Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't load any webpages I think I'm infected


  • This topic is locked This topic is locked
15 replies to this topic

#1 harlequeen

harlequeen

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 04 August 2012 - 08:21 AM

Hi

Have previously posted in 'Am I Infected' and after a little while of doing what was suggested, I was asked by BOOPME to post here with the log files etc suggested in your guide. So here they are.


Any help would be appreciated.

Harlequeen

DDS.txt file

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by admin at 13:37:48 on 2012-08-04
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\mcbuilder.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\admin\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sky.com/
uDefault_Page_URL = hxxp://www.sky.com
uWindow Title = Internet Explorer Provided By Sky Broadband
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1006&m=aspire_x1300
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1006&m=aspire_x1300
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\progra~1\avasts~1\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\progra~1\avasts~1\avast\aswWebRepIE.dll
TB: {00BF7B9C-ACD2-4080-BEA8-B1C41987070F} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [ProductReg] c:\program files\acer\wr_popup\ProductReg.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eRecoveryService]
mRun: [Setresolution] c:\acer\config\1366x768.cmd
mRun: [NBKeyScan] "c:\program files\nero\nero 7\nero backitup\NBKeyScan.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A6EF313D-35D2-4D29-B88B-EA5A55350D92} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\h2p2vc4t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3042917&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.sky.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=W3I4&o=41648000&locale=en_UK&apn_uid=D593D66A-E2BB-431E-A6EE-14CE69BD865F&apn_ptnrs=^A9L&apn_sauid=394EF7E1-1517-4631-A5E1-5521EC67A981&apn_dtid=^YYYYYY^YY^GB&&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\h2p2vc4t.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R? avast! Firewall;avast! Firewall
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? MozillaMaintenance;Mozilla Maintenance Service
R? NTIBackupSvc;NTI Backup Now 5 Backup Service
R? RapportKELL;RapportKELL
R? RapportPG;RapportPG
R? SASENUM;SASENUM
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? aswFsBlk;aswFsBlk
S? aswFW;avast! TDI Firewall driver
S? aswKbd;aswKbd
S? aswMonFlt;aswMonFlt
S? aswNdis;avast! Firewall NDIS Filter Service
S? aswNdis2;avast! Firewall Core Firewall Service
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
S? ETService;Empowering Technology Service
S? FontCache;Windows Font Cache Service
S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
S? Lbd;Lbd
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? NTISchedulerSvc;NTI Backup Now 5 Scheduler Service
S? NVHDA;Service for NVIDIA High Definition Audio Driver
S? RapportCerberus_34302;RapportCerberus_34302
S? RapportEI;RapportEI
S? RapportIaso;RapportIaso
S? RapportMgmtService;Rapport Management Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2012-08-04 12:08:20 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-04 12:05:01 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e1a74552-0831-418d-9048-f1771ccf1887}\mpengine.dll
2012-08-04 11:59:18 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-08-04 11:58:41 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-08-04 11:58:41 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-04 11:58:40 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-04 11:58:40 278528 ----a-w- c:\windows\system32\schannel.dll
2012-08-04 11:58:40 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-04 11:03:29 -------- d-----w- c:\program files\Magical Jelly Bean
2012-07-26 19:14:41 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2012-07-26 19:14:20 -------- d-----w- c:\programdata\Malwarebytes
2012-07-26 19:14:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 19:14:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-13 19:49:21 -------- d--h--w- c:\windows\PIF
2012-07-13 19:11:16 48648 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-8\Markup.dll
2012-07-08 06:19:18 65752 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-07-06 10:50:39 388096 ----a-r- c:\users\admin\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-07-06 10:50:38 -------- d-----w- c:\program files\Trend Micro
2012-07-06 10:46:59 1402880 ----a-w- C:\HiJackThis(1).msi
2012-07-06 10:04:57 -------- d-----w- c:\windows\pss
2012-07-06 09:58:04 -------- d-----w- C:\security
2012-07-06 09:33:12 -------- d-----w- C:\Hijackthis
2012-07-05 15:50:42 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-05 15:48:43 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-05 15:48:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-05 15:48:24 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-31 11:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:38:55.69 ===============


attach.txt

.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer eDataSecurity Management
Acer Empowering Technology
Acer eRecovery Management
Acer Product Registration
Acer ScreenSaver
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
AVS Media Player 4.1.6.80
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Choice Guard
Driving Test Success - All Tests 2011 Edition
Easy DVD Creator 2.3.2
Free File Opener
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImTOO DVD Creator
InstallIQ Updater
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
Magical Jelly Bean KeyFinder
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2000 Premium
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
NTI Backup Now 5
NTI Backup Now Standard
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
OGA Notifier 2.0.0048.0
Open Freely
PlayReady PC runtime
PVSonyDll
Rapport
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Sky Broadband
Sp5
Sp5Intl
Sp5TTInt
SpCommon
SpPhones
SUPERAntiSpyware Free Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== End Of File ===========================


ark.txt file

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-04 14:13:47
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000061 WDC_WD32 rev.01.0
Running: iwl9usvv.exe; Driver: C:\Users\admin\AppData\Local\Temp\kxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9C8829CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9C884EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9C884F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9C88501A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9C884E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9C884F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9C884E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9C884FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9C8829EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9C8827B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9C882A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9C885412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9C8834AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9C884EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9C884F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9C885044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9C884E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9C884F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9C884E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9C884FF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9C883370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9C882A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9C882A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9C882812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9C88294E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9C88292A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9C882972]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x9C9D5620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9C882A7E]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ZwCreateThreadEx [0x9C8F2640]

