Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some kind of infection


  • This topic is locked This topic is locked
11 replies to this topic

#1 Skyes

Skyes

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 19 July 2011 - 06:57 PM

About 4-5 days ago my task bar settings began disappearing; I kept getting machine debug popup whenever I tried to open anything. I tried restoring and that worked until I turned my computer on the next day. I have no idea what is going on and would appreciate any assistance you can provide.

DDS log:

DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Renee at 15:37:19 on 2011-07-19
.
============== Running Processes ================
.
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\stsystra.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Program Files\IObit\IObit Security 360\IS360tray.exe
D:\Program Files\Alwil Software\Avast5\avastUI.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Dell\QuickSet\quickset.exe
d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\IObit\IObit Security 360\IS360srv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\IObit\IObit Security 360\is360.exe
D:\Program Files\Cobian Backup 10\cbVSCService.exe
D:\Program Files\Cobian Backup 10\Cobian.exe
D:\Program Files\Cobian Backup 10\cbInterface.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k NetworkService
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
uProxyServer = 127.0.0.1:8080
uProxyOverride = local
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - d:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - d:\program files\lastpass\LPBar.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - d:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - d:\program files\lastpass\LPBar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [Advanced SystemCare 3] "d:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [SmartRAM] "d:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [KernelFaultCheck] d:\windows\system32\dumprep 0 -k
mRun: [HotKeysCmds] d:\windows\system32\hkcmd.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] d:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] d:\windows\system32\igfxtray.exe
mRun: [Persistence] d:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "d:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IObit Security 360] "d:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [avast] "d:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Dell QuickSet] d:\program files\dell\quickset\quickset.exe /tf Intel PROSet/Wireless
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoColorChoice = dword:0
uPolicies-System: NoSizeChoice = dword:0
uPolicies-System: NoVisualStyleChoice = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
uPolicies-System: RMH-4A = dword:2010
uPolicies-System: RMH-4B = dword:11
uPolicies-System: RMH-4C = dword:29
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - d:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///D:/Program%20Files/Text%20Twist/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276038652500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///D:/Program%20Files/Text%20Twist/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 24.205.192.61 24.205.224.36 68.116.46.115
TCP: Interfaces\{EFAAC4FC-94E4-440E-A86B-1310CFE15766} : DHCPNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - d:\program files\stardock\fences\FencesMenu.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "d:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "d:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
IFEO: Your Image File Name Here without a path - ntsd -d
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\renee\application data\mozilla\firefox\profiles\9ur3kvtv.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: d:\documents and settings\renee\application data\mozilla\firefox\profiles\9ur3kvtv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: d:\documents and settings\renee\application data\mozilla\firefox\profiles\9ur3kvtv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: d:\documents and settings\renee\application data\mozilla\firefox\profiles\9ur3kvtv.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: d:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: d:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin8.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-07-19 21:35:19 -------- d-----w- d:\documents and settings\renee\local settings\application data\Safe mirror
2011-07-19 21:34:27 -------- d-----w- d:\program files\Cobian Backup 10
2011-07-19 19:17:13 388096 ----a-r- d:\documents and settings\renee\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-19 19:17:12 -------- d-----w- d:\program files\Trend Micro
2011-07-19 18:40:15 -------- d-----w- d:\windows\system32\wbem\repository\FS
2011-07-19 18:40:15 -------- d-----w- d:\windows\system32\wbem\Repository
2011-07-19 18:37:55 -------- d-----w- d:\documents and settings\all users\application data\WinMaximizer
2011-07-19 18:28:15 -------- d-----w- d:\documents and settings\renee\application data\JQ
2011-07-19 18:26:36 -------- d-----w- d:\documents and settings\renee\local settings\application data\Oberon Media
2011-07-19 18:26:36 -------- d-----w- d:\documents and settings\renee\local settings\application data\JollyBear
2011-07-19 18:26:36 -------- d-----w- d:\documents and settings\renee\local settings\application data\il
2011-07-19 18:26:36 -------- d-----w- d:\documents and settings\renee\local settings\application data\fd
2011-07-19 18:26:35 -------- d-----w- d:\documents and settings\all users\application data\7Wonders2
2011-07-18 20:05:53 -------- d-----w- d:\documents and settings\renee\application data\Frozen Kingdom
2011-07-14 02:37:26 -------- d-----w- d:\program files\Speccy
2011-07-09 20:15:27 -------- d-----w- d:\documents and settings\renee\application data\VampireSagaHL
2011-07-09 18:45:20 -------- d-----w- d:\program files\JShot
2011-07-09 16:24:29 -------- d-----w- d:\documents and settings\renee\application data\unlimited illegal version 1.5 8 05476 646427-468-552
2011-07-09 15:59:23 -------- d-----w- d:\program files\Wisdom-soft ScreenHunter 5 Free
2011-07-06 16:30:38 -------- d-----w- d:\documents and settings\renee\application data\Braid
2011-07-06 16:27:50 -------- d-----w- d:\program files\City Interactive
2011-07-06 05:43:09 -------- d-----w- d:\documents and settings\renee\application data\Thinstall
2011-07-05 23:22:41 -------- d-----w- d:\program files\unlimited illegal version 1.5 8
2011-07-04 17:17:02 -------- d-----w- d:\documents and settings\renee\local settings\application data\Help
2011-07-03 20:30:13 -------- d-----w- d:\documents and settings\renee\application data\TreeCardGames
2011-07-03 20:30:13 -------- d-----w- d:\documents and settings\all users\application data\TreeCardGames
2011-07-03 20:30:00 -------- d-----w- d:\program files\Sudoku Up
2011-07-03 19:02:05 -------- d-----w- d:\program files\ToGo Game
2011-06-25 18:04:44 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-25 14:26:54 2106216 ----a-w- d:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-25 14:26:53 1998168 ----a-w- d:\program files\mozilla firefox\d3dx9_43.dll
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- d:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2011-06-02 14:02:05 1858944 ----a-w- d:\windows\system32\win32k.sys
2011-06-02 14:02:05 1858944 ----a-w- d:\windows\system32\win32k(2)(3).sys
2011-05-29 16:11:30 39984 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11:20 22712 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-05-04 11:52:22 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-05-04 09:25:49 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- d:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07:50 33280 ----a-w- d:\windows\system32\csrsrv.dll
2011-04-26 11:07:50 33280 ----a-w- d:\windows\system32\csrsrv(2)(3).dll
2011-04-26 11:07:50 293376 ----a-w- d:\windows\system32\winsrv.dll
2011-04-26 11:07:50 293376 ----a-w- d:\windows\system32\winsrv(2)(3).dll
2011-04-25 16:11:12 916480 ----a-w- d:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- d:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- d:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- d:\windows\system32\drivers\mup.sys
.
============= FINISH: 15:39:48.15 ===============



