject [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateDirectoryObject [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateEvent [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateEventPair [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateFile [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateIoCompletion [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateJobObject [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateJobSet [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateKey [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateMailslotFile [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateMutant [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateNamedPipeFile [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreatePagingFile [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreatePort [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateProcess [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateProcessEx [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateProfile [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateSection [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateSemaphore [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateSymbolicLinkObject [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateThread [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateTimer [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateToken [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtCreateWaitablePort [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtDebugActiveProcess [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtDebugContinue [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtDelayExecution [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtDeleteAtom [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtDeleteBootEntry [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtDeleteFile [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtDeleteKey [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtDeleteObjectAuditAlarm [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtDeleteValueKey [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtDeviceIoControlFile [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtDisplayString [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtDuplicateObject [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtDuplicateToken [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtEnumerateBootEntries [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtEnumerateKey [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtEnumerateSystemEnvironmentValuesEx [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtEnumerateValueKey [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtExtendSection [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtFilterToken [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtFindAtom [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtFlushBuffersFile [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtFlushInstructionCache [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtFlushKey [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtFlushVirtualMemory [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtFlushWriteBuffer [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtFreeUserPhysicalPages [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtFreeVirtualMemory [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtFsControlFile [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtGetContextThread [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtGetDevicePowerState [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtGetPlugPlayEvent [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtGetWriteWatch [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtImpersonateAnonymousToken [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtImpersonateClientOfPort [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtImpersonateThread [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtInitializeRegistry [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtInitiatePowerAction [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtIsProcessInJob [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtIsSystemResumeAutomatic [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtListenPort [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtLoadDriver [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtLoadKey [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtLoadKey2 [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtLockFile [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtLockProductActivationKeys [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtLockRegistryKey [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtLockVirtualMemory [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtMakePermanentObject [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtMakeTemporaryObject [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtMapUserPhysicalPages [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtMapUserPhysicalPagesScatter [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtMapViewOfSection [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtModifyBootEntry [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtNotifyChangeDirectoryFile [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtNotifyChangeKey [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtNotifyChangeMultipleKeys [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtOpenDirectoryObject [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtOpenEvent [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtOpenEventPair [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtOpenFile [ ETHREAD 0x8A071A20 ] TID: 320
Masqueraded service-->NtOpenIoCompletion [ ETHREAD 0x8A071A20 ] TID: 320

#5 cp123

cp123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 28 June 2011 - 08:47 PM

OTL logfile created on: 6/28/2011 8:25:01 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Christopher Potts\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 71.64% Memory free
3.60 Gb Paging File | 2.89 Gb Available in Paging File | 80.12% Paging File free
Paging file location(s): C:\pagefile.sys 2301 2301 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.92 Gb Total Space | 2.77 Gb Free Space | 8.16% Space Free | Partition Type: NTFS

Computer Name: DOWNSTAIRS | User Name: Christopher Potts | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/28 18:45:03 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Potts\Desktop\OTL.exe
PRC - [2011/06/10 11:26:00 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/06/01 14:09:58 | 004,385,112 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/05/10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/05/27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2008/10/27 11:03:32 | 000,135,168 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008/10/27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008/10/20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/05 16:14:34 | 000,122,880 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/11/02 17:46:26 | 000,655,640 | ---- | M] (Uniblue) -- C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
PRC - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/10/02 11:19:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006/06/29 21:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2006/05/30 16:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/11/22 16:20:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/10/06 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\DLACTRLW.EXE
PRC - [2005/07/05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/08/06 03:10:00 | 000,442,368 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2004/06/22 21:49:21 | 000,040,960 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
PRC - [2004/06/14 13:57:10 | 000,077,824 | ---- | M] (IBM) -- C:\Program Files\IBM\Security\certtool.exe
PRC - [2004/06/14 13:25:42 | 000,577,536 | ---- | M] (IBM) -- C:\Program Files\IBM\Security\uvmserv.exe
PRC - [2004/05/27 23:14:08 | 000,028,160 | ---- | M] (International Business Machines Corp.) -- C:\WINDOWS\system32\ibmsmbus.exe
PRC - [2004/03/01 13:34:54 | 000,393,216 | ---- | M] () -- C:\Program Files\WebDrive\WebDrive.exe
PRC - [2004/02/27 13:37:44 | 000,110,592 | ---- | M] () -- C:\Program Files\WebDrive\wdService.exe
PRC - [2003/08/06 16:08:00 | 000,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
PRC - [2003/08/06 13:44:52 | 000,094,208 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2003/07/09 14:36:00 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
PRC - [2003/06/27 11:35:26 | 000,139,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDET.exe
PRC - [2002/10/08 22:28:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\TpScrLk.exe


========== Modules (SafeList) ==========

MOD - [2011/06/28 18:45:03 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Potts\Desktop\OTL.exe
MOD - [2011/05/10 07:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/12/05 16:14:30 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NICSer_WPC54G)
SRV - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/01/08 10:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
SRV - [2008/10/27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008/10/27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008/10/26 15:47:27 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/10/20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/05/29 09:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/06/29 21:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/11/22 16:20:28 | 000,036,864 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/06/14 13:25:42 | 000,577,536 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Security\uvmserv.exe -- (IBM User Verification Manager)
SRV - [2004/05/27 23:14:08 | 000,028,160 | ---- | M] (International Business Machines Corp.) [Auto | Running] -- C:\WINDOWS\system32\ibmsmbus.exe -- (ibmsmbus)
SRV - [2004/02/27 13:37:44 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Program Files\WebDrive\wdservice.exe -- (WebDriveService)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 07:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 07:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 06:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 06:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/27 19:18:34 | 000,239,472 | ---- | M] () [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/03/31 17:04:38 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020101}_1)
DRV - [2011/03/31 17:04:38 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020101}_0)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/01/01 17:23:06 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/10/24 14:33:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2008/10/24 14:33:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/05/14 17:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/05/14 17:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/01/24 16:36:16 | 004,127,488 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/05/06 06:50:00 | 000,011,776 | ---- | M] (International Business Machines Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smbusdh.sys -- (SMBusDH)
DRV - [2007/05/02 09:54:08 | 000,472,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/02/06 23:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/01/10 02:56:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/10/18 21:47:10 | 000,542,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\blackbox.dll -- (BlackBox)
DRV - [2006/10/02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/10/02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/10/06 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/04/20 01:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2004/08/09 16:39:04 | 000,029,696 | ---- | M] (International Business Machines Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smbushc.sys -- (SMBusHC)
DRV - [2004/08/09 16:39:04 | 000,010,240 | ---- | M] (International Business Machines Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smbgen.sys -- (GENERICSMB)
DRV - [2004/08/04 00:41:35 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/07/22 19:29:00 | 000,041,088 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2004/06/11 15:53:10 | 000,003,328 | ---- | M] (PHD Computer Consultants Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smi.sys -- (smi)
DRV - [2004/03/10 21:54:32 | 000,385,536 | ---- | M] (Cisco-Linksys LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TNET1130x.sys -- (TNET1130x)
DRV - [2004/02/27 13:38:24 | 000,163,840 | ---- | M] (River Front Software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\RFNP32.dll -- (RFNP32)
DRV - [2004/02/07 16:15:24 | 000,088,208 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\rffsd.sys -- (WebDriveFSD)
DRV - [2003/09/14 21:42:48 | 000,892,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb)
DRV - [2003/08/07 02:23:46 | 000,312,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/08/06 00:57:22 | 000,140,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/08/06 00:57:10 | 000,190,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/06/27 08:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/05/14 16:01:42 | 000,062,673 | R--- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/11/18 19:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2001/11/01 05:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001/08/17 15:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========




IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/advanced_search?hl=en
IE - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/advanced_search?hl=en"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/29 21:01:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/29 21:01:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/25 08:00:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/26 06:23:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 06:20:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/04/17 07:26:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/05/15 11:42:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010/04/17 07:26:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/04/17 07:28:51 | 000,000,000 | ---D | M]

[2009/03/10 07:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Potts\Application Data\Mozilla\Extensions
[2011/06/26 06:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Potts\Application Data\Mozilla\Firefox\Profiles\zdqk8yxu.default\extensions
[2011/06/12 09:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christopher Potts\Application Data\Mozilla\Firefox\Profiles\zdqk8yxu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/15 11:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 05:42:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/17 20:29:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 16:42:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/17 21:17:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/03 11:13:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/15 11:42:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2010/04/16 05:41:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/15 23:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/10/21 17:14:39 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2005/04/27 15:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/25 15:12:07 | 000,000,734 | --S- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Pluck Helper) - {09AF76DD-6988-4664-97D0-362F1011E311} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll (Pluck Corporation)
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (Pluck Toolbar) - {7385D9F8-418B-4e6a-938F-F7596857CB54} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll (Pluck Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O3 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\dla\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [ISS_Certtool] C:\Program Files\IBM\Security\certtool.exe (IBM)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe ()
O4 - HKU\.DEFAULT..\Run: [ALUAlert] File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] File not found
O4 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004..\Run: [Uniblue ProcessQuickLink 2] C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe (Uniblue)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [configmsi] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [supportdir] File not found
O4 - HKU\S-1-5-18..\RunOnce: [configmsi] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [supportdir] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 21
O7 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: &Google Search - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Customize Menu &4 - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms &] - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms &[ - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Similar Pages - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Subscribe in Desktop Sidebar - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O8 - Extra context menu item: Translate Page into English - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll (Pluck Corporation)
O9 - Extra 'Tools' menuitem : Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - Reg Error: Value error. File not found
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: Pluck this page - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll (Pluck Corporation)
O9 - Extra 'Tools' menuitem : Pluck this page - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll (Pluck Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Launch High Impact eMail 2.0 - {670F87A1-88B0-11d4-9030-000021D9C559} - C:\Program Files\KMT Software\High Impact eMail 2.0\HIeMail.exe (KMT Software, Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O9 - Extra 'Tools' menuitem : RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Launch High Impact eMail 2.0 - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\KMT Software\High Impact eMail 2.0\HIeMail.exe (KMT Software, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135201556552 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-3.ibm.com/pc/support/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/67/install/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} http://www.omnitrader.com/omnitrader/support/ot2006/updater/installer/setup.exe (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Value error.)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O18 - Protocol\Handler\pluck {A5DD5FEC-8239-4a12-B791-4B6067F85CCC} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll (Pluck Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Christopher Potts\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Christopher Potts\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/26 11:19:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5d07bea1-c78a-11d8-a8b7-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{5d07bea1-c78a-11d8-a8b7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5d07bea1-c78a-11d8-a8b7-806d6172696f}\Shell\AutoRun\command - "" = E:\drivercd.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 19:05:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Christopher Potts\Recent
[2011/06/28 18:45:00 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christopher Potts\Desktop\OTL.exe
[2011/06/26 06:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Start Menu\Programs\Google Chrome
[2011/06/26 06:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Local Settings\Application Data\Deployment
[2011/06/26 06:28:02 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/26 06:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\My Documents\Downloads
[2011/06/26 06:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Desktop\Downloads
[2011/06/25 23:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Desktop\wpc54gv2_driver_utility_v2.02
[2011/06/25 15:42:53 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2011/06/25 15:17:59 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/25 15:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\AppData
[2011/06/25 11:38:46 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Christopher Potts\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/25 11:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/06/25 08:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/25 07:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/25 07:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/25 07:44:37 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/19 16:45:04 | 000,261,368 | ---- | C] (Reimage®) -- C:\Documents and Settings\Christopher Potts\Desktop\ReimageRepair.exe
[2011/06/19 12:29:56 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/19 12:29:56 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/19 12:29:52 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/19 12:29:51 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/19 12:29:51 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/19 12:29:49 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/19 12:29:49 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/19 12:29:48 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/19 12:29:24 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/19 12:29:23 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/19 12:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/19 12:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/19 12:06:03 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Christopher Potts\Desktop\WinsockFix.exe
[2011/06/19 10:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Application Data\SUPERAntiSpyware.com
[2011/06/19 10:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/18 20:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/12 21:25:34 | 001,605,632 | ---- | C] (Verbatim) -- C:\Documents and Settings\Christopher Potts\Desktop\V-Safe100.exe
[2011/06/12 21:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Desktop\.Spotlight-V100
[2011/06/12 21:25:33 | 000,329,728 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Christopher Potts\Desktop\netsetup.exe
[2011/06/12 21:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Desktop\SMRTNTKY
[2011/06/12 21:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Desktop\plasma_break-in_v120.1
[2011/06/12 21:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Desktop\Mac Trashed Items
[2011/06/12 21:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Desktop\Back Up Folder
[2011/06/12 21:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Desktop\AVG 10
[2011/06/12 21:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Desktop\AVG 9
[2011/06/12 21:03:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/06/12 21:03:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/06/12 21:03:45 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\Christopher Potts\Desktop\dds.scr
[2011/06/12 17:42:50 | 000,000,000 | ---D | C] -- C:\NewKiller
[2011/05/29 21:04:31 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2011/05/29 21:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/05/29 21:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2011/05/29 21:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/05/29 21:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/05/29 20:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Application Data\HpUpdate
[2011/05/29 20:57:38 | 000,527,208 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPM5412.dll
[2011/05/29 20:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/05/29 20:57:29 | 001,792,872 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanMiniDrv_OJ6500_E710nz.dll
[2011/05/29 20:57:23 | 000,232,296 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412.dll
[2011/05/29 20:57:21 | 000,267,112 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412LM.dll
[2011/05/29 20:57:21 | 000,213,864 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5412.dll
[2011/05/29 20:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/05/29 20:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/05/29 20:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Local Settings\Application Data\HP
[2006/10/21 17:17:22 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2004/08/09 17:18:01 | 001,269,760 | ---- | C] ( ) -- C:\WINDOWS\System32\uvm_pgina.dll
[2004/08/09 17:17:58 | 000,258,048 | ---- | C] ( ) -- C:\WINDOWS\System32\uvm_gina_res.dll