INT 0x51 ? 9390EA50
INT 0x61 ? 9553ECD0
INT 0x71 ? 9390E2D0
INT 0x72 ? 94C29CD0
INT 0x82 ? 94C297D0
INT 0x92 ? 9390E050
INT 0xA2 ? 9390E550
INT 0xB0 ? 94C29050
INT 0xB1 ? 9390ECD0
INT 0xB2 ? 9390E7D0

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 908B77D0 4 Bytes [CA, 29, 88, 9C] {RETF 0x8829; PUSHF }
.text ntkrnlpa.exe!KeSetEvent + 1D1 908B7894 8 Bytes [AC, 4E, 88, 9C, 04, 4F, 88, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 908B78A0 4 Bytes [1A, 50, 88, 9C] {SBB DL, [EAX-0x78]; PUSHF }
.text ntkrnlpa.exe!KeSetEvent + 1F5 908B78B8 4 Bytes [02, 4E, 88, 9C] {ADD CL, [ESI-0x78]; PUSHF }
.text ntkrnlpa.exe!KeSetEvent + 215 908B78D8 8 Bytes [54, 4F, 88, 9C, 56, 4E, 88, ...]
.text ...
? C:\Users\admin\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
.text ntdll.dll!LdrLoadDll 77039378 5 Bytes [E9, B3, 6C, 11, 89] {JMP 0xffffffff89116cb8}
.text ntdll.dll!LdrUnloadDll 7704B680 5 Bytes [E9, E7, 49, 10, 89] {JMP 0xffffffff891049ec}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\spoolsv.exe[12] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\System32\spoolsv.exe[12] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\System32\spoolsv.exe[12] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\spoolsv.exe[12] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\spoolsv.exe[12] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\spoolsv.exe[12] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\spoolsv.exe[12] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\System32\spoolsv.exe[12] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\System32\spoolsv.exe[12] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\System32\spoolsv.exe[12] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\System32\spoolsv.exe[12] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000E00A8
.text C:\Windows\System32\spoolsv.exe[12] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000E00E4
.text C:\Windows\System32\spoolsv.exe[12] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 000E0120
.text C:\Windows\System32\spoolsv.exe[12] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 000E0030
.text C:\Windows\System32\spoolsv.exe[12] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 000E006C
.text C:\Windows\Explorer.EXE[532] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\Explorer.EXE[532] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\Explorer.EXE[532] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\Explorer.EXE[532] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\Explorer.EXE[532] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\Explorer.EXE[532] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\Explorer.EXE[532] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\Explorer.EXE[532] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\Explorer.EXE[532] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\Explorer.EXE[532] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\Explorer.EXE[532] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000800A8
.text C:\Windows\Explorer.EXE[532] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000800E4
.text C:\Windows\Explorer.EXE[532] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00080120
.text C:\Windows\Explorer.EXE[532] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00080030
.text C:\Windows\Explorer.EXE[532] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\svchost.exe[652] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[652] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[652] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 001400A8
.text C:\Windows\system32\svchost.exe[652] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 001400E4
.text C:\Windows\system32\svchost.exe[652] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00140120
.text C:\Windows\system32\svchost.exe[652] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00140030
.text C:\Windows\system32\svchost.exe[652] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0014006C
.text C:\Windows\system32\wininit.exe[660] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00030030
.text C:\Windows\system32\wininit.exe[660] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0003006C
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00050120
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0005015C
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00050198
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00050030
.text C:\Windows\system32\wininit.exe[660] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000600A8
.text C:\Windows\system32\wininit.exe[660] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\wininit.exe[660] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00060120
.text C:\Windows\system32\wininit.exe[660] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\wininit.exe[660] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0006006C
.text C:\Windows\system32\services.exe[708] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\services.exe[708] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\services.exe[708] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000900A8
.text C:\Windows\system32\services.exe[708] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000900E4
.text C:\Windows\system32\services.exe[708] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00090120
.text C:\Windows\system32\services.exe[708] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00090030
.text C:\Windows\system32\services.exe[708] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0009006C
.text C:\Windows\system32\lsass.exe[720] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\lsass.exe[720] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\lsass.exe[720] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 001800A8
.text C:\Windows\system32\lsass.exe[720] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 001800E4
.text C:\Windows\system32\lsass.exe[720] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00180120
.text C:\Windows\system32\lsass.exe[720] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00180030
.text C:\Windows\system32\lsass.exe[720] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\lsm.exe[740] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\lsm.exe[740] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0008006C
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000800A8
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000801D4
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000800E4
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00080120
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0008015C
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00080198
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00080030
.text C:\Windows\system32\winlogon.exe[752] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00030030
.text C:\Windows\system32\winlogon.exe[752] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0003006C
.text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00050120
.text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0005015C
.text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00050198
.text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00050030
.text C:\Windows\system32\winlogon.exe[752] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000A00A8
.text C:\Windows\system32\winlogon.exe[752] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000A00E4
.text C:\Windows\system32\winlogon.exe[752] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 000A0120
.text C:\Windows\system32\winlogon.exe[752] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 000A0030
.text C:\Windows\system32\winlogon.exe[752] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 000A006C
.text C:\Windows\ehome\ehtray.exe[912] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\ehome\ehtray.exe[912] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\ehome\ehtray.exe[912] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 000A006C
.text C:\Windows\ehome\ehtray.exe[912] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000A00A8
.text C:\Windows\ehome\ehtray.exe[912] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000A01D4
.text C:\Windows\ehome\ehtray.exe[912] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000A00E4
.text C:\Windows\ehome\ehtray.exe[912] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 000A0120
.text C:\Windows\ehome\ehtray.exe[912] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 000A015C
.text C:\Windows\ehome\ehtray.exe[912] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 000A0198
.text C:\Windows\ehome\ehtray.exe[912] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 000A0030
.text C:\Windows\ehome\ehtray.exe[912] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000B00A8
.text C:\Windows\ehome\ehtray.exe[912] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000B00E4
.text C:\Windows\ehome\ehtray.exe[912] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 000B0120