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-19 16:45:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2060BH rev.00850028
Running: gmer.exe; Driver: D:\DOCUME~1\Renee\LOCALS~1\Temp\kftcipoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAA09A202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAA235D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAA0BE6C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAA09C7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAA09C848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAA09C95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAA0BE075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAA09C746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAA09C898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAA09C79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAA09C90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAA09A226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAA0BED87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAA0BF03D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAA09CBE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAA0BEBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAA0BEA5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAA235E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAA099FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAA09A24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAA09CD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAA09ACDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAA09C820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAA09C870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAA09C988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAA0BE3D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAA09C772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAA09CA1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAA09C8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAA09C7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAA09CAFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAA09C936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAA235ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAA0BE8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAA09ABA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAA0BE72A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAA23E10E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAA0BD6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAA09A26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAA09A292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAA09A04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAA09A186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAA0BEE8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAA09A162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAA09A1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAA09A2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA24B398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D08 805045A4 4 Bytes [5D, EA, 0B, AA]
.text ntkrnlpa.exe!ZwCallbackReturn + 2E64 80504700 4 Bytes CALL B28EF110
.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [E8, D6, 0B, AA]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL AA09B335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP AA246D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP AA2487F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP AA24B39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP AA09DCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP AA09DBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP AA09CF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP AA09DE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP AA09E014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP AA09DB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP AA09CE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP AA09D180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP AA09D326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP AA09CE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP AA09DBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP AA09D2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP AA09DD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP AA09DF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP AA09CFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP AA09D03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP AA09D0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP AA09D0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP AA09CD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP AA09CEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP AA09D008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP AA09D440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP AA09DECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? D:\DOCUME~1\Renee\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00810804
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00810A08
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00810600
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 008101F8
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 008103FC
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00821014
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00820804
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00820A08
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00820C0C
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00820E10
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 008201F8
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008203FC
.text D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[192] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 00820600
.text D:\WINDOWS\system32\hkcmd.exe[492] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\hkcmd.exe[492] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text D:\WINDOWS\system32\hkcmd.exe[492] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\hkcmd.exe[492] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text D:\WINDOWS\system32\hkcmd.exe[492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\WINDOWS\system32\hkcmd.exe[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\system32\hkcmd.exe[492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\WINDOWS\system32\hkcmd.exe[492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01320001
.text D:\WINDOWS\system32\hkcmd.exe[492] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text D:\WINDOWS\system32\hkcmd.exe[492] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text D:\WINDOWS\system32\hkcmd.exe[492] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\system32\hkcmd.exe[492] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text D:\WINDOWS\system32\hkcmd.exe[492] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text D:\WINDOWS\system32\hkcmd.exe[492] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text D:\WINDOWS\system32\hkcmd.exe[492] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text D:\WINDOWS\system32\hkcmd.exe[492] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text D:\WINDOWS\system32\hkcmd.exe[492] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text D:\WINDOWS\system32\hkcmd.exe[492] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\hkcmd.exe[492] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text D:\WINDOWS\system32\hkcmd.exe[492] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text D:\WINDOWS\system32\hkcmd.exe[492] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text D:\WINDOWS\system32\hkcmd.exe[492] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text D:\WINDOWS\system32\hkcmd.exe[492] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text D:\WINDOWS\system32\hkcmd.exe[492] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text D:\WINDOWS\system32\hkcmd.exe[492] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text D:\WINDOWS\system32\hkcmd.exe[492] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text D:\WINDOWS\system32\hkcmd.exe[492] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text D:\WINDOWS\stsystra.exe[540] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\stsystra.exe[540] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text D:\WINDOWS\stsystra.exe[540] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\stsystra.exe[540] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text D:\WINDOWS\stsystra.exe[540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text D:\WINDOWS\stsystra.exe[540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\stsystra.exe[540] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text D:\WINDOWS\stsystra.exe[540] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 018B0001
.text D:\WINDOWS\stsystra.exe[540] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text D:\WINDOWS\stsystra.exe[540] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text D:\WINDOWS\stsystra.exe[540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\stsystra.exe[540] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text D:\WINDOWS\stsystra.exe[540] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text D:\WINDOWS\stsystra.exe[540] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text D:\WINDOWS\stsystra.exe[540] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text D:\WINDOWS\stsystra.exe[540] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text D:\WINDOWS\stsystra.exe[540] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text D:\WINDOWS\stsystra.exe[540] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\stsystra.exe[540] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text D:\WINDOWS\stsystra.exe[540] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text D:\WINDOWS\stsystra.exe[540] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text D:\WINDOWS\stsystra.exe[540] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text D:\WINDOWS\stsystra.exe[540] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text D:\WINDOWS\stsystra.exe[540] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text D:\WINDOWS\stsystra.exe[540] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text D:\WINDOWS\stsystra.exe[540] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text D:\WINDOWS\stsystra.exe[540] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\WINDOWS\system32\igfxsrvc.exe[548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01630001
.text D:\WINDOWS\system32\igfxsrvc.exe[548] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text D:\WINDOWS\system32\igfxsrvc.exe[548] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text D:\WINDOWS\system32\igfxsrvc.exe[548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\system32\igfxsrvc.exe[548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text D:\WINDOWS\system32\igfxsrvc.exe[548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text D:\WINDOWS\system32\igfxsrvc.exe[548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text D:\WINDOWS\system32\igfxsrvc.exe[548] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text D:\WINDOWS\system32\igfxsrvc.exe[548] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text D:\WINDOWS\system32\igfxsrvc.exe[548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015D0001
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text D:\Program Files\Synaptics\SynTP\SynTPEnh.exe[556] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text D:\WINDOWS\system32\igfxpers.exe[572] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\igfxpers.exe[572] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text D:\WINDOWS\system32\igfxpers.exe[572] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\igfxpers.exe[572] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text D:\WINDOWS\system32\igfxpers.exe[572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\WINDOWS\system32\igfxpers.exe[572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\system32\igfxpers.exe[572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\WINDOWS\system32\igfxpers.exe[572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01490001
.text D:\WINDOWS\system32\igfxpers.exe[572] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text D:\WINDOWS\system32\igfxpers.exe[572] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text D:\WINDOWS\system32\igfxpers.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\system32\igfxpers.exe[572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text D:\WINDOWS\system32\igfxpers.exe[572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text D:\WINDOWS\system32\igfxpers.exe[572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text D:\WINDOWS\system32\igfxpers.exe[572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text D:\WINDOWS\system32\igfxpers.exe[572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text D:\WINDOWS\system32\igfxpers.exe[572] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text D:\WINDOWS\system32\igfxpers.exe[572] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\igfxpers.exe[572] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text D:\WINDOWS\system32\igfxpers.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text D:\WINDOWS\system32\igfxpers.exe[572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text D:\WINDOWS\system32\igfxpers.exe[572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text D:\WINDOWS\system32\igfxpers.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text D:\WINDOWS\system32\igfxpers.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text D:\WINDOWS\system32\igfxpers.exe[572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text D:\WINDOWS\system32\igfxpers.exe[572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text D:\WINDOWS\system32\igfxpers.exe[572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02140001
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text D:\Program Files\Microsoft IntelliPoint\ipoint.exe[580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text D:\Program Files\IObit\IObit Security 360\IS360tray.exe[588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text D:\Program Files\Alwil Software\Avast5\avastUI.exe[604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Alwil Software\Avast5\avastUI.exe[604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BE0001
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text D:\WINDOWS\System32\smss.exe[880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 07040001
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text D:\Program Files\Dell\QuickSet\quickset.exe[920] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text D:\WINDOWS\system32\csrss.exe[948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\system32\csrss.exe[948] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text D:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text D:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text D:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text D:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text D:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text D:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text D:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text D:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text D:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text D:\WINDOWS\system32\winlogon.exe[972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text D:\WINDOWS\system32\winlogon.exe[972] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text D:\WINDOWS\system32\winlogon.exe[972] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text D:\WINDOWS\system32\winlogon.exe[972] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text D:\WINDOWS\system32\winlogon.exe[972] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text D:\WINDOWS\system32\ctfmon.exe[996] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\ctfmon.exe[996] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text D:\WINDOWS\system32\ctfmon.exe[996] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\ctfmon.exe[996] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text D:\WINDOWS\system32\ctfmon.exe[996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text D:\WINDOWS\system32\ctfmon.exe[996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\system32\ctfmon.exe[996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text D:\WINDOWS\system32\ctfmon.exe[996] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001
.text D:\WINDOWS\system32\ctfmon.exe[996] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text D:\WINDOWS\system32\ctfmon.exe[996] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text D:\WINDOWS\system32\ctfmon.exe[996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\system32\ctfmon.exe[996] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text D:\WINDOWS\system32\ctfmon.exe[996] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\ctfmon.exe[996] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text D:\WINDOWS\system32\ctfmon.exe[996] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text D:\WINDOWS\system32\ctfmon.exe[996] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text D:\WINDOWS\system32\ctfmon.exe[996] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text D:\WINDOWS\system32\ctfmon.exe[996] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text D:\WINDOWS\system32\ctfmon.exe[996] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text D:\WINDOWS\system32\ctfmon.exe[996] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text D:\WINDOWS\system32\ctfmon.exe[996] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text D:\WINDOWS\system32\ctfmon.exe[996] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text D:\WINDOWS\system32\ctfmon.exe[996] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text D:\WINDOWS\system32\ctfmon.exe[996] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text D:\WINDOWS\system32\ctfmon.exe[996] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text D:\WINDOWS\system32\ctfmon.exe[996] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text D:\WINDOWS\system32\ctfmon.exe[996] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text D:\WINDOWS\system32\services.exe[1020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text D:\WINDOWS\system32\services.exe[1020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\system32\services.exe[1020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text D:\WINDOWS\system32\services.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text D:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text D:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text D:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text D:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text D:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text D:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text D:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text D:\WINDOWS\system32\services.exe[1020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text D:\WINDOWS\system32\services.exe[1020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text D:\WINDOWS\system32\services.exe[1020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text D:\WINDOWS\system32\services.exe[1020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text D:\WINDOWS\system32\services.exe[1020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text D:\WINDOWS\system32\lsass.exe[1032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text D:\WINDOWS\system32\lsass.exe[1032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\system32\lsass.exe[1032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text D:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text D:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text D:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text D:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text D:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text D:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text D:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text D:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text D:\WINDOWS\system32\lsass.exe[1032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text D:\WINDOWS\system32\lsass.exe[1032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text D:\WINDOWS\system32\lsass.exe[1032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text D:\WINDOWS\system32\lsass.exe[1032] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text D:\WINDOWS\system32\lsass.exe[1032] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text D:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text D:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text D:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text D:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text D:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text D:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text D:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text D:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text D:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text D:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text D:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text D:\WINDOWS\system32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text D:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text D:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text D:\WINDOWS\system32\svchost.exe[1208] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe[1228] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text D:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text D:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text D:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text D:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text D:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text D:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text D:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text D:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text D:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text D:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text D:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text D:\WINDOWS\system32\svchost.exe[1280] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text D:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text D:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text D:\WINDOWS\system32\svchost.exe[1280] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 019D0001