========== Files - Modified Within 30 Days ==========

[2011/06/28 20:40:13 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/06/28 20:00:02 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1594262684-1113360583-1003154156-1004UA.job
[2011/06/28 19:37:32 | 001,097,270 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\Part_of_Stealthcode_Report
[2011/06/28 19:36:22 | 000,038,952 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\Rootkit_Drivers_Report
[2011/06/28 19:31:01 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_AutoSweep.job
[2011/06/28 19:30:39 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/28 19:30:11 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/06/28 19:30:10 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2011/06/28 19:29:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 19:29:45 | 1609,486,336 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/28 18:59:40 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/06/28 18:45:03 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Potts\Desktop\OTL.exe
[2011/06/28 18:44:32 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\RKUnhookerLE.EXE
[2011/06/26 18:24:42 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job
[2011/06/26 17:00:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_AutoUpdate.job
[2011/06/26 10:10:02 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/06/26 06:59:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1594262684-1113360583-1003154156-1004Core.job
[2011/06/26 06:56:19 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\Google Chrome.lnk
[2011/06/26 06:56:19 | 000,002,361 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/26 06:28:02 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/26 06:23:55 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/26 06:23:55 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/25 23:21:09 | 019,045,881 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\wpc54gv2_driver_utility_v2.02.zip
[2011/06/25 21:38:16 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/06/25 21:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/06/25 15:54:21 | 000,481,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/25 15:54:21 | 000,080,100 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/25 15:12:07 | 000,000,734 | --S- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/25 15:09:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/25 11:39:55 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/25 11:39:55 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/25 11:38:46 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Christopher Potts\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/25 11:31:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2011/06/25 11:21:17 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/06/25 11:21:16 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/06/25 11:21:16 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/06/25 11:05:18 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/06/19 17:36:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\defogger_reenable
[2011/06/19 17:24:22 | 000,004,096 | -H-- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\._gmer.exe
[2011/06/19 17:21:00 | 000,004,096 | -H-- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\._dds.scr
[2011/06/19 12:29:57 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/19 12:29:50 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/19 10:13:54 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/12 17:55:57 | 000,000,460 | -HS- | M] () -- C:\BOOT.INI
[2011/06/11 22:38:18 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\._redir.html
[2011/06/11 22:38:16 | 000,068,641 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\redir.html
[2011/06/11 22:31:42 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\._.TemporaryItems
[2011/06/11 20:22:30 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17030948
[2011/06/11 18:06:44 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\Christopher Potts\Desktop\dds.scr
[2011/06/07 16:14:52 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\rkill.com
[2011/06/05 19:11:04 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/06/05 19:09:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/02 20:06:35 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/06/02 20:06:03 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/05/30 17:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 21:00:36 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