.text C:\Windows\ehome\ehtray.exe[912] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 000B0030
.text C:\Windows\ehome\ehtray.exe[912] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 000B006C
.text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\nvvsvc.exe[980] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00150030
.text C:\Windows\system32\nvvsvc.exe[980] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0015006C
.text C:\Windows\system32\nvvsvc.exe[980] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\nvvsvc.exe[980] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\nvvsvc.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\nvvsvc.exe[980] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\nvvsvc.exe[980] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00170120
.text C:\Windows\system32\nvvsvc.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0017015C
.text C:\Windows\system32\nvvsvc.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00170198
.text C:\Windows\system32\nvvsvc.exe[980] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00170030
.text C:\Windows\system32\nvvsvc.exe[980] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 001800A8
.text C:\Windows\system32\nvvsvc.exe[980] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 001800E4
.text C:\Windows\system32\nvvsvc.exe[980] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00180120
.text C:\Windows\system32\nvvsvc.exe[980] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00180030
.text C:\Windows\system32\nvvsvc.exe[980] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00170120
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0017015C
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00170198
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00170030
.text C:\Windows\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 001D00A8
.text C:\Windows\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 001D00E4
.text C:\Windows\system32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 001D0120
.text C:\Windows\system32\svchost.exe[1008] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 001D0030
.text C:\Windows\system32\svchost.exe[1008] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 001D006C
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 001E00A8
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 001E00E4
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 001E0120
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 001E0030
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 001E006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00150030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0015006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 001700A8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00170120
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0017015C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00170198
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00170030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 001800A8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 001800E4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00180120
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00180030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1100] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0018006C
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00150030
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0015006C
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] ntdll.dll!KiUserApcDispatcher 77075B78 5 Bytes JMP 00415190 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] kernel32.dll!LoadLibraryExW + 173 768593EF 4 Bytes JMP 71AB000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 001800A8
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 001800E4
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00180120
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00180030
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0018006C
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0019006C
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 001900A8
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 001901D4
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 001900E4
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00190120
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0019015C
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00190198
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00190030
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] WS2_32.dll!getaddrinfo 7715418A 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] WS2_32.dll!gethostbyname 771662D4 5 Bytes JMP 71AE0022
.text C:\Windows\system32\wuauclt.exe[1208] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00060030
.text C:\Windows\system32\wuauclt.exe[1208] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0006006C
.text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000700A8
.text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000700E4
.text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00070120
.text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00070030
.text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0007006C
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0008006C
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000800A8
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000801D4
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000800E4
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00080120
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0008015C
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00080198
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00080030
.text C:\Windows\System32\svchost.exe[1300] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 001E00A8
.text C:\Windows\System32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 001E00E4
.text C:\Windows\System32\svchost.exe[1300] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 001E0120
.text C:\Windows\System32\svchost.exe[1300] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 001E0030
.text C:\Windows\System32\svchost.exe[1300] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 001E006C
.text C:\Windows\System32\svchost.exe[1324] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 00DA00A8
.text C:\Windows\System32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 00DA00E4
.text C:\Windows\System32\svchost.exe[1324] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00DA0120
.text C:\Windows\System32\svchost.exe[1324] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00DA0030
.text C:\Windows\System32\svchost.exe[1324] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 00DA006C
.text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 007F00A8
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 007F00E4
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 007F0120
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 007F0030
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 007F006C
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00150030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0015006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 00C2006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 00C200A8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 00C201D4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 00C200E4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00C20120
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 00C2015C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00C20198
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00C20030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 00C300A8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 00C300E4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00C30120
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00C30030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[1536] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 00C3006C
.text C:\Windows\ehome\ehmsas.exe[1540] ntdll.dll!LdrLoadDll 77039378 3 Bytes JMP 00040030
.text C:\Windows\ehome\ehmsas.exe[1540] ntdll.dll!LdrLoadDll + 4 7703937C 1 Byte [89]
.text C:\Windows\ehome\ehmsas.exe[1540] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0004006C
.text C:\Windows\ehome\ehmsas.exe[1540] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0006006C
.text C:\Windows\ehome\ehmsas.exe[1540] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000600A8
.text C:\Windows\ehome\ehmsas.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000601D4
.text C:\Windows\ehome\ehmsas.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000600E4
.text C:\Windows\ehome\ehmsas.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00060120
.text C:\Windows\ehome\ehmsas.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0006015C
.text C:\Windows\ehome\ehmsas.exe[1540] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00060198