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00ED0804
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00ED0A08
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00ED0600
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00ED01F8
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1332] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00ED03FC
.text D:\WINDOWS\system32\spoolsv.exe[1340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text D:\WINDOWS\system32\spoolsv.exe[1340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\system32\spoolsv.exe[1340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text D:\WINDOWS\system32\spoolsv.exe[1340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\system32\spoolsv.exe[1340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text D:\WINDOWS\system32\spoolsv.exe[1340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text D:\WINDOWS\system32\spoolsv.exe[1340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text D:\WINDOWS\system32\spoolsv.exe[1340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text D:\WINDOWS\system32\spoolsv.exe[1340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text D:\WINDOWS\system32\spoolsv.exe[1340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text D:\WINDOWS\system32\spoolsv.exe[1340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text D:\WINDOWS\system32\spoolsv.exe[1340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text D:\WINDOWS\system32\spoolsv.exe[1340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text D:\WINDOWS\system32\spoolsv.exe[1340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text D:\WINDOWS\system32\spoolsv.exe[1340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text D:\WINDOWS\system32\spoolsv.exe[1340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text D:\WINDOWS\system32\spoolsv.exe[1340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text D:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text D:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text D:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text D:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text D:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text D:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text D:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text D:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text D:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text D:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text D:\WINDOWS\System32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text D:\WINDOWS\System32\svchost.exe[1424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text D:\WINDOWS\System32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text D:\WINDOWS\System32\svchost.exe[1424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text D:\WINDOWS\System32\svchost.exe[1424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text D:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text D:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text D:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text D:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text D:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text D:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text D:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text D:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text D:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text D:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text D:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text D:\WINDOWS\system32\svchost.exe[1732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text D:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text D:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text D:\WINDOWS\system32\svchost.exe[1732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text D:\WINDOWS\Explorer.EXE[1852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text D:\WINDOWS\Explorer.EXE[1852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\Explorer.EXE[1852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text D:\WINDOWS\Explorer.EXE[1852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02DF0001
.text D:\WINDOWS\Explorer.EXE[1852] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text D:\WINDOWS\Explorer.EXE[1852] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text D:\WINDOWS\Explorer.EXE[1852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\Explorer.EXE[1852] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text D:\WINDOWS\Explorer.EXE[1852] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\Explorer.EXE[1852] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text D:\WINDOWS\Explorer.EXE[1852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text D:\WINDOWS\Explorer.EXE[1852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text D:\WINDOWS\Explorer.EXE[1852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text D:\WINDOWS\Explorer.EXE[1852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text D:\WINDOWS\Explorer.EXE[1852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text D:\WINDOWS\Explorer.EXE[1852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text D:\WINDOWS\Explorer.EXE[1852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text D:\WINDOWS\Explorer.EXE[1852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text D:\WINDOWS\Explorer.EXE[1852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text D:\WINDOWS\Explorer.EXE[1852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text D:\WINDOWS\Explorer.EXE[1852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text D:\WINDOWS\Explorer.EXE[1852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text D:\WINDOWS\Explorer.EXE[1852] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text D:\WINDOWS\System32\svchost.exe[1904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text D:\WINDOWS\System32\svchost.exe[1904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\System32\svchost.exe[1904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text D:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text D:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text D:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text D:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text D:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text D:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text D:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text D:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text D:\WINDOWS\System32\svchost.exe[1904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text D:\WINDOWS\System32\svchost.exe[1904] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text D:\WINDOWS\System32\svchost.exe[1904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text D:\WINDOWS\System32\svchost.exe[1904] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text D:\WINDOWS\System32\svchost.exe[1904] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text D:\Program Files\Alwil Software\Avast5\AvastSvc.exe[2040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Alwil Software\Avast5\AvastSvc.exe[2040] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text D:\Program Files\Alwil Software\Avast5\AvastSvc.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B60001
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B91014
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B90804
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B90A08
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B90C0C
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B90E10
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 00B901F8
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 00B903FC
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B90600
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BA0804
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00BA0A08
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00BA0600
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00BA01F8
.text D:\Documents and Settings\Renee\Desktop\gmer\gmer.exe[2292] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00BA03FC
.text D:\WINDOWS\System32\alg.exe[2356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text D:\WINDOWS\System32\alg.exe[2356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\System32\alg.exe[2356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text D:\WINDOWS\System32\alg.exe[2356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\System32\alg.exe[2356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text D:\WINDOWS\System32\alg.exe[2356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text D:\WINDOWS\System32\alg.exe[2356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text D:\WINDOWS\System32\alg.exe[2356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text D:\WINDOWS\System32\alg.exe[2356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text D:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text D:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text D:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text D:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text D:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text D:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text D:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text D:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text D:\WINDOWS\System32\svchost.exe[2928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text D:\WINDOWS\System32\svchost.exe[2928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\System32\svchost.exe[2928] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text D:\WINDOWS\System32\svchost.exe[2928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\System32\svchost.exe[2928] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text D:\WINDOWS\System32\svchost.exe[2928] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text D:\WINDOWS\System32\svchost.exe[2928] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text D:\WINDOWS\System32\svchost.exe[2928] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text D:\WINDOWS\System32\svchost.exe[2928] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text D:\WINDOWS\System32\svchost.exe[2928] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text D:\WINDOWS\System32\svchost.exe[2928] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text D:\WINDOWS\System32\svchost.exe[2928] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text D:\WINDOWS\System32\svchost.exe[2928] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text D:\WINDOWS\System32\svchost.exe[2928] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text D:\WINDOWS\System32\svchost.exe[2928] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text D:\WINDOWS\System32\svchost.exe[2928] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text D:\WINDOWS\System32\svchost.exe[2928] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text D:\Program Files\IObit\IObit Security 360\IS360srv.exe[2976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text D:\Program Files\Java\jre6\bin\jqs.exe[3060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[3224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[3224] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Cobian Backup 10\cbVSCService.exe[3384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Cobian Backup 10\cbVSCService.exe[3384] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002501F8
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002503FC
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00801014
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00800804
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00800A08
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00800C0C
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00800E10
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 008001F8
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008003FC
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00800600
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00810804
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00810A08
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00810600
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 008101F8
.text D:\Program Files\IObit\IObit Security 360\is360.exe[3640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 008103FC
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3692] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text D:\WINDOWS\system32\svchost.exe[3772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text D:\WINDOWS\system32\svchost.exe[3772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[3772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text D:\WINDOWS\system32\svchost.exe[3772] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[3772] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text D:\WINDOWS\system32\svchost.exe[3772] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text D:\WINDOWS\system32\svchost.exe[3772] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text D:\WINDOWS\system32\svchost.exe[3772] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text D:\WINDOWS\system32\svchost.exe[3772] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text D:\WINDOWS\system32\svchost.exe[3772] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text D:\WINDOWS\system32\svchost.exe[3772] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text D:\WINDOWS\system32\svchost.exe[3772] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text D:\WINDOWS\system32\svchost.exe[3772] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text D:\WINDOWS\system32\svchost.exe[3772] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text D:\WINDOWS\system32\svchost.exe[3772] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text D:\WINDOWS\system32\svchost.exe[3772] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text D:\WINDOWS\system32\svchost.exe[3772] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006F1014
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006F0804
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006F0A08
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006F0C0C
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006F0E10
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006F01F8
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006F03FC
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006F0600
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00700804
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104A5451 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00700A08
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00700600
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007001F8
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007003FC
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4232] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104A5A99 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007D1014
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007D0804
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 007D0A08
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 007D0C0C
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 007D0E10
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007D01F8
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007D03FC
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007D0600
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007E0804
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 007E0A08
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 007E0600
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007E01F8
.text D:\Program Files\Mozilla Firefox\firefox.exe[5236] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007E03FC
.text D:\WINDOWS\system32\sol.exe[5620] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\sol.exe[5620] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text D:\WINDOWS\system32\sol.exe[5620] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\sol.exe[5620] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text D:\WINDOWS\system32\sol.exe[5620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text D:\WINDOWS\system32\sol.exe[5620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\WINDOWS\system32\sol.exe[5620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text D:\WINDOWS\system32\sol.exe[5620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001
.text D:\WINDOWS\system32\sol.exe[5620] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text D:\WINDOWS\system32\sol.exe[5620] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text D:\WINDOWS\system32\sol.exe[5620] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\WINDOWS\system32\sol.exe[5620] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text D:\WINDOWS\system32\sol.exe[5620] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text D:\WINDOWS\system32\sol.exe[5620] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text D:\WINDOWS\system32\sol.exe[5620] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text D:\WINDOWS\system32\sol.exe[5620] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text D:\WINDOWS\system32\sol.exe[5620] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text D:\WINDOWS\system32\sol.exe[5620] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text D:\WINDOWS\system32\sol.exe[5620] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text D:\WINDOWS\system32\sol.exe[5620] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text D:\WINDOWS\system32\sol.exe[5620] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text D:\WINDOWS\system32\sol.exe[5620] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text D:\WINDOWS\system32\sol.exe[5620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text D:\WINDOWS\system32\sol.exe[5620] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text D:\WINDOWS\system32\sol.exe[5620] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text D:\WINDOWS\system32\sol.exe[5620] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text D:\WINDOWS\system32\sol.exe[5620] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs pffilter.sys (Protected Folder filter driver/IObit Information Technology)
AttachedDevice \FileSystem\Ntfs \Ntfs pffilter.sys (Protected Folder filter driver/IObit Information Technology)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat pffilter.sys (Protected Folder filter driver/IObit Information Technology)
AttachedDevice \FileSystem\Fastfat \Fat pffilter.sys (Protected Folder filter driver/IObit Information Technology)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE8E8BBE-E189-E583-D245-9374CC0C31F7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE8E8BBE-E189-E583-D245-9374CC0C31F7}@japhicihaoebjemihifa 0x6F 0x61 0x69 0x65 ...