========== Files Created - No Company Name ==========

[2011/06/28 19:37:30 | 001,097,270 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\Part_of_Stealthcode_Report
[2011/06/28 19:36:22 | 000,038,952 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\Rootkit_Drivers_Report
[2011/06/28 18:44:32 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\RKUnhookerLE.EXE
[2011/06/26 06:56:19 | 000,002,383 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\Google Chrome.lnk
[2011/06/26 06:56:19 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/26 06:55:00 | 000,001,026 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1594262684-1113360583-1003154156-1004UA.job
[2011/06/26 06:54:59 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1594262684-1113360583-1003154156-1004Core.job
[2011/06/26 06:23:55 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/26 06:23:55 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/06/26 06:23:55 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/25 23:21:09 | 019,045,881 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\wpc54gv2_driver_utility_v2.02.zip
[2011/06/25 21:38:16 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/06/25 15:09:28 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/25 11:39:55 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/25 11:39:55 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/25 11:21:17 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/06/25 11:21:16 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/06/25 11:21:16 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/06/25 11:05:18 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/06/19 17:50:00 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\gmer.exe
[2011/06/19 17:49:38 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\._gmer.exe
[2011/06/19 17:36:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\defogger_reenable
[2011/06/19 17:36:14 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\Defogger.exe
[2011/06/19 15:35:37 | 1609,486,336 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/19 12:29:57 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/19 10:13:54 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/18 22:24:48 | 000,002,501 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/06/18 22:05:12 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\unhide.exe
[2011/06/18 19:57:54 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\rkill.com
[2011/06/12 21:25:34 | 000,068,641 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\redir.html
[2011/06/12 21:25:33 | 005,033,276 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\QuickGuide.pdf
[2011/06/12 21:25:31 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\Flash_Disinfector.exe
[2011/06/12 21:25:27 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\._redir.html
[2011/06/12 21:25:27 | 000,000,090 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\AUTORUN.INF
[2011/06/12 21:25:12 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\._dds.scr
[2011/06/12 21:25:12 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Desktop\._.TemporaryItems
[2011/06/11 20:22:30 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17030948
[2011/06/02 20:06:35 | 000,000,528 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/05/29 21:00:35 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/05/29 21:00:35 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/05/29 21:00:35 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/05/29 21:00:35 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/05/07 18:03:07 | 000,311,890 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1594262684-1113360583-1003154156-1004-0.dat
[2011/02/20 21:19:53 | 000,867,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/22 19:19:14 | 000,311,890 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/06/02 20:01:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/12 18:36:12 | 000,015,686 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1457860140
[2010/04/12 18:33:47 | 000,015,606 | -HS- | C] () -- C:\Documents and Settings\Christopher Potts\Local Settings\Application Data\1457860140
[2010/04/12 17:41:24 | 000,015,670 | -HS- | C] () -- C:\Documents and Settings\Christopher Potts\Local Settings\Application Data\2NuQ8xsDJJ1
[2010/04/12 17:41:24 | 000,015,670 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2NuQ8xsDJJ1
[2009/11/08 23:14:30 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_UnicodeImageMaker_InstallInfo.dat
[2009/11/08 23:14:30 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Local Settings\Application Data\DonationCoder_UnicodeImageMaker_InstallInfo.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/04/26 18:49:18 | 000,021,312 | ---- | C] () -- C:\WINDOWS\choice.exe
[2008/04/20 11:24:34 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2008/04/13 13:56:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/04/06 13:20:00 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/04/06 13:20:00 | 000,002,556 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/01/13 10:50:11 | 000,332,874 | ---- | C] () -- C:\WINDOWS\My Reward Board Uninstaller.exe
[2007/05/05 11:05:27 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/18 10:22:42 | 000,494,497 | ---- | C] () -- C:\WINDOWS\RRC Uninstaller.exe
[2006/10/30 20:53:59 | 000,000,092 | ---- | C] () -- C:\WINDOWS\NIRVANA.INI
[2006/10/30 20:34:28 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Local Settings\Application Data\fusioncache.dat
[2006/10/30 20:33:42 | 000,121,344 | ---- | C] () -- C:\WINDOWS\System32\usaccess.dll
[2006/10/30 20:33:38 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\machnm1.exe
[2006/10/30 20:33:35 | 000,716,849 | ---- | C] () -- C:\WINDOWS\System32\Olapdbmg.dll
[2006/10/30 20:33:35 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\QP.dll
[2006/10/30 20:33:34 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2006/10/30 20:33:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\IQ_API.dll
[2006/10/30 20:33:33 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DTNHistoryLookup.dll
[2006/10/30 20:33:33 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2006/10/30 20:33:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DTNOptionChainLookup.dll
[2006/10/30 20:33:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\DTNSymbolLookup.dll
[2006/10/30 20:32:45 | 000,217,150 | ---- | C] () -- C:\WINDOWS\System32\dbcapi.dll
[2006/10/30 20:32:45 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2006/06/09 11:43:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/09 20:38:31 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2006/05/09 20:38:30 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/05/09 20:38:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/05/09 20:37:58 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2005/11/30 20:16:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2005/07/05 23:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2005/04/08 17:42:06 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/03/17 22:05:50 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Christopher Potts\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/13 17:30:56 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\HTTPUploadDownload.dll
[2004/12/13 17:30:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CmdLaunchExe.dll
[2004/12/13 17:30:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HIeMail.dll
[2004/12/13 17:15:41 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SyncUploadDownload.dll
[2004/12/13 17:15:40 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2004/10/26 18:51:14 | 000,084,644 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad17.bin
[2004/10/26 18:51:14 | 000,083,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad16.bin
[2004/09/19 15:28:46 | 000,105,168 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2004/09/19 15:28:18 | 000,105,168 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2004/09/19 15:04:29 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/09/19 15:04:24 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/09/19 15:03:56 | 000,012,822 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/09/17 16:32:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 17:48:33 | 000,003,644 | RHS- | C] () -- C:\WINDOWS\uvm_Christopher Potts_pp.dat
[2004/08/09 17:48:26 | 000,000,640 | RHS- | C] () -- C:\WINDOWS\uvm_Christopher Potts_pwor.dat
[2004/08/09 17:48:21 | 000,000,128 | RHS- | C] () -- C:\WINDOWS\uvm_Christopher Potts.dat.sig
[2004/08/09 17:48:19 | 000,008,840 | RHS- | C] () -- C:\WINDOWS\uvm_Christopher Potts.dat
[2004/08/09 17:48:03 | 000,000,256 | ---- | C] () -- C:\WINDOWS\uvm_SecurityAdminRoot_pwor.dat
[2004/08/09 17:47:58 | 000,000,692 | RHS- | C] () -- C:\WINDOWS\uvm_SecurityAdminRoot.dat
[2004/08/09 17:47:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\keyfile.ini
[2004/08/09 17:18:00 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cspprompt.dll
[2004/08/09 17:17:59 | 000,995,632 | ---- | C] () -- C:\WINDOWS\System32\csm521.dll
[2004/08/09 17:17:59 | 000,659,456 | ---- | C] () -- C:\WINDOWS\System32\aes_api.dll
[2004/08/09 17:17:58 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\uvm_wait.dll
[2004/08/09 17:17:57 | 000,428,032 | ---- | C] () -- C:\WINDOWS\System32\ivauthzn.dll
[2004/08/09 17:17:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\errormes.dll
[2004/08/09 17:17:56 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\archrest.dll
[2004/07/27 10:25:04 | 000,003,221 | ---- | C] () -- C:\WINDOWS\logos20.ini
[2004/07/25 20:56:39 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2004/07/24 20:14:44 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/07/24 20:14:39 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/07/24 20:09:54 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\sbusbdll.dll
[2004/07/24 20:08:54 | 000,005,857 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2004/07/24 19:57:10 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/07/24 19:50:38 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2004/07/17 15:02:56 | 000,004,592 | ---- | C] () -- C:\WINDOWS\cptlaptop3.dat
[2004/07/04 22:29:35 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\rfwdui.dll
[2004/07/04 22:29:34 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\RFHelper.dll
[2004/07/04 21:10:47 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\rfstrres.dll
[2004/07/04 19:19:51 | 000,070,144 | ---- | C] () -- C:\WINDOWS\unlite.exe
[2004/07/04 19:19:39 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\wddx_com.dll
[2004/07/04 19:19:39 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\CFFileProxy.dll
[2004/07/04 19:19:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2004/07/04 19:19:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2004/07/04 19:19:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2004/06/27 18:02:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/22 19:28:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/22 19:24:40 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2004/06/22 19:21:06 | 000,000,974 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/22 19:17:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2004/06/22 19:10:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2004/06/22 19:10:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2004/06/22 19:09:43 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2004/06/22 19:09:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
[2004/06/22 19:08:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/06/22 18:51:37 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/22 17:36:18 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/09 07:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/02/20 11:32:29 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/02/20 11:18:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/02/20 11:09:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/20 11:03:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/20 11:02:39 | 000,360,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/10/08 22:28:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\TpScrLk.exe
[2002/01/09 20:38:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2001/08/24 08:06:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\HidCom.exe
[2001/08/23 09:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 09:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[1998/10/22 18:46:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[1998/05/27 15:13:34 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_UNODBC.dll
[1996/08/28 06:48:46 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[1980/01/01 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 02:00:00 | 000,481,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 02:00:00 | 000,080,100 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


...