.text C:\Windows\ehome\ehmsas.exe[1540] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00060030
.text C:\Windows\ehome\ehmsas.exe[1540] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000700A8
.text C:\Windows\ehome\ehmsas.exe[1540] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000700E4
.text C:\Windows\ehome\ehmsas.exe[1540] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00070120
.text C:\Windows\ehome\ehmsas.exe[1540] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00070030
.text C:\Windows\ehome\ehmsas.exe[1540] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0007006C
.text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00150030
.text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0015006C
.text C:\Windows\system32\nvvsvc.exe[1572] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\nvvsvc.exe[1572] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\nvvsvc.exe[1572] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\nvvsvc.exe[1572] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\nvvsvc.exe[1572] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00170120
.text C:\Windows\system32\nvvsvc.exe[1572] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0017015C
.text C:\Windows\system32\nvvsvc.exe[1572] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00170198
.text C:\Windows\system32\nvvsvc.exe[1572] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00170030
.text C:\Windows\system32\nvvsvc.exe[1572] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 001800A8
.text C:\Windows\system32\nvvsvc.exe[1572] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 001800E4
.text C:\Windows\system32\nvvsvc.exe[1572] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00180120
.text C:\Windows\system32\nvvsvc.exe[1572] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00180030
.text C:\Windows\system32\nvvsvc.exe[1572] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0018006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000800A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000800E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00080120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00080030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\svchost.exe[1608] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1608] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 001F00A8
.text C:\Windows\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 001F00E4
.text C:\Windows\system32\svchost.exe[1608] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 001F0120
.text C:\Windows\system32\svchost.exe[1608] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 001F0030
.text C:\Windows\system32\svchost.exe[1608] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 001F006C
.text C:\Windows\system32\svchost.exe[1708] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1708] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1708] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 006C00A8
.text C:\Windows\system32\svchost.exe[1708] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 006C00E4
.text C:\Windows\system32\svchost.exe[1708] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 006C0120
.text C:\Windows\system32\svchost.exe[1708] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 006C0030
.text C:\Windows\system32\svchost.exe[1708] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 006C006C
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1828] kernel32.dll!SetUnhandledExceptionFilter 7685A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00150030
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0015006C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 001800A8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00180120
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0018015C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00180198
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00180030
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 002900A8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 002900E4
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00290120
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00290030
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1852] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0029006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00150030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0015006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 003800A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 003800E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00380120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00380030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0038006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0039006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 003900A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 003901D4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 003900E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00390120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0039015C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00390198
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2132] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00390030
.text C:\Windows\RtHDVCpl.exe[2172] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00150030
.text C:\Windows\RtHDVCpl.exe[2172] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0015006C
.text C:\Windows\RtHDVCpl.exe[2172] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0018006C
.text C:\Windows\RtHDVCpl.exe[2172] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 001800A8
.text C:\Windows\RtHDVCpl.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 001801D4
.text C:\Windows\RtHDVCpl.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 001800E4
.text C:\Windows\RtHDVCpl.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00180120
.text C:\Windows\RtHDVCpl.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0018015C
.text C:\Windows\RtHDVCpl.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00180198
.text C:\Windows\RtHDVCpl.exe[2172] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00180030
.text C:\Windows\RtHDVCpl.exe[2172] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 001900A8
.text C:\Windows\RtHDVCpl.exe[2172] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 001900E4
.text C:\Windows\RtHDVCpl.exe[2172] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00190120
.text C:\Windows\RtHDVCpl.exe[2172] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00190030
.text C:\Windows\RtHDVCpl.exe[2172] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0019006C
.text C:\Windows\system32\svchost.exe[2240] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2240] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2240] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2240] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2240] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2240] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2240] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2240] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2240] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2240] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[2240] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 001500A8
.text C:\Windows\system32\svchost.exe[2240] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 001500E4
.text C:\Windows\system32\svchost.exe[2240] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00150120
.text C:\Windows\system32\svchost.exe[2240] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00150030
.text C:\Windows\system32\svchost.exe[2240] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0015006C
.text C:\Windows\system32\svchost.exe[2280] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00090030
.text C:\Windows\system32\svchost.exe[2280] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0009006C
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 000B015C
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 000B0030
.text C:\Windows\System32\svchost.exe[2308] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[2308] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[2308] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0008006C
.text C:\Windows\System32\svchost.exe[2308] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000800A8
.text C:\Windows\System32\svchost.exe[2308] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000801D4
.text C:\Windows\System32\svchost.exe[2308] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000800E4
.text C:\Windows\System32\svchost.exe[2308] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00080120
.text C:\Windows\System32\svchost.exe[2308] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0008015C
.text C:\Windows\System32\svchost.exe[2308] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00080198