---- Files - GMER 1.0.15 ----

File D:\Documents and Settings\All Users\Application Data\IObit\Protected Folder\config.ini 81 bytes
File D:\Documents and Settings\All Users\Application Data\IObit\Protected Folder\drawposs.db 21 bytes
File D:\Documents and Settings\All Users\Application Data\IObit\Protected Folder\fstile.cds 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by Skyes, 19 July 2011 - 07:08 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:30 AM

Posted 02 August 2011 - 09:36 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Skyes

Skyes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 02 August 2011 - 10:33 AM

My Problems are varied: missing dll files; the taskbar and sys tray are different everyday and sometimes my internet connections disappear. I have used Advanced System Care and CCleaner regularly but always come up with problems in the registry. Something went screwy and I do not have a clue when or how.

I use a 6 year old Dell Inspiron E1705 32 bit XP; 50g hard drive 1g memory. I do not have a windows cd.

I am so grateful for your assistance that I have no complaints about the time it may take and I will check back several times a day.




OTL logfile created on: 8/2/2011 8:02:21 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = D:\Documents and Settings\Renee\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 635.69 Mb Available Physical Memory | 62.67% Memory free
2.38 Gb Paging File | 1.89 Gb Available in Paging File | 79.10% Paging File free
Paging file location(s): D:\pagefile.sys 1524 1524 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 2.00 Gb Total Space | 1.38 Gb Free Space | 68.80% Space Free | Partition Type: FAT32
Drive D: | 52.47 Gb Total Space | 14.88 Gb Free Space | 28.36% Space Free | Partition Type: NTFS

Computer Name: RMH-45CEAB0FB | User Name: Renee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/02 08:00:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Renee\Desktop\OTL.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- D:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/25 07:26:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/11 10:04:10 | 003,466,584 | ---- | M] (IObit) -- D:\Program Files\IObit\IObit Security 360\is360.exe
PRC - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- D:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010/08/10 15:10:58 | 002,349,776 | ---- | M] (IObit) -- D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/07/21 15:43:24 | 000,198,864 | ---- | M] (IObit) -- D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- D:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- D:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2006/09/08 15:43:50 | 001,036,288 | ---- | M] (Dell Inc) -- D:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/09/08 15:41:46 | 000,380,928 | ---- | M] (Dell Inc.) -- D:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- D:\WINDOWS\stsystra.exe
PRC - [2004/08/10 04:00:00 | 000,056,832 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\sol.exe


========== Modules (SafeList) ==========

MOD - [2011/08/02 08:00:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Renee\Desktop\OTL.exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- D:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2011/01/19 19:53:34 | 000,238,424 | ---- | M] (IObit) -- D:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (MDM)
SRV - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- D:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- D:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- D:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/09/08 15:41:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- D:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- D:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/03/16 19:00:46 | 000,140,848 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- D:\Program Files\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - [2009/12/30 12:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/16 09:33:38 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2007/02/15 10:48:14 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/08/17 08:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- D:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 18:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 17:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-842925246-1580818891-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-1580818891-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-842925246-1580818891-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: d:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: d:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: d:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: D:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/07/19 11:42:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/06/25 07:26:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/06/24 12:07:13 | 000,000,000 | ---D | M]