OTL Extras logfile created on: 6/28/2011 8:25:01 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Christopher Potts\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 71.64% Memory free
3.60 Gb Paging File | 2.89 Gb Available in Paging File | 80.12% Paging File free
Paging file location(s): C:\pagefile.sys 2301 2301 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.92 Gb Total Space | 2.77 Gb Free Space | 8.16% Space Free | Partition Type: NTFS

Computer Name: DOWNSTAIRS | User Name: Christopher Potts | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Radio UserLand\Radio.exe" = C:\Program Files\Radio UserLand\Radio.exe:*:Enabled:Radio UserLand -- (UserLand Software, Inc.)
"C:\Program Files\SpamBayes\bin\sb_tray.exe" = C:\Program Files\SpamBayes\bin\sb_tray.exe:*:Enabled:sb_tray -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe" = C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe:*:Enabled:WiselinkPro -- ()
"C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe" = C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe:*:Enabled:http_ss_win_pro -- ()
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10025061-8403-4534-A2D8-1F8D76BB14E4}" = Atmel TPM
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{16906D21-0656-4F8B-9A01-C3D24B5401FC}" = Intel® PROSet for Wired Connections
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{19991EAD-C273-47EB-87E8-0D274925230B}" = OEB Resource Driver
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D491D52-6E04-4E52-89AD-5490FEB414E9}" = OT2006
"{1E34AB5C-B893-4EE9-82F3-F195978D009D}" = IBM Access Support - Local Content Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 25
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}" = Wireless-G Notebook Adapter
"{2C0CD17D-0B06-4700-83FA-7344B868B0A2}" = Opera 9.63
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39674178-9AEB-4A97-8F5D-FD042FB1EB65}" = Crystal Reports 9
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{462EA076-6E7F-4254-AC4D-10F6D5717BC1}" = OfficeReady PDF Edition
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A389F44-8E35-49C8-9359-839A2B7550F5}" = Desktop Sidebar
"{4C93C363-414E-11D4-9756-00C04F8EEB39}" = Macromedia Flash 5
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5F81DD84-6A2F-11D4-903E-00E0293397B7}" = Bible Data Type System Files
"{5F81DD89-6A2F-11D4-903E-00E0293397B7}" = Common System Files
"{5F81DD92-6A2F-11D4-903E-00E0293397B7}" = Libronix Digital Library System
"{5F81DD97-6A2F-11D4-903E-00E0293397B7}" = Libronix DLS Application
"{5F81DD9B-6A2F-11D4-903E-00E0293397B7}" = Libronix Update
"{5F81DD9F-6A2F-11D4-903E-00E0293397B7}" = LLS Resource Driver
"{5F81DDA3-6A2F-11D4-903E-00E0293397B7}" = PDF Resource Driver
"{600AB648-F79B-41EC-B426-A49A7DB121EA}" = HP Officejet 6500 E710n-z Basic Device Software
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{67AA948F-BB32-4B1E-9EE0-DE15F8AA5FB6}" = OT2006
"{6A2C2EC2-F534-48D9-A56E-D4D173FA0E4C}" = CoPilot Truck - Laptop 3
"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit SDK for Java 2, v1.4.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72CB5335-6D2A-4207-B811-6CB6C6925039}" = Batch Update
"{760DEB9D-DA30-4137-A5E3-5B44B20860AF}" = Pluck
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7BD2CFF6-B037-47D6-A76B-D941EE13AD96}" = IBM Client Security Software 5.30.024.0
"{7DADDB92-2E09-4A76-848B-21D4CC9F01F5}" = SnapSheets
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5B7F78-2569-47BD-8446-50232210F352}" = OT2006
"{8F899627-1EA1-484D-91EA-7B22C05358DB}" = TeleChart 2005
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{966D6ACF-C571-4452-9725-3E4ECA3C1321}" = OT2006
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F91D67C-9EEE-4D94-B65C-F77558CE62DC}" = OT2006
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A240100C-E5F5-4004-94B0-DBF1779CC138}" = OT2006
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A333E9DD-3CDD-404A-80C6-BD1374B5010E}" = OT2006
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A8833100-1481-11D4-9731-00C04F8EEB39}" = Macromedia Fireworks 4
"{ABD74B67-9EFA-4AF5-A0A3-F75D70D2CE5C}" = OT2006
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver UltraDev 4
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{BC26EB00-DB82-410A-A54B-92AB4933E413}" = OmniScan
"{BCFABDF4-80F3-41AC-AA2B-60A419C1543A}" = OT2006
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3E9171F-E58D-44E2-9E22-9AC89B50DD85}" = OT2006
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C824993C-533D-422D-B952-80EF85F3F179}" = Client Security SMBus Driver Install
"{CA0AF735-4583-413E-897F-E91A237EE2E1}" = Libronix DLS Shortcuts
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC351B44-5610-43C5-81E6-A2C760CB0A20}" = Graphical Query Editor
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = Access IBM Cleanup Utility
"{D4C03E0F-29EF-4C2E-AF04-1DA6C4812614}" = High Impact eMail 2.0
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{DA180A92-6927-476E-9819-17B47562EA8D}" = w.bloggar 3.03
"{DE469108-880E-4A7E-A5A4-30CAE836BB85}" = MeetingHouse Installer
"{E115E9FA-2808-4B6B-A509-5D4DB9DA7C08}" = CSSMBusDriver
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{FAABDC10-41B3-4A4C-A76E-C02CB9BE2A5E}" = HP Officejet 6500 E710n-z Product Improvement Study
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FE3BE471-773C-11D7-AB2D-0090271A23A2}" = USB Sound Blaster Audigy 2 NX
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Access IBM Tools" = Access IBM Tools
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Axandra's Reciprocal Links Solution_is1" = ARELIS 4.4.2
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CCleaner" = CCleaner
"Core FTP LE 1.3c" = Core FTP LE 1.3c
"EditPad Pro 5" = JGsoft EditPad Pro 5 DEMO 5.4.2
"FM Radio V2" = FM Radio V2 (remove only)
"Game Booster_is1" = Game Booster
"HijackThis" = HijackThis 2.0.2
"IBM Access Support" = IBM Access Support
"IBP10_is1" = IBP 10.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{6A2C2EC2-F534-48D9-A56E-D4D173FA0E4C}" = CoPilot Truck - Laptop 3
"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit SDK for Java 2, v1.4.1
"Internet Business Promoter_is1" = Internet Business Promoter 4.1.5
"IObit Security 360_is1" = IObit Security 360
"Libronix DLS" = Libronix Digital Library System
"Logos Lesson Builder" = Logos Lesson Builder 1.1
"Macromedia Generator 2" = Macromedia Generator 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"My Reward Board" = My Reward Board
"Netscape (7.2)" = Netscape (7.2)
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"ProcessQuickLink 2_is1" = Uniblue ProcessQuickLink 2
"PROSet" = Intel® PRO Network Connections Drivers
"Qtrax 20080125" = Qtrax 0.2beta (20080125)
"Radio UserLand 8.1" = Radio UserLand 8.1
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"RRC" = RRC
"SHOWCASE" = Feature Showcase Demo
"Smart Defrag_is1" = Smart Defrag
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Support.com" = Support.com Software
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"SysInfo" = Creative System Information
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TopStyle Lite (Version 1.5)" = TopStyle Lite (Version 1.5)
"TPKBDLED" = Scroll Lock Indicator Utility
"Unicode Image Maker_is1" = Unicode Image Maker 1.02.01
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebDrive" = WebDrive
"Windows Live Safety Scanner" = Windows Live Safety Scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1594262684-1113360583-1003154156-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
"Google Chrome" = Google Chrome
"HomeSite 4.5" = HomeSite 4.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/27/2011 8:24:24 PM | Computer Name = DOWNSTAIRS | Source = PC-Doctor | ID = 1
Description = (2556) Asapi: (19:24:24:0820)(2556) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.ExtendWarranty.title locale: PCDLocale:
language = en, customer = lenovo, variant = ltt