.text C:\Windows\System32\svchost.exe[2308] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00080030
.text C:\Windows\system32\SearchIndexer.exe[2336] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\SearchIndexer.exe[2336] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\SearchIndexer.exe[2336] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\SearchIndexer.exe[2336] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\SearchIndexer.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\SearchIndexer.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\SearchIndexer.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\SearchIndexer.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\SearchIndexer.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\SearchIndexer.exe[2336] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\SearchIndexer.exe[2336] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\SearchIndexer.exe[2336] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\SearchIndexer.exe[2336] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\SearchIndexer.exe[2336] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\SearchIndexer.exe[2336] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\taskeng.exe[2432] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[2432] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[2432] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\taskeng.exe[2432] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[2432] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[2432] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[2432] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0008006C
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00150030
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0015006C
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0026006C
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 002600A8
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 002601D4
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 002600E4
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00260120
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0026015C
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00260198
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00260030
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 002700A8
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 002700E4
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00270120
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00270030
.text C:\Program Files\bin32\nSvcAppFlt.exe[2488] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0027006C
.text C:\Windows\system32\WUDFHost.exe[2496] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\WUDFHost.exe[2496] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\WUDFHost.exe[2496] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\WUDFHost.exe[2496] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\WUDFHost.exe[2496] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\WUDFHost.exe[2496] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\WUDFHost.exe[2496] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\WUDFHost.exe[2496] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\WUDFHost.exe[2496] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\WUDFHost.exe[2496] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\WUDFHost.exe[2496] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\WUDFHost.exe[2496] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\WUDFHost.exe[2496] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\WUDFHost.exe[2496] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\WUDFHost.exe[2496] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0008006C
.text C:\Program Files\bin32\nSvcIp.exe[2572] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00150030
.text C:\Program Files\bin32\nSvcIp.exe[2572] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0015006C
.text C:\Program Files\bin32\nSvcIp.exe[2572] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0039006C
.text C:\Program Files\bin32\nSvcIp.exe[2572] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 003900A8
.text C:\Program Files\bin32\nSvcIp.exe[2572] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 003901D4
.text C:\Program Files\bin32\nSvcIp.exe[2572] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 003900E4
.text C:\Program Files\bin32\nSvcIp.exe[2572] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00390120
.text C:\Program Files\bin32\nSvcIp.exe[2572] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0039015C
.text C:\Program Files\bin32\nSvcIp.exe[2572] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00390198
.text C:\Program Files\bin32\nSvcIp.exe[2572] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00390030
.text C:\Program Files\bin32\nSvcIp.exe[2572] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 003A00A8
.text C:\Program Files\bin32\nSvcIp.exe[2572] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 003A00E4
.text C:\Program Files\bin32\nSvcIp.exe[2572] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 003A0120
.text C:\Program Files\bin32\nSvcIp.exe[2572] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 003A0030
.text C:\Program Files\bin32\nSvcIp.exe[2572] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 003A006C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000800A8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000800E4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00080120
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00080030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2640] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\wbem\unsecapp.exe[2820] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\unsecapp.exe[2820] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\unsecapp.exe[2820] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\unsecapp.exe[2820] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\unsecapp.exe[2820] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\unsecapp.exe[2820] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\unsecapp.exe[2820] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\unsecapp.exe[2820] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\unsecapp.exe[2820] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\unsecapp.exe[2820] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\unsecapp.exe[2820] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\unsecapp.exe[2820] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\unsecapp.exe[2820] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\unsecapp.exe[2820] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\unsecapp.exe[2820] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0008006C
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] ntdll.dll!LdrLoadDll 77039378 3 Bytes JMP 00040030
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] ntdll.dll!LdrLoadDll + 4 7703937C 1 Byte [89]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0004006C
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0006006C
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000600A8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000601D4
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000600E4
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00060120
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0006015C
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00060198
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00060030
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000700A8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000700E4
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00070120
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00070030
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2952] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\wmiprvse.exe[2984] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0008006C
.text C:\Windows\ehome\ehsched.exe[3016] ntdll.dll!LdrLoadDll 77039378 3 Bytes JMP 00040030
.text C:\Windows\ehome\ehsched.exe[3016] ntdll.dll!LdrLoadDll + 4 7703937C 1 Byte [89]
.text C:\Windows\ehome\ehsched.exe[3016] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0004006C
.text C:\Windows\ehome\ehsched.exe[3016] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0006006C
.text C:\Windows\ehome\ehsched.exe[3016] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000600A8
.text C:\Windows\ehome\ehsched.exe[3016] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000601D4
.text C:\Windows\ehome\ehsched.exe[3016] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000600E4
.text C:\Windows\ehome\ehsched.exe[3016] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00060120
.text C:\Windows\ehome\ehsched.exe[3016] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0006015C
.text C:\Windows\ehome\ehsched.exe[3016] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00060198
.text C:\Windows\ehome\ehsched.exe[3016] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00060030