[2010/09/19 15:53:03 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Extensions
[2010/11/14 11:03:41 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions
[2010/11/13 20:31:50 | 000,000,000 | ---D | M] ("ColorfulTabs") -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2)
[2010/11/13 20:32:06 | 000,000,000 | ---D | M] (Flagfox) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2)
[2010/11/13 20:31:56 | 000,000,000 | ---D | M] (Image Zoom) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}(2)
[2010/11/13 20:32:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2010/11/13 20:31:51 | 000,000,000 | ---D | M] (DNS Flusher) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\{7d575baa-b543-11dc-8314-0800200c9a66}(2)
[2010/11/13 20:31:50 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(2)
[2010/11/13 20:31:58 | 000,000,000 | ---D | M] (AddonFox) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}(2)
[2010/11/13 20:31:56 | 000,000,000 | ---D | M] (ReminderFox) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(2)
[2010/11/13 20:31:56 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010/11/13 20:31:56 | 000,000,000 | ---D | M] (DownThemAll!) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(2)
[2010/11/13 20:31:58 | 000,000,000 | ---D | M] (Greasemonkey) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2)
[2010/11/13 20:31:55 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\ALone-live@ya(2).ru
[2010/11/13 20:31:51 | 000,000,000 | ---D | M] (Clear DNS Cache) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\cleardnscache@guoxiaod(2)
[2010/11/13 20:31:52 | 000,000,000 | ---D | M] (Illimitux) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\illimitux@illimitux(2).net
[2010/11/13 20:31:52 | 000,000,000 | ---D | M] (Smart Bookmarks 2.1) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\laviesaint@gmail(2).com
[2010/11/13 20:31:50 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\noia2_option@kk(2).noia
[2010/11/14 11:02:37 | 000,000,000 | ---D | M] (LastPass) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\support@lastpass.com
[2010/11/13 20:31:53 | 000,000,000 | ---D | M] (Bookmarks Toolbar Restyled) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\extensions\tgrsc@bkmarksRestyled(2)
[2011/07/19 19:05:22 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\9ur3kvtv.default\extensions
[2011/06/21 12:02:53 | 000,000,000 | ---D | M] (Flagfox) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\9ur3kvtv.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/01/17 20:55:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\9ur3kvtv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/10/21 17:30:43 | 000,000,000 | ---D | M] (DNS Flusher) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\9ur3kvtv.default\extensions\{7d575baa-b543-11dc-8314-0800200c9a66}
[2011/03/23 22:13:08 | 000,000,000 | ---D | M] (ReminderFox) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\9ur3kvtv.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/06/29 09:29:28 | 000,000,000 | ---D | M] (Google Redesigned) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\9ur3kvtv.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2011/03/05 00:52:28 | 000,000,000 | ---D | M] (cacaoweb) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\9ur3kvtv.default\extensions\cacaoweb@cacaoweb.org
[2011/01/30 10:35:40 | 000,000,000 | ---D | M] (Delete Site History) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\9ur3kvtv.default\extensions\deleteSiteHistory@cye3s.com
[2011/06/17 13:00:37 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\9ur3kvtv.default\extensions\foxyproxy@eric.h.jung
[2010/11/23 11:10:30 | 000,000,000 | ---D | M] (Illimitux) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\9ur3kvtv.default\extensions\illimitux@illimitux.net
[2010/09/19 16:17:15 | 000,000,000 | ---D | M] (Smart Bookmarks 2.1) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\9ur3kvtv.default\extensions\laviesaint@gmail.com
[2010/11/13 20:32:07 | 000,000,000 | ---D | M] (LastPass) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\9ur3kvtv.default\extensions\support@lastpass(2).com
[2011/06/21 12:02:50 | 000,000,000 | ---D | M] (LastPass) -- D:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\9ur3kvtv.default\extensions\support@lastpass.com
[2011/06/11 11:34:17 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2010/11/08 09:17:35 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 19:55:04 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/28 11:45:41 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/28 19:27:15 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/11 11:34:17 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/25 07:26:53 | 000,142,296 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- D:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - D:\Program Files\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files\LastPass\LPBar.dll (LastPass)
O3 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - No CLSID value found.
O3 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] D:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell QuickSet] D:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IObit Security 360] D:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] D:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-842925246-1580818891-725345543-1003..\Run: [Advanced SystemCare 3] D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-842925246-1580818891-725345543-1003..\Run: [SmartRAM] D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = D:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = D:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RMH-4A = 2010
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RMH-4B = 11
O7 - HKU\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RMH-4C = 29
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - D:\Program Files\LastPass\LPBar.dll (LastPass)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///D:/Program%20Files/Text%20Twist/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276038652500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///D:/Program%20Files/Text%20Twist/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - D:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: D:\Documents and Settings\Renee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Renee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/08 14:19:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - D:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5209AA19-84D8-007A-4E08-99719EBFC4BD} - Outlook Express
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 4.0 & Silverlight 3.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - d:\WINDOWS\system32\Rundll32.exe d:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - D:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{f548df6a-9bbd-4268-a68b-92f1e425c085} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3filter - D:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FMVC - D:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 14:29:05 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Renee\Recent
[2011/07/28 09:16:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Application Data\Blue Tea Games
[2011/07/28 09:11:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Macabre Mysteries - Curse of the Nightengale Collectors Edition
[2011/07/28 09:04:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\MacabreMysteriesCE
[2011/07/27 10:23:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Application Data\Jetdogs Studios
[2011/07/27 10:18:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\MillenniumSecrets2_RoxannesNecklaceWithGuide
[2011/07/27 10:07:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Application Data\Mayan Puzzle
[2011/07/27 10:06:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\MayanPuzzle
[2011/07/25 09:55:12 | 000,000,000 | ---D | C] -- D:\Program Files\PopCap Games
[2011/07/24 08:45:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\HiJack Reports
[2011/07/22 11:51:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\iobit_toolbox
[2011/07/22 11:24:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\Free Med Sites
[2011/07/21 21:11:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Application Data\Alawar Entertainment
[2011/07/21 21:07:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\Sacra Terra Angelic Night Collectors Edition
[2011/07/19 18:56:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\Security Software
[2011/07/19 15:34:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\Tech Stuff
[2011/07/19 14:35:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Local Settings\Application Data\Safe mirror
[2011/07/19 14:35:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 10
[2011/07/19 14:34:27 | 000,000,000 | ---D | C] -- D:\Program Files\Cobian Backup 10
[2011/07/19 12:17:12 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2011/07/19 12:17:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Start Menu\Programs\HiJackThis
[2011/07/19 12:12:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Echoes of the Past - Royal House of Stone
[2011/07/19 11:38:42 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Renee\Start Menu\Programs\Administrative Tools
[2011/07/19 11:37:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\WinMaximizer
[2011/07/19 11:26:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Local Settings\Application Data\Oberon Media
[2011/07/19 11:26:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Local Settings\Application Data\JollyBear
[2011/07/19 11:26:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Local Settings\Application Data\il
[2011/07/19 11:26:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Local Settings\Application Data\fd
[2011/07/18 13:11:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\EchoesPast1RHoS
[2011/07/14 14:32:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/14 14:30:59 | 003,216,552 | ---- | C] (Piriform Ltd) -- D:\Documents and Settings\Renee\Desktop\ccsetup308.exe
[2011/07/13 19:37:26 | 000,000,000 | ---D | C] -- D:\Program Files\Speccy
[2011/07/12 08:48:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\Wallpapers 24N1c3_S34shor3_W411p4p3rs
[2011/07/09 11:53:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\ScreenShots
[2011/07/09 11:45:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Start Menu\Programs\JShot
[2011/07/09 11:45:20 | 000,000,000 | ---D | C] -- D:\Program Files\JShot