Error - 6/27/2011 8:24:24 PM | Computer Name = DOWNSTAIRS | Source = PC-Doctor | ID = 1
Description = (2556) Asapi: (19:24:24:0920)(2556) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.ExtendWarranty.body locale: PCDLocale:
language = en, customer = lenovo, variant = ltt

Error - 6/27/2011 8:24:24 PM | Computer Name = DOWNSTAIRS | Source = PC-Doctor | ID = 1
Description = (2556) Asapi: (19:24:24:0920)(2556) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale:
PCDLocale: language = en, customer = lenovo, variant = ltt

Error - 6/27/2011 8:24:24 PM | Computer Name = DOWNSTAIRS | Source = PC-Doctor | ID = 1
Description = (2556) Asapi: (19:24:24:0920)(2556) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale:
PCDLocale: language = en, customer = lenovo, variant = ltt

Error - 6/27/2011 8:25:23 PM | Computer Name = DOWNSTAIRS | Source = PC-Doctor | ID = 1
Description = (2556) Asapi: (19:25:23:1270)(2556) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.LenovoCare.title locale: PCDLocale:
language = en, customer = lenovo, variant = ltt

Error - 6/27/2011 8:25:23 PM | Computer Name = DOWNSTAIRS | Source = PC-Doctor | ID = 1
Description = (2556) Asapi: (19:25:23:1470)(2556) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.LenovoCare.body locale: PCDLocale:
language = en, customer = lenovo, variant = ltt

Error - 6/27/2011 8:25:23 PM | Computer Name = DOWNSTAIRS | Source = PC-Doctor | ID = 1
Description = (2556) Asapi: (19:25:23:1470)(2556) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale:
language = en, customer = lenovo, variant = ltt

Error - 6/27/2011 8:25:23 PM | Computer Name = DOWNSTAIRS | Source = PC-Doctor | ID = 1
Description = (2556) Asapi: (19:25:23:1470)(2556) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale:
language = en, customer = lenovo, variant = ltt

Error - 6/28/2011 7:43:26 PM | Computer Name = DOWNSTAIRS | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 6/28/2011 7:59:07 PM | Computer Name = DOWNSTAIRS | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 6/28/2011 7:34:50 PM | Computer Name = DOWNSTAIRS | Source = Service Control Manager | ID = 7000
Description = The PMEM service failed to start due to the following error: %%2

Error - 6/28/2011 8:02:48 PM | Computer Name = DOWNSTAIRS | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.

Error - 6/28/2011 8:07:32 PM | Computer Name = DOWNSTAIRS | Source = Service Control Manager | ID = 7001
Description = The Infrared Monitor service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 6/28/2011 8:07:32 PM | Computer Name = DOWNSTAIRS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 6/28/2011 8:07:32 PM | Computer Name = DOWNSTAIRS | Source = Service Control Manager | ID = 7000
Description = The NICSer_WPC54G service failed to start due to the following error:
%%2

Error - 6/28/2011 8:07:32 PM | Computer Name = DOWNSTAIRS | Source = Service Control Manager | ID = 7000
Description = The PMEM service failed to start due to the following error: %%2

Error - 6/28/2011 8:30:32 PM | Computer Name = DOWNSTAIRS | Source = Service Control Manager | ID = 7001
Description = The Infrared Monitor service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 6/28/2011 8:30:32 PM | Computer Name = DOWNSTAIRS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 6/28/2011 8:30:32 PM | Computer Name = DOWNSTAIRS | Source = Service Control Manager | ID = 7000
Description = The NICSer_WPC54G service failed to start due to the following error:
%%2

Error - 6/28/2011 8:30:32 PM | Computer Name = DOWNSTAIRS | Source = Service Control Manager | ID = 7000
Description = The PMEM service failed to start due to the following error: %%2


< End of report >

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:13 PM

Posted 29 June 2011 - 09:18 AM

Hi!

Glad to hear you got the internet access back.

Do you recognize these files?

[2011/06/11 22:38:18 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\._redir.html
[2011/06/11 22:38:16 | 000,068,641 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\redir.html
[2011/06/11 22:31:42 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\._.TemporaryItems


Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


NEXT:



Please advise on what I can do to get a full Stealth Code scan. I'll post the OTL results in next response.

We'll try a different scanner instead:

Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



This is a manual fix for XP users:

1. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\1
and paste it to this folder:
C:\Documents and Settings\All Users\Start Menu

2. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\2
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch

3. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\3
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

4. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\4
and paste it to this folder:
C:\Documents and Settings\All Users\Desktop

If the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:
For any other missing program shortcuts you will probably need to reinstall the application or manually create new shortcuts.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
    [2010/04/16 05:42:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/17 20:29:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/17 16:42:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/17 21:17:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/04/03 11:13:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/05/15 11:42:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1594262684-1113360583-1003154156-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKU\.DEFAULT..\Run: [ALUAlert] File not found
    O4 - HKU\S-1-5-18..\Run: [ALUAlert] File not found
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\RunOnce: [configmsi] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\RunOnce: [supportdir] File not found
    O4 - HKU\S-1-5-18..\RunOnce: [configmsi] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [supportdir] File not found
    O9 - Extra 'Tools' menuitem : Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - Reg Error: Value error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} http://www.omnitrader.com/omnitrader/support/ot2006/updater/installer/setup.exe (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Value error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
    O33 - MountPoints2\{5d07bea1-c78a-11d8-a8b7-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{5d07bea1-c78a-11d8-a8b7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5d07bea1-c78a-11d8-a8b7-806d6172696f}\Shell\AutoRun\command - "" = E:\drivercd.exe
    [2011/06/12 21:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Desktop\AVG 10
    [2011/06/12 21:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Potts\Desktop\AVG 9
    [2011/06/19 17:24:22 | 000,004,096 | -H-- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\._gmer.exe
    [2011/06/19 17:21:00 | 000,004,096 | -H-- | M] () -- C:\Documents and Settings\Christopher Potts\Desktop\._dds.scr
    [2011/06/11 20:22:30 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17030948
    [2010/04/12 18:36:12 | 000,015,686 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1457860140
    [2010/04/12 18:33:47 | 000,015,606 | -HS- | C] () -- C:\Documents and Settings\Christopher Potts\Local Settings\Application Data\1457860140
    [2010/04/12 17:41:24 | 000,015,670 | -HS- | C] () -- C:\Documents and Settings\Christopher Potts\Local Settings\Application Data\2NuQ8xsDJJ1
    [2010/04/12 17:41:24 | 000,015,670 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2NuQ8xsDJJ1
    
    :Reg
    
    :Files
    C:\WINDOWS\tasks\At*.job
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 cp123

cp123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 30 June 2011 - 06:50 AM

Hey ST,

Those files I don't recognize. However, the time/date sound about right for when I got infected.