.text C:\Windows\ehome\ehsched.exe[3016] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000700A8
.text C:\Windows\ehome\ehsched.exe[3016] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000700E4
.text C:\Windows\ehome\ehsched.exe[3016] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00070120
.text C:\Windows\ehome\ehsched.exe[3016] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00070030
.text C:\Windows\ehome\ehsched.exe[3016] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0007006C
.text C:\Windows\system32\Dwm.exe[3060] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\Dwm.exe[3060] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\Dwm.exe[3060] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000900A8
.text C:\Windows\system32\Dwm.exe[3060] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000900E4
.text C:\Windows\system32\Dwm.exe[3060] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00090120
.text C:\Windows\system32\Dwm.exe[3060] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00090030
.text C:\Windows\system32\Dwm.exe[3060] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0009006C
.text C:\Windows\system32\svchost.exe[3308] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[3308] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 000A006C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000A00A8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000A01D4
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000A00E4
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 000A0120
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 000A015C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 000A0198
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 000A0030
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000B00A8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000B00E4
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 000B0120
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 000B0030
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3536] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 000B006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00080030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0008006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 000A006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000A00A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000A01D4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000A00E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 000A0120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 000A015C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 000A0198
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 000A0030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000B00A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000B00E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 000B0120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 000B0030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3572] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 000B006C
.text C:\Windows\system32\taskeng.exe[3756] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[3756] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[3756] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[3756] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[3756] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[3756] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[3756] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[3756] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[3756] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[3756] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[3756] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\taskeng.exe[3756] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[3756] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[3756] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[3756] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00150030
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0015006C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 001700A8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00170120
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0017015C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00170198
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00170030
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 001800A8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 001800E4
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00180120
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00180030
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3764] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0018006C
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00150030
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0015006C
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] ntdll.dll!KiUserApcDispatcher 77075B78 5 Bytes JMP 0043ACB0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] kernel32.dll!LoadLibraryExW + 173 768593EF 4 Bytes JMP 71AC000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 003100A8
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 003100E4
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00310120
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00310030
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0031006C
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] USER32.dll!InSendMessageEx + 3B1 76DAE6B0 6 Bytes JMP 00464900 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0032006C
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 003200A8
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 003201D4
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 003200E4
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00320120
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0032015C
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00320198
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00320030
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] WS2_32.dll!getaddrinfo 7715418A 5 Bytes JMP 71A20022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3908] WS2_32.dll!gethostbyname 771662D4 5 Bytes JMP 71A60022
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00150030
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0015006C
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0019006C
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 001900A8
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 001901D4
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 001900E4
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00190120
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0019015C
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00190198
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00190030
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 001B00A8
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 001B00E4
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 001B0120
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 001B0030
.text C:\Users\admin\Desktop\iwl9usvv.exe[4484] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 001B006C
.text C:\Windows\ehome\ehRecvr.exe[4708] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00050030
.text C:\Windows\ehome\ehRecvr.exe[4708] ntdll.dll!LdrUnloadDll 7704B680 5 Bytes JMP 0005006C
.text C:\Windows\ehome\ehRecvr.exe[4708] ADVAPI32.dll!CreateServiceW 769D9EB4 5 Bytes JMP 0007006C
.text C:\Windows\ehome\ehRecvr.exe[4708] ADVAPI32.dll!DeleteService 769DA07E 5 Bytes JMP 000700A8
.text C:\Windows\ehome\ehRecvr.exe[4708] ADVAPI32.dll!SetServiceObjectSecurity 76A16CD9 5 Bytes JMP 000701D4
.text C:\Windows\ehome\ehRecvr.exe[4708] ADVAPI32.dll!ChangeServiceConfigA 76A16DD9 5 Bytes JMP 000700E4
.text C:\Windows\ehome\ehRecvr.exe[4708] ADVAPI32.dll!ChangeServiceConfigW 76A16F81 5 Bytes JMP 00070120
.text C:\Windows\ehome\ehRecvr.exe[4708] ADVAPI32.dll!ChangeServiceConfig2A 76A17099 5 Bytes JMP 0007015C
.text C:\Windows\ehome\ehRecvr.exe[4708] ADVAPI32.dll!ChangeServiceConfig2W 76A171E1 5 Bytes JMP 00070198
.text C:\Windows\ehome\ehRecvr.exe[4708] ADVAPI32.dll!CreateServiceA 76A172A1 5 Bytes JMP 00070030
.text C:\Windows\ehome\ehRecvr.exe[4708] USER32.dll!SetWindowsHookExA 76DA6322 5 Bytes JMP 000800A8
.text C:\Windows\ehome\ehRecvr.exe[4708] USER32.dll!SetWindowsHookExW 76DA87AD 5 Bytes JMP 000800E4
.text C:\Windows\ehome\ehRecvr.exe[4708] USER32.dll!UnhookWindowsHookEx 76DA98DB 5 Bytes JMP 00080120
.text C:\Windows\ehome\ehRecvr.exe[4708] USER32.dll!SetWinEventHook 76DA9F3A 5 Bytes JMP 00080030
.text C:\Windows\ehome\ehRecvr.exe[4708] USER32.dll!UnhookWinEvent 76DAC06F 5 Bytes JMP 0008006C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xAB 0x15 0x83 0x16 ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Trusteer\Rapport\store\user\fsm_service_var_1.js.data 336 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 AM