[2011/07/09 08:59:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Free
[2011/07/09 08:59:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Free
[2011/07/09 08:59:23 | 000,000,000 | ---D | C] -- D:\Program Files\Wisdom-soft ScreenHunter 5 Free
[2011/07/08 14:58:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\CrazyChickenAtlantis_unpack&play
[2011/07/06 09:30:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Application Data\Braid
[2011/07/06 09:28:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\City Interactive
[2011/07/06 09:27:50 | 000,000,000 | ---D | C] -- D:\Program Files\City Interactive
[2011/07/06 09:23:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\Braid
[2011/07/05 22:43:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Application Data\Thinstall
[2011/07/05 22:40:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Desktop\Machinarium
[2011/07/05 20:53:45 | 000,000,000 | ---D | C] -- D:\Program Files\Apple Software Update
[2011/07/04 10:17:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Local Settings\Application Data\Help
[2011/07/03 13:30:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee\Application Data\TreeCardGames
[2011/07/03 13:30:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\TreeCardGames
[2011/07/03 13:30:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Sudoku Up
[2011/07/03 13:30:00 | 000,000,000 | ---D | C] -- D:\Program Files\Sudoku Up
[2011/07/03 12:02:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\ToGo Game
[2011/07/03 12:02:05 | 000,000,000 | ---D | C] -- D:\Program Files\ToGo Game
[2010/09/08 13:18:40 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- D:\Documents and Settings\Renee\Local Settings\Application Data\Process.exe
[2010/09/08 13:18:40 | 000,004,224 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\Renee\Local Settings\Application Data\beep.sys
[2010/09/08 13:18:39 | 029,634,504 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\Renee\Local Settings\Application Data\scan.exe
[2010/09/08 13:18:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\Renee\Local Settings\Application Data\tskill.exe
[1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/02 07:50:07 | 000,000,288 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/08/02 07:50:07 | 000,000,280 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/08/02 07:34:37 | 000,000,880 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/02 07:34:37 | 000,000,278 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1580818891-725345543-1003.job
[2011/08/02 07:34:35 | 000,000,308 | ---- | M] () -- D:\WINDOWS\tasks\WinMaximizer-Renee-Startup.job
[2011/08/02 07:34:35 | 000,000,270 | ---- | M] () -- D:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/02 07:33:07 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/08/01 20:23:00 | 000,000,884 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 14:30:22 | 000,001,050 | ---- | M] () -- D:\Documents and Settings\Renee\My Documents\cc_20110801_143015.reg
[2011/08/01 09:10:31 | 000,202,244 | ---- | M] () -- D:\Documents and Settings\Renee\Desktop\Medicaid Forms_2905-EG.pdf
[2011/08/01 08:29:12 | 000,000,422 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{ECB34CDC-EBCD-44C1-895B-4FD5C7E29C18}.job
[2011/07/30 09:41:00 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/28 09:12:56 | 000,001,470 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Macabre Mysteries - Curse of the Nightengale Collectors Edition.lnk
[2011/07/27 10:23:23 | 000,001,115 | ---- | M] () -- D:\Documents and Settings\Renee\Desktop\Shortcut to Millennium Secrets - Roxannes Necklace Strategy Guide.exe.lnk
[2011/07/27 10:23:16 | 000,001,002 | ---- | M] () -- D:\Documents and Settings\Renee\Desktop\Shortcut to MillenniumSecrets_RoxannesNecklace.exe.lnk
[2011/07/26 10:12:01 | 000,000,286 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1580818891-725345543-1003.job
[2011/07/26 09:20:38 | 022,838,413 | ---- | M] () -- D:\Documents and Settings\Renee\Desktop\Advanced.Uninstaller.PRO.v10.2.Cracked-MESMERiZE.rar
[2011/07/25 10:13:37 | 000,000,010 | ---- | M] () -- D:\WINDOWS\popcinfo.dat
[2011/07/25 10:11:30 | 000,000,024 | ---- | M] () -- D:\WINDOWS\popcinfot.dat
[2011/07/24 14:53:19 | 366,771,472 | ---- | M] () -- D:\Documents and Settings\Renee\Desktop\Greys.Anatomy.S07E21.HDTV.XviD-LOL.avi
[2011/07/22 11:57:46 | 000,000,606 | ---- | M] () -- D:\Documents and Settings\Renee\Desktop\Shortcut to Toolbox.exe.lnk
[2011/07/19 15:34:20 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Renee\defogger_reenable
[2011/07/19 12:12:57 | 000,001,144 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Echoes of the Past - Royal House of Stone.lnk
[2011/07/19 11:46:44 | 000,001,700 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/19 11:46:41 | 000,002,639 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2011/07/19 11:41:45 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/07/16 08:45:06 | 000,129,296 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 14:54:22 | 000,004,570 | ---- | M] () -- D:\Documents and Settings\Renee\My Documents\cc_20110714_145417.reg
[2011/07/14 14:33:38 | 000,000,694 | ---- | M] () -- D:\Documents and Settings\Renee\Desktop\CCleaner.lnk
[2011/07/14 14:32:24 | 000,000,682 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/14 14:31:25 | 003,216,552 | ---- | M] (Piriform Ltd) -- D:\Documents and Settings\Renee\Desktop\ccsetup308.exe
[2011/07/14 08:53:07 | 000,527,390 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2011/07/14 08:53:07 | 000,096,698 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2011/07/05 22:53:02 | 000,002,515 | ---- | M] () -- D:\Documents and Settings\Renee\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- D:\WINDOWS\avastSS.scr
[2011/07/04 04:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\aswBoot.exe
[2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 04:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/03 13:30:04 | 000,000,635 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Sudoku Up.lnk
[2011/07/03 12:03:08 | 000,002,365 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\GameHouse Sudoku.lnk
[1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/01 14:30:18 | 000,001,050 | ---- | C] () -- D:\Documents and Settings\Renee\My Documents\cc_20110801_143015.reg
[2011/08/01 09:10:31 | 000,202,244 | ---- | C] () -- D:\Documents and Settings\Renee\Desktop\Medicaid Forms_2905-EG.pdf
[2011/07/28 09:12:56 | 000,001,470 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Macabre Mysteries - Curse of the Nightengale Collectors Edition.lnk
[2011/07/27 10:23:23 | 000,001,115 | ---- | C] () -- D:\Documents and Settings\Renee\Desktop\Shortcut to Millennium Secrets - Roxannes Necklace Strategy Guide.exe.lnk
[2011/07/27 10:23:15 | 000,001,002 | ---- | C] () -- D:\Documents and Settings\Renee\Desktop\Shortcut to MillenniumSecrets_RoxannesNecklace.exe.lnk
[2011/07/26 09:17:46 | 022,838,413 | ---- | C] () -- D:\Documents and Settings\Renee\Desktop\Advanced.Uninstaller.PRO.v10.2.Cracked-MESMERiZE.rar
[2011/07/24 14:06:22 | 366,771,472 | ---- | C] () -- D:\Documents and Settings\Renee\Desktop\Greys.Anatomy.S07E21.HDTV.XviD-LOL.avi
[2011/07/22 11:57:46 | 000,000,606 | ---- | C] () -- D:\Documents and Settings\Renee\Desktop\Shortcut to Toolbox.exe.lnk
[2011/07/19 15:34:20 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Renee\defogger_reenable
[2011/07/19 12:12:57 | 000,001,144 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Echoes of the Past - Royal House of Stone.lnk
[2011/07/14 14:54:19 | 000,004,570 | ---- | C] () -- D:\Documents and Settings\Renee\My Documents\cc_20110714_145417.reg
[2011/07/14 14:33:38 | 000,000,694 | ---- | C] () -- D:\Documents and Settings\Renee\Desktop\CCleaner.lnk
[2011/07/14 14:26:27 | 000,000,308 | ---- | C] () -- D:\WINDOWS\tasks\WinMaximizer-Renee-Startup.job
[2011/07/05 20:53:47 | 000,001,830 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/03 13:30:04 | 000,000,641 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Sudoku Up.lnk
[2011/07/03 13:30:04 | 000,000,635 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Sudoku Up.lnk
[2011/07/03 12:02:20 | 000,002,365 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\GameHouse Sudoku.lnk
[2011/06/20 22:55:58 | 000,000,010 | ---- | C] () -- D:\WINDOWS\popcinfo.dat
[2011/05/16 09:14:09 | 000,229,452 | ---- | C] () -- D:\WINDOWS\System32\mls_set4.dll
[2011/05/16 09:14:09 | 000,118,784 | ---- | C] () -- D:\WINDOWS\System32\LMCHART1.dll
[2011/05/16 09:14:09 | 000,032,768 | ---- | C] () -- D:\WINDOWS\System32\tstream.dll
[2011/05/16 09:14:08 | 000,118,784 | ---- | C] () -- D:\WINDOWS\System32\f23dll.dll
[2011/05/16 09:14:08 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\EZTW32.dll
[2011/04/12 08:56:36 | 000,000,008 | ---- | C] () -- D:\Program Files\SysResources Managersys111.dat
[2011/04/12 08:56:19 | 000,015,620 | ---- | C] () -- D:\WINDOWS\System32\SystemRs11.sm.SYS
[2011/02/10 11:36:09 | 000,000,082 | ---- | C] () -- D:\WINDOWS\mafosav.INI
[2011/01/07 11:01:59 | 000,000,008 | ---- | C] () -- D:\WINDOWS\f31.ini
[2011/01/07 10:55:19 | 000,000,018 | ---- | C] () -- D:\WINDOWS\gfact.ini
[2010/12/05 10:33:02 | 000,204,800 | ---- | C] () -- D:\WINDOWS\System32\igfxCoIn_v4814.dll
[2010/10/17 15:46:00 | 000,000,631 | ---- | C] () -- D:\Documents and Settings\Renee\Application Data\prefsdb.dat
[2010/09/19 09:08:24 | 000,129,296 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/17 17:42:33 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/09/08 13:18:40 | 000,951,291 | ---- | C] () -- D:\Documents and Settings\Renee\Local Settings\Application Data\remregfix.reg
[2010/09/08 13:18:40 | 000,610,455 | ---- | C] () -- D:\Documents and Settings\Renee\Local Settings\Application Data\HOSTS
[2010/09/08 13:18:40 | 000,018,308 | ---- | C] () -- D:\Documents and Settings\Renee\Local Settings\Application Data\IEDef.reg
[2010/09/08 13:18:40 | 000,005,228 | ---- | C] () -- D:\Documents and Settings\Renee\Local Settings\Application Data\nfig.reg
[2010/09/08 13:18:40 | 000,004,994 | ---- | C] () -- D:\Documents and Settings\Renee\Local Settings\Application Data\s.reg
[2010/09/08 13:18:40 | 000,004,512 | ---- | C] () -- D:\Documents and Settings\Renee\Local Settings\Application Data\hpregfix.reg
[2010/09/08 13:18:40 | 000,003,008 | ---- | C] () -- D:\Documents and Settings\Renee\Local Settings\Application Data\bgregfix.reg
[2010/09/08 13:18:40 | 000,002,600 | ---- | C] () -- D:\Documents and Settings\Renee\Local Settings\Application Data\exefix.reg