Manual fix for XP users: There was no data in smtmp\2 folder. smtmp\3 and smtmp\4 folders do not exist. So I ran accrestore.zip and admintools.zip.

Ran Gmer as wel as OTL. Rebooted after OTL fix. Lost my wireless connection. Crud! (posting this off my other computer)

I'll post my Gmer log later...heading off to work now.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:13 PM

Posted 30 June 2011 - 11:09 AM

Okay. I'll remove those files in question later than.

I'll await your response with the GMER log. :)

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 cp123

cp123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 30 June 2011 - 09:22 PM

wireless connection still down...too tired to do much more than post the results of Gmer.exe below. Sorry!

Well...post too long. So I'll post the 1st half here and the 2nd half in the next post.


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-30 05:38:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS548040M9AT00 rev.MG2OA5BA
Running: gmer.exe; Driver: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\fxdiyfob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB2F83202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB2FE9CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB2FA76C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB2F8581C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB2F85874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB2F8598A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB2FA7075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB2F85772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB2F858C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB2F857C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB2F85938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB2F83226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB2FA7D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB2FA803D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB2F85C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB2FA7BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB2FA7A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB2FE9D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB2F82FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB2F8324A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB2F85D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB2F83CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB2F8584C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB2F8589C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB2F859B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB2FA73D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB2F8579E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB2F85A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB2F85904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB2F857F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB2F85B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB2F85962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB2FE9DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB2FA78D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB2F83BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB2FA772A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB2FF2E48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB2FA66E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB2F8326E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB2F83292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB2F8304A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB2F83186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB2FA7E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB2F83162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB2F831AA]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB311D620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB2F832B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB2FFF902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text TUKERNEL.EXE!_abnormal_termination + 37C 804E29D8 4 Bytes CALL D5012443
PAGE TUKERNEL.EXE!ObInsertObject 8056503A 5 Bytes JMP B2FFCD5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE TUKERNEL.EXE!CcUnpinDataForThread + 40A 8056B712 4 Bytes CALL B2F84335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE TUKERNEL.EXE!PsSetProcessWin32Process + 122 8057FC6C 7 Bytes JMP B2FFF906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE TUKERNEL.EXE!ObMakeTemporaryObject 8059F85D 5 Bytes JMP B2FFB2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP B2F86CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B2F86BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP B2F85F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP B2F86E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP B2F87040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP B2F86B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP B2F85FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP B2F861AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP B2F86352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP B2F85E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP B2F86C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP B2F86F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP B2F8632A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP B2F85E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP B2F86D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP B2F8606A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP B2F860DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP B2F86114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP B2F85DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP B2F85F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP B2F86034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP B2F8646C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP B2F86EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[344] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[344] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[344] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[344] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[344] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[344] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[344] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[344] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[344] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[344] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[344] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[344] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[344] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[364] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[364] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[364] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\TpShocks.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\TpShocks.exe[380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\TpShocks.exe[380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\TpShocks.exe[380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\TpShocks.exe[380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\TpShocks.exe[380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\TpShocks.exe[380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\TpShocks.exe[380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\TpShocks.exe[380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\TpShocks.exe[380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\TpShocks.exe[380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\TpShocks.exe[380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\TpShocks.exe[380] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\TpShocks.exe[380] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\TpShocks.exe[380] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\TpShocks.exe[380] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\TpShocks.exe[380] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe[432] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\alg.exe[460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[460] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[460] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[460] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[460] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[460] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[460] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[460] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[460] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[460] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[460] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[460] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[708] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CB354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CB3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[756] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CB4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[872] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[872] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[872] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[872] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[872] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\CTsvcCDA.exe[948] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[988] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\svchost.exe[1020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006A1014
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006A0804
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006A0A08
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006A0C0C
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006A0E10
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006A01F8
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006A03FC
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006A0600
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006B0804
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006B0A08
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006B0600
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006B01F8
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[1100] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006B03FC
.text C:\Program Files\WebDrive\webdrive.exe[1116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\WebDrive\webdrive.exe[1116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\WebDrive\webdrive.exe[1116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\WebDrive\webdrive.exe[1116] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\WebDrive\webdrive.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\WebDrive\webdrive.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\WebDrive\webdrive.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\WebDrive\webdrive.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\WebDrive\webdrive.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\WebDrive\webdrive.exe[1116] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\WebDrive\webdrive.exe[1116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\WebDrive\webdrive.exe[1116] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\WebDrive\webdrive.exe[1116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\WebDrive\webdrive.exe[1116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\WebDrive\webdrive.exe[1116] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\WebDrive\webdrive.exe[1116] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\WebDrive\webdrive.exe[1116] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[1204] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[1244] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\svchost.exe[1280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1280] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1280] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1280] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1280] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1280] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1280] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1280] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe[1356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004E1014
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004E0804
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004E0A08
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004E0C0C
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004E0E10
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004E01F8
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004E03FC
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004E0600
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004F0804
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004F0A08
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004F0600
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004F01F8
.text C:\Program Files\IBM\Security\uvmserv.exe[1388] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004F03FC
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\spoolsv.exe[1516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1516] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1516] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1516] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1516] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1516] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1516] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1516] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1516] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1516] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1516] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1516] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1516] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044C909 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1592] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\System32\smss.exe[1596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\System32\ibmsmbus.exe[1632] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1716] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\csrss.exe[1720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1720] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1744] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[1744] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1744] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1744] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[1744] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[1744] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1744] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[1744] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[1744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[1744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[1744] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[1744] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\RunDll32.exe[1780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\RunDll32.exe[1780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\RunDll32.exe[1780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\RunDll32.exe[1780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\RunDll32.exe[1780] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\RunDll32.exe[1780] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\RunDll32.exe[1780] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\RunDll32.exe[1780] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\RunDll32.exe[1780] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\RunDll32.exe[1780] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\RunDll32.exe[1780] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\RunDll32.exe[1780] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\RunDll32.exe[1780] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\RunDll32.exe[1780] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\RunDll32.exe[1780] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\RunDll32.exe[1780] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\RunDll32.exe[1780] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1788] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1788] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1788] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1788] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1788] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1788] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1788] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1788] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1788] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1788] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1788] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1788] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1788] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1788] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1800] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1800] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1800] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1800] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1800] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804

#10 cp123

cp123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 30 June 2011 - 09:27 PM

Bizarre...I've tried to paste the 2nd half of the Gmer text twice and the browser hangs and won't post it.

Posting this just to see if I can post something!

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:13 PM

Posted 30 June 2011 - 09:28 PM

Okay. Can you attempt to attach it for me?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 cp123

cp123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 30 June 2011 - 09:29 PM

OK...that worked.