Posted 09 August 2012 - 08:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463837 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 harlequeen

harlequeen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 09 August 2012 - 03:17 PM

Hi

I cannot access the internet via a browser. I get a message to say that there is a problem with the page. I have been able to update windows updates and also downloaded anti-virus updates. I have had some help from BOOPME in a previous request, but he/she suggested posting here as we were unable to get to the bottom of it.

The computer is used by my teenaged nephew and my sister primarily, and I know at one time he used a torrent site.

I don't have original windows disk but I believe that there should be a system restore partition, but I couldn't seem to access it.

No activity has taken place on the computer since I posted the logs above. I have another computer which I am accessing this site.

Any help would be appreciated.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 AM

Posted 10 August 2012 - 08:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#5 harlequeen

harlequeen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 11 August 2012 - 10:05 AM

Here is the log file from

4:33:42.0573 6012 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:33:42.0886 6012 ============================================================
14:33:42.0886 6012 Current date / time: 2012/08/11 14:33:42.0886
14:33:42.0886 6012 SystemInfo:
14:33:42.0886 6012
14:33:42.0886 6012 OS Version: 6.0.6002 ServicePack: 2.0
14:33:42.0886 6012 Product type: Workstation
14:33:42.0886 6012 ComputerName: SUE-PC
14:33:42.0887 6012 UserName: admin
14:33:42.0887 6012 Windows directory: C:\Windows
14:33:42.0887 6012 System windows directory: C:\Windows
14:33:42.0887 6012 Processor architecture: Intel x86
14:33:42.0887 6012 Number of processors: 2
14:33:42.0887 6012 Page size: 0x1000
14:33:42.0887 6012 Boot type: Normal boot
14:33:42.0887 6012 ============================================================
14:33:43.0502 6012 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:33:43.0517 6012 ============================================================
14:33:43.0517 6012 \Device\Harddisk0\DR0:
14:33:43.0524 6012 MBR partitions:
14:33:43.0524 6012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x11C16800
14:33:43.0524 6012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13817000, BlocksNum 0x11C17000
14:33:43.0524 6012 ============================================================
14:33:43.0558 6012 C: <-> \Device\Harddisk0\DR0\Partition0
14:33:43.0745 6012 D: <-> \Device\Harddisk0\DR0\Partition1
14:33:43.0746 6012 ============================================================
14:33:43.0746 6012 Initialize success
14:33:43.0746 6012 ============================================================
14:33:54.0800 2552 ============================================================
14:33:54.0800 2552 Scan started
14:33:54.0800 2552 Mode: Manual;
14:33:54.0800 2552 ============================================================
14:33:56.0571 2552 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:33:56.0604 2552 ACPI - ok
14:33:56.0681 2552 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:33:56.0691 2552 adp94xx - ok
14:33:56.0721 2552 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:33:56.0735 2552 adpahci - ok
14:33:56.0751 2552 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:33:56.0755 2552 adpu160m - ok
14:33:56.0771 2552 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:33:56.0782 2552 adpu320 - ok
14:33:56.0826 2552 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:33:56.0830 2552 AeLookupSvc - ok
14:33:56.0880 2552 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:33:56.0896 2552 AFD - ok
14:33:56.0950 2552 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:33:56.0953 2552 agp440 - ok
14:33:56.0972 2552 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:33:56.0979 2552 aic78xx - ok
14:33:56.0999 2552 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:33:57.0001 2552 ALG - ok
14:33:57.0009 2552 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:33:57.0012 2552 aliide - ok
14:33:57.0024 2552 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:33:57.0027 2552 amdagp - ok
14:33:57.0038 2552 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:33:57.0041 2552 amdide - ok
14:33:57.0059 2552 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:33:57.0063 2552 AmdK7 - ok
14:33:57.0081 2552 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:33:57.0082 2552 AmdK8 - ok
14:33:57.0128 2552 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:33:57.0130 2552 Appinfo - ok
14:33:57.0224 2552 Apple Mobile Device (d503df3aba595f551b98b9bae017a271) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:33:57.0236 2552 Apple Mobile Device - ok
14:33:57.0252 2552 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:33:57.0254 2552 arc - ok
14:33:57.0288 2552 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:33:57.0290 2552 arcsas - ok
14:33:57.0327 2552 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
14:33:57.0329 2552 aswFsBlk - ok
14:33:57.0377 2552 aswFW (80beddcbb4a1417cec0c78a61cac0f66) C:\Windows\system32\drivers\aswFW.sys
14:33:57.0379 2552 aswFW - ok
14:33:57.0438 2552 aswKbd (81e695913fefd4e23360a69c0f151797) C:\Windows\system32\drivers\aswKbd.sys
14:33:57.0440 2552 aswKbd - ok
14:33:57.0466 2552 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
14:33:57.0469 2552 aswMonFlt - ok
14:33:57.0490 2552 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
14:33:57.0492 2552 aswNdis - ok
14:33:57.0558 2552 aswNdis2 (72c8f79d72b4ff6e1627276ddf4b01c9) C:\Windows\system32\drivers\aswNdis2.sys
14:33:57.0564 2552 aswNdis2 - ok
14:33:57.0583 2552 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
14:33:57.0586 2552 aswRdr - ok
14:33:57.0619 2552 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
14:33:57.0631 2552 aswSnx - ok