[2010/09/08 13:18:40 | 000,001,754 | ---- | C] () -- D:\Documents and Settings\Renee\Local Settings\Application Data\regf.reg
[2010/09/08 13:18:40 | 000,000,896 | ---- | C] () -- D:\Documents and Settings\Renee\Local Settings\Application Data\databasepath.reg
[2010/09/08 13:18:40 | 000,000,890 | ---- | C] () -- D:\Documents and Settings\Renee\Local Settings\Application Data\Remove-itRestorePoint.vbs
[2010/08/31 14:13:01 | 000,000,068 | ---- | C] () -- D:\WINDOWS\MyProg.ini
[2010/07/11 21:23:54 | 000,000,050 | ---- | C] () -- D:\WINDOWS\MegaManager.INI
[2010/07/06 09:41:54 | 000,004,096 | ---- | C] () -- D:\WINDOWS\d3dx.dat
[2010/07/02 15:13:29 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2010/06/28 11:52:25 | 000,000,128 | ---- | C] () -- D:\Documents and Settings\Renee\Local Settings\Application Data\fusioncache.dat
[2010/06/25 17:41:38 | 000,015,872 | ---- | C] () -- D:\Documents and Settings\Renee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/25 17:00:33 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2010/06/11 15:39:43 | 000,034,308 | ---- | C] () -- D:\WINDOWS\System32\BASSMOD.dll
[2010/06/09 12:05:23 | 000,000,024 | ---- | C] () -- D:\WINDOWS\popcinfot.dat
[2010/06/08 15:12:02 | 000,000,004 | -H-- | C] () -- D:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2010/06/08 14:52:22 | 000,016,480 | ---- | C] () -- D:\WINDOWS\System32\rixdicon.dll
[2010/06/08 14:24:17 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2010/06/08 14:14:51 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2010/06/08 07:05:38 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2009/11/16 09:33:38 | 000,053,299 | ---- | C] () -- D:\WINDOWS\System32\pthreadVC.dll
[2009/06/07 04:27:20 | 000,073,728 | ---- | C] () -- D:\WINDOWS\System32\vbzlib1.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- D:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- D:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- D:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- D:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- D:\WINDOWS\System32\gthrctr.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll
[2005/03/22 15:38:24 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2005/03/22 15:38:24 | 000,004,627 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2004/08/10 04:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2004/08/10 04:00:00 | 000,527,390 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2004/08/10 04:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2004/08/10 04:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2004/08/10 04:00:00 | 000,096,698 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2004/08/10 04:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2004/08/10 04:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2004/08/10 04:00:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2004/08/10 04:00:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin
[2004/08/10 04:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI
[2002/07/01 07:13:30 | 000,000,229 | -HS- | C] () -- D:\Documents and Settings\Renee\Application Data\matrox_drv16.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: WINLOGON.EXE >
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:65929158
@Alternate Data Stream - 96 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 95 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:E49FC3A5
@Alternate Data Stream - 95 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A3AE730E
@Alternate Data Stream - 225 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 216 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:378824DE
@Alternate Data Stream - 211 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:852F2262
@Alternate Data Stream - 209 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:E2CFA9CD
@Alternate Data Stream - 202 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:697DDE2B
@Alternate Data Stream - 202 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:397D67BA
@Alternate Data Stream - 201 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:9FD757A9
@Alternate Data Stream - 198 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:54380FEC
@Alternate Data Stream - 191 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F
@Alternate Data Stream - 189 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:EE198B1F
@Alternate Data Stream - 186 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A4E7D25F
@Alternate Data Stream - 183 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:943971F5
@Alternate Data Stream - 181 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 175 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DA5888A7
@Alternate Data Stream - 173 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:587F3582
@Alternate Data Stream - 169 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 164 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:ECF3C50F
@Alternate Data Stream - 148 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:21F11E8D
@Alternate Data Stream - 143 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:C2F24DB5
@Alternate Data Stream - 141 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:F6A0889A
@Alternate Data Stream - 141 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:386B39C3
@Alternate Data Stream - 140 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:68C30762
@Alternate Data Stream - 139 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DC0B1070
@Alternate Data Stream - 139 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:CA23BCFD
@Alternate Data Stream - 139 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:7BFAAE70
@Alternate Data Stream - 139 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:52C24010
@Alternate Data Stream - 139 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:29F0CA7D
@Alternate Data Stream - 138 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:8855A119
@Alternate Data Stream - 135 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:4DDE401B
@Alternate Data Stream - 135 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:1170D6E4
@Alternate Data Stream - 134 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:F5D01D7C
@Alternate Data Stream - 134 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:E894A3ED
@Alternate Data Stream - 134 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:E0888117
@Alternate Data Stream - 133 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:0988A428
@Alternate Data Stream - 132 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:92FE8A60
@Alternate Data Stream - 132 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:5311B0B8
@Alternate Data Stream - 131 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:23834E1E
@Alternate Data Stream - 130 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D7B7645F
@Alternate Data Stream - 130 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A819A132
@Alternate Data Stream - 130 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:62AC0CCE
@Alternate Data Stream - 130 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:1A052BF6
@Alternate Data Stream - 128 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:F94BD29B
@Alternate Data Stream - 128 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D6255023
@Alternate Data Stream - 128 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D4558A0B
@Alternate Data Stream - 128 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:B0456F0C
@Alternate Data Stream - 128 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A76A1B1B
@Alternate Data Stream - 128 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:4EC7F009
@Alternate Data Stream - 128 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:29535479
@Alternate Data Stream - 127 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:2F2D23BA
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:9C3AAD57
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:7DC5D762
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:6A0A47E7
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:5DD4100E
@Alternate Data Stream - 125 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:E21433CE
@Alternate Data Stream - 124 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:C3B7D33C
@Alternate Data Stream - 124 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:0785072C
@Alternate Data Stream - 123 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:EAFDF1CF
@Alternate Data Stream - 123 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:2B9555D8
@Alternate Data Stream - 122 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 122 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:BDE339B9
@Alternate Data Stream - 122 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:8AED9359
@Alternate Data Stream - 121 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D9F34335
@Alternate Data Stream - 120 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:BB8B6B1E
@Alternate Data Stream - 119 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:E8C44CB4
@Alternate Data Stream - 118 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:77A023CE
@Alternate Data Stream - 118 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:3086B95F
@Alternate Data Stream - 118 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:2B856118
@Alternate Data Stream - 116 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:7E5B14AE
@Alternate Data Stream - 116 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:2D1AE3BE
@Alternate Data Stream - 115 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DC74545C
@Alternate Data Stream - 115 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:8A7CA194
@Alternate Data Stream - 115 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:84E7BFEB
@Alternate Data Stream - 115 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:28BEC2EC
@Alternate Data Stream - 112 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:B90C7652
@Alternate Data Stream - 112 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:774A0E14
@Alternate Data Stream - 112 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:2F8138B7
@Alternate Data Stream - 111 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:BB87EC51
@Alternate Data Stream - 110 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:F2AF86D9
@Alternate Data Stream - 109 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 106 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 103 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:339562A6