Here's the 2nd half of the Gmer text....


.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ibmpmsvc.exe[1980] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[2040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2056] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[2100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[2100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[2100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[2100] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[2100] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[2100] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[2112] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\System32\TPHDEXLG.exe[2168] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\TpKmpSVC.exe[2200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[2216] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\WebDrive\wdservice.exe[2276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\WebDrive\wdservice.exe[2276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\WebDrive\wdservice.exe[2276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\WebDrive\wdservice.exe[2276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\WebDrive\wdservice.exe[2276] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\WebDrive\wdservice.exe[2276] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\WebDrive\wdservice.exe[2276] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\WebDrive\wdservice.exe[2276] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\WebDrive\wdservice.exe[2276] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\WebDrive\wdservice.exe[2276] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\WebDrive\wdservice.exe[2276] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\WebDrive\wdservice.exe[2276] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\WebDrive\wdservice.exe[2276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\WebDrive\wdservice.exe[2276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\WebDrive\wdservice.exe[2276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\WebDrive\wdservice.exe[2276] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\WebDrive\wdservice.exe[2276] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[2292] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\MsPMSPSv.exe[2372] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\PROGRA~1\IBM\Security\tsscore.exe[2384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004B1014
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004B0804
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004B0A08
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004B0C0C
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004B0E10
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004B01F8
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004B03FC
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004B0600
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004C0804
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004C0A08
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004C0600
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004C01F8
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2420] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004C03FC
.text c:\program files\lenovo\system update\suservice.exe[2456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\program files\lenovo\system update\suservice.exe[2456] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2596] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[2716] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[2812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[2812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[2812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[2812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[2812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[2812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[2812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[2812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[2812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[2812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[2812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[2812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2816] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\acs.exe[2852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\acs.exe[2852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\acs.exe[2852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\acs.exe[2852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\acs.exe[2852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\acs.exe[2852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\acs.exe[2852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\acs.exe[2852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\acs.exe[2852] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\acs.exe[2852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\acs.exe[2852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\acs.exe[2852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\acs.exe[2852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\acs.exe[2852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\acs.exe[2852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\acs.exe[2852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\acs.exe[2852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2872] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE[2900] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3112] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\iPod\bin\iPodService.exe[3228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\iPod\bin\iPodService.exe[3228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[3228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\iPod\bin\iPodService.exe[3228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[3228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\iPod\bin\iPodService.exe[3228] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\iPod\bin\iPodService.exe[3228] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\iPod\bin\iPodService.exe[3228] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\iPod\bin\iPodService.exe[3228] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\iPod\bin\iPodService.exe[3228] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\iPod\bin\iPodService.exe[3228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\iPod\bin\iPodService.exe[3228] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\iPod\bin\iPodService.exe[3228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\iPod\bin\iPodService.exe[3228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\iPod\bin\iPodService.exe[3228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\iPod\bin\iPodService.exe[3228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\iPod\bin\iPodService.exe[3228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3368] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044D359 C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit Malware Fighter/IObit)
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00AE1014
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00AE0804
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00AE0A08
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00AE0C0C
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00AE0E10
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00AE01F8
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AE03FC
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00AE0600
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AF0804
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AF0A08
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AF0600
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AF01F8
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[3388] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AF03FC
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3460] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe[3512] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\TpScrLk.exe[3528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\TpScrLk.exe[3528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\TpScrLk.exe[3528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\TpScrLk.exe[3528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\TpScrLk.exe[3528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\TpScrLk.exe[3528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\TpScrLk.exe[3528] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\TpScrLk.exe[3528] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\TpScrLk.exe[3528] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\TpScrLk.exe[3528] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\TpScrLk.exe[3528] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\TpScrLk.exe[3528] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\TpScrLk.exe[3528] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\TpScrLk.exe[3528] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\TpScrLk.exe[3528] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\TpScrLk.exe[3528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\TpScrLk.exe[3528] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3548] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00440804
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00440A08
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00440600
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004401F8
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] USER32.dll!UnhookWinEvent 7E4318AC 3 Bytes JMP 004403FC
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] USER32.dll!UnhookWinEvent + 4 7E4318B0 1 Byte [82]
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00451014
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00450804
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00450A08
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00450C0C
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00450E10
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004501F8
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004503FC
.text C:\PROGRA~1\IBM\Security\certtool.exe[3576] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00450600
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[3596] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe[3608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\RunDll32.exe[3728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\RunDll32.exe[3728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\RunDll32.exe[3728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\RunDll32.exe[3728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\RunDll32.exe[3728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\RunDll32.exe[3728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\RunDll32.exe[3728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\RunDll32.exe[3728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\RunDll32.exe[3728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\RunDll32.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\RunDll32.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\RunDll32.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\RunDll32.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\RunDll32.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\RunDll32.exe[3728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\RunDll32.exe[3728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\RunDll32.exe[3728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[3840] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[3840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3840] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[3840] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3840] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[3840] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[3840] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[3840] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[3840] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[3840] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[3840] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[3840] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[3840] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[3840] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[3840] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[3840] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[3840] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe[3848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe[3940] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AA0804
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AA0A08
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AA0600
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AA01F8
.text C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3996] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AA03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CB354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CB3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5480] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CB4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\WINDOWS\system32\notepad.exe[5996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\notepad.exe[5996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\notepad.exe[5996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\notepad.exe[5996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\notepad.exe[5996] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\notepad.exe[5996] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\notepad.exe[5996] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\notepad.exe[5996] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\notepad.exe[5996] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\notepad.exe[5996] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\notepad.exe[5996] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\notepad.exe[5996] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\notepad.exe[5996] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\notepad.exe[5996] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\notepad.exe[5996] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\notepad.exe[5996] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\notepad.exe[5996] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip UrlFilter.sys (URL Filter/IObit.com)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp UrlFilter.sys (URL Filter/IObit.com)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp UrlFilter.sys (URL Filter/IObit.com)
AttachedDevice \Driver\Tcpip \Device\RawIp UrlFilter.sys (URL Filter/IObit.com)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 38072
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8222EC66-85BD-499D-BCC0-E236B17910C8}@DhcpRetryTime 320
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8222EC66-85BD-499D-BCC0-E236B17910C8}@DhcpRetryStatus 1

---- EOF - GMER 1.0.15 ----

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:13 PM

Posted 30 June 2011 - 09:30 PM

Okay. Thanks for posting the GMER log for me. Please post the OTL fix log when you get a chance to run it.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 cp123

cp123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 30 June 2011 - 09:30 PM

Gmer attached in case you need it.

Attached Files

  • Attached File  Gmer.txt   253.54KB   0 downloads


#15 cp123

cp123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 30 June 2011 - 10:21 PM

Here's the OTL fix log.

Thanks ST!


��=




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users