< End of report >

OTL Extras logfile created on: 8/2/2011 8:02:21 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = D:\Documents and Settings\Renee\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 635.69 Mb Available Physical Memory | 62.67% Memory free
2.38 Gb Paging File | 1.89 Gb Available in Paging File | 79.10% Paging File free
Paging file location(s): D:\pagefile.sys 1524 1524 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 2.00 Gb Total Space | 1.38 Gb Free Space | 68.80% Space Free | Partition Type: FAT32
Drive D: | 52.47 Gb Total Space | 14.88 Gb Free Space | 28.36% Space Free | Partition Type: NTFS

Computer Name: RMH-45CEAB0FB | User Name: Renee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Java\jre6\bin\javaw.exe" = D:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\Java\jre6\launch4j-tmp\frd.exe" = D:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\Mozilla Firefox\firefox.exe" = D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"D:\Program Files\cacaoweb\cacaoweb.exe" = D:\Program Files\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{456C5E82-853B-4693-A984-16F47C16618D}" = Fishdom - Seasons Under the Sea
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1" = Smart Diary Suite 4
"{53B2D537-21CF-44D5-A03A-0DAF993B5728}" = ebgcSDK
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.0
"{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack
"{6B5E816C-A761-4F5B-BF48-84B794556CAA}_is1" = Freelang Dictionary (wordlist)
"{6E159399-5A18-43DB-86EC-C0505CA41E15}" = Macabre Mysteries - Curse of the Nightengale Collectors Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{782EE71A-8BBA-4CA7-90C7-D8F68DFAB3C2}" = Liong - The Dragon Dance
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81EC6898-BB5C-48D2-9CBC-B9D56A09A772}" = Text Twist 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88A86A0E-DB05-4E16-979B-BE3F3362C203}" = Bejeweled Blitz
"{8A95C2DC-779A-4EA8-9DE3-B118D1411E8B}_is1" = Freelang Dictionary 3.74 beta
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E0659E8-DF30-411C-AD35-3BCB0B89D9EF}" = Echoes of the Past - Royal House of Stone
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA1783CD-31F6-43F0-9858-B07C6340469F}" = GameHouse Sudoku
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AED27EC0-20B3-407D-95A6-079A01BAA14E}_is1" = Windows Winset V4.0.9
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BFDEAD3C-96FD-438C-A507-DC49166CC700}" = Mystery Case Files Game Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C8C71A25-5F83-4894-9971-45525A92B89E}" = My Home Designer V6.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD232781-26CA-4E18-BC70-4343A2F0D583}" = Microsoft IntelliPoint 8.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}" = DAMN NFO Viewer 2.10.0031 RC3
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 9.96 Professional Edition
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"3635FC5A3FE7DACCEF2123BDBDA808BA811B977B" = Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
"452416B030C25BAA383F3DA368FECD5D48FAE727" = Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"AC3Filter" = AC3Filter (remove only)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Diary_is1" = Advanced Diary v3.0
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"avast" = avast! Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"Braid/EN/PL-English_is1" = Braid
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CobBackup10" = Cobian Backup 10
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"Easy Macro Recorder_is1" = Easy Macro Recorder 3.85
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7" = Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"Fences" = Fences
"FLV Player2.0.25" = FLV Player
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Free and Easy Biorhythm Calculator_is1" = Free and Easy Biorhythm Calculator version 3.02
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"IObit Security 360_is1" = IObit Security 360
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neuro-Programmer 2 Professional_is1" = Neuro-Programmer Professional 2.4.2
"OpenAL" = OpenAL
"ProInst" = Intel® PROSet/Wireless Software
"Protected Folder_is1" = Protected Folder
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.90
"SolSuite_is1" = SolSuite 2011 v11.1
"Sudoku Up_is1" = Sudoku Up 2009 v3.0
"Super TextTwist" = Super TextTwist
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The legend of El Dorado Deluxe" = The legend of El Dorado Deluxe
"VLC media player" = VLC media player 1.1.8
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Web Games Player Plugin" = Web Games Player Plugin
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEP" = XPS Essentials Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-842925246-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Imagicon" = Imagicon
"LastPass" = LastPass (uninstall only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2011 5:58:38 PM | Computer Name = RMH-45CEAB0FB | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80080005.

Error - 7/19/2011 5:58:53 PM | Computer Name = RMH-45CEAB0FB | Source = VSS | ID = 1
Description = Volume Shadow Copy Service initialization error: the control dispatcher
cannot be started [0x80070427].

Error - 7/19/2011 5:59:23 PM | Computer Name = RMH-45CEAB0FB | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80080005.

Error - 7/19/2011 5:59:38 PM | Computer Name = RMH-45CEAB0FB | Source = VSS | ID = 1
Description = Volume Shadow Copy Service initialization error: the control dispatcher
cannot be started [0x80070427].

Error - 7/19/2011 6:00:08 PM | Computer Name = RMH-45CEAB0FB | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80080005.

Error - 7/25/2011 12:55:10 PM | Computer Name = RMH-45CEAB0FB | Source = PopCapUpdater | ID = 1
Description =

Error - 7/25/2011 12:55:10 PM | Computer Name = RMH-45CEAB0FB | Source = PopCapUpdater | ID = 1
Description =

Error - 7/25/2011 12:55:10 PM | Computer Name = RMH-45CEAB0FB | Source = PopCapUpdater | ID = 1
Description =

Error - 7/25/2011 12:55:10 PM | Computer Name = RMH-45CEAB0FB | Source = PopCapUpdater | ID = 1
Description =

Error - 7/26/2011 1:41:11 PM | Computer Name = RMH-45CEAB0FB | Source = MsiInstaller | ID = 11316
Description = Product: 7 Wonders II -- Error 1316. A network error occurred while
attempting to read from the file: D:\WINDOWS\Installer\7 Wonders II.msi

[ System Events ]
Error - 8/2/2011 10:35:03 AM | Computer Name = RMH-45CEAB0FB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Media Center Scheduler
Service service to connect.

Error - 8/2/2011 10:35:03 AM | Computer Name = RMH-45CEAB0FB | Source = Service Control Manager | ID = 7000
Description = The Media Center Scheduler Service service failed to start due to
the following error: %%1053

Error - 8/2/2011 10:35:03 AM | Computer Name = RMH-45CEAB0FB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Intel® PROSet/Wireless
Registry Service service to connect.

Error - 8/2/2011 10:35:03 AM | Computer Name = RMH-45CEAB0FB | Source = Service Control Manager | ID = 7000
Description = The Intel® PROSet/Wireless Registry Service service failed to start
due to the following error: %%1053

Error - 8/2/2011 10:35:03 AM | Computer Name = RMH-45CEAB0FB | Source = Service Control Manager | ID = 7001
Description = The Windows Search service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 8/2/2011 10:35:03 AM | Computer Name = RMH-45CEAB0FB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Media Center Extender
Service service to connect.

Error - 8/2/2011 10:35:03 AM | Computer Name = RMH-45CEAB0FB | Source = Service Control Manager | ID = 7000
Description = The Media Center Extender Service service failed to start due to the
following error: %%1053

Error - 8/2/2011 10:35:50 AM | Computer Name = RMH-45CEAB0FB | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 8/2/2011 10:35:51 AM | Computer Name = RMH-45CEAB0FB | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 8/2/2011 10:35:51 AM | Computer Name = RMH-45CEAB0FB | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.


< End of report >

Edited by Skyes, 02 August 2011 - 10:36 AM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:30 AM

Posted 02 August 2011 - 03:51 PM

Hi

do you have your windows CD? Do you remember what you did before the problem started happening? Did you install a program?/Remove a program?

Where you using CCLeaner and AdvancedCare before the issues started? Registry cleaners can easily mess up things to a point where the PC will no longer boot. If you had them installed, I would suspect them as the source of your issues.

Is anything indicating that this is malware and not a software issue?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Skyes

Skyes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 02 August 2011 - 04:04 PM

Thanks for replying so quickly myrti.

I have a Dell Reinstallation DVD for Microsoft Windows XP Media Center Version 2005 with update Rollup 2. As far as CCleaner and Advanced System Care, I have been using both for the past year and yes I have installed and uninstalled programs and a couple of weeks ago the problem worsened when I uninstalled several games. I did a system restore and uninstalled them (I really don't remember just what I uninstalled... sorry) again. Things were better but not the same and after running Advanced System Care a HiJack This Report was generated and is everytime since; that is when I contacted this site. I wish I could be more specific about what exactly I did. And I wouldn't know a malware from a software issue.

I hope you are able to discern something to help me from the above reports because I am clueless.

Here's hoping.
Sincerely,
Skye

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:30 AM

Posted 02 August 2011 - 04:31 PM

Hi,

do you konw if you can do a repair install with said CD? Not all Dell CDs allow for that. Another option might be to uninstall and reinstall SP3.

Do you have a backup with Cobian?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Skyes

Skyes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 02 August 2011 - 04:46 PM

Yes, to all of the above. Was hoping for a fix though; is that still out of the question?

Skye

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:30 AM

Posted 03 August 2011 - 11:45 AM

Hi,

a repair install would leave all your installed programs and files in place (please cerate a backup anyway, just in case something goes wrong) and fix the windows issues. This would likely be the quickest way to fix the issue.
An unisntall and reinstall of SP3 will have a similar effect, although there may be complications.

We can still try to fix these things manually, but it would take a lot more time and the outcome is uncertain, hence if you have the possibility to do a repair install (not a reinstall), this is what I would favour at the moment.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Skyes

Skyes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 03 August 2011 - 03:52 PM

I suppose I will try the repair install, although I have never done this before. Would you be available for assistance?

Skye

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:30 AM

Posted 05 August 2011 - 06:30 AM

Hi,

the question is if the CD you have can do it.

Have a look at this link:http://www.michaelstevenstech.com/XPrepairinstall.htm

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Skyes

Skyes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 05 August 2011 - 10:40 AM

Thank you, myrti, I will check that out when I have sufficient time to this major thing, for me at least.

I will be in touch,
Thanks again, Skye

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:30 AM

Posted 29 January 2012 - 09:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users