14:33:57.0657 2552 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
14:33:57.0672 2552 aswSP - ok
14:33:57.0691 2552 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
14:33:57.0695 2552 aswTdi - ok
14:33:57.0729 2552 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:33:57.0731 2552 AsyncMac - ok
14:33:57.0755 2552 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:33:57.0758 2552 atapi - ok
14:33:57.0818 2552 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:33:57.0826 2552 AudioEndpointBuilder - ok
14:33:57.0834 2552 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:33:57.0840 2552 Audiosrv - ok
14:33:57.0907 2552 avast! Antivirus (2695e3e9497bf72abb44b5010ec5da16) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:33:57.0910 2552 avast! Antivirus - ok
14:33:57.0932 2552 avast! Firewall - ok
14:33:57.0971 2552 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:33:57.0974 2552 Beep - ok
14:33:58.0033 2552 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:33:58.0048 2552 BFE - ok
14:33:58.0136 2552 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
14:33:58.0160 2552 BITS - ok
14:33:58.0176 2552 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:33:58.0180 2552 blbdrive - ok
14:33:58.0199 2552 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:33:58.0202 2552 bowser - ok
14:33:58.0239 2552 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:33:58.0241 2552 BrFiltLo - ok
14:33:58.0256 2552 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:33:58.0258 2552 BrFiltUp - ok
14:33:58.0282 2552 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:33:58.0287 2552 Browser - ok
14:33:58.0308 2552 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:33:58.0311 2552 Brserid - ok
14:33:58.0330 2552 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:33:58.0333 2552 BrSerWdm - ok
14:33:58.0348 2552 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:33:58.0351 2552 BrUsbMdm - ok
14:33:58.0364 2552 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:33:58.0366 2552 BrUsbSer - ok
14:33:58.0378 2552 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:33:58.0381 2552 BTHMODEM - ok
14:33:58.0433 2552 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:33:58.0436 2552 cdfs - ok
14:33:58.0462 2552 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:33:58.0468 2552 cdrom - ok
14:33:58.0512 2552 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:33:58.0515 2552 CertPropSvc - ok
14:33:58.0532 2552 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:33:58.0535 2552 circlass - ok
14:33:58.0569 2552 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:33:58.0577 2552 CLFS - ok
14:33:58.0636 2552 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:33:58.0640 2552 clr_optimization_v2.0.50727_32 - ok
14:33:58.0726 2552 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:33:58.0731 2552 clr_optimization_v4.0.30319_32 - ok
14:33:58.0763 2552 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:33:58.0765 2552 cmdide - ok
14:33:58.0782 2552 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
14:33:58.0785 2552 Compbatt - ok
14:33:58.0790 2552 COMSysApp - ok
14:33:58.0806 2552 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:33:58.0809 2552 crcdisk - ok
14:33:58.0827 2552 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:33:58.0831 2552 Crusoe - ok
14:33:58.0883 2552 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
14:33:58.0895 2552 CryptSvc - ok
14:33:58.0972 2552 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:33:58.0985 2552 DcomLaunch - ok
14:33:59.0033 2552 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:33:59.0036 2552 DfsC - ok
14:33:59.0265 2552 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:33:59.0279 2552 DFSR - ok
14:33:59.0392 2552 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:33:59.0397 2552 Dhcp - ok
14:33:59.0453 2552 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:33:59.0456 2552 disk - ok
14:33:59.0496 2552 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:33:59.0509 2552 Dnscache - ok
14:33:59.0530 2552 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:33:59.0540 2552 dot3svc - ok
14:33:59.0585 2552 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:33:59.0591 2552 DPS - ok
14:33:59.0650 2552 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:33:59.0652 2552 drmkaud - ok
14:33:59.0752 2552 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:33:59.0770 2552 DXGKrnl - ok
14:33:59.0809 2552 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:33:59.0813 2552 E1G60 - ok
14:33:59.0849 2552 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:33:59.0852 2552 EapHost - ok
14:33:59.0917 2552 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:33:59.0929 2552 Ecache - ok
14:34:00.0084 2552 eDataSecurity Service (b1f2503e23425b386df0f3413b2596f3) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
14:34:00.0087 2552 eDataSecurity Service - ok
14:34:00.0189 2552 ehRecvr (3a511ed3c9a9da2cd5a50ff46178063a) C:\Windows\ehome\ehRecvr.exe
14:34:00.0195 2552 ehRecvr - ok
14:34:00.0208 2552 ehSched (a3d94c93333619458af4bde7531234c5) C:\Windows\ehome\ehsched.exe
14:34:00.0209 2552 ehSched - ok
14:34:00.0227 2552 ehstart (487ba5c5bb442bd172f120dc197811c2) C:\Windows\ehome\ehstart.dll
14:34:00.0229 2552 ehstart - ok
14:34:00.0384 2552 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:34:00.0397 2552 elxstor - ok
14:34:00.0442 2552 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:34:00.0447 2552 EMDMgmt - ok
14:34:00.0475 2552 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:34:00.0478 2552 ErrDev - ok
14:34:00.0557 2552 ETService (6ce3bfe7b289df112cfa6285d16b56c5) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
14:34:00.0558 2552 ETService - ok
14:34:00.0591 2552 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:34:00.0595 2552 EventSystem - ok
14:34:00.0631 2552 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:34:00.0643 2552 exfat - ok
14:34:00.0660 2552 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:34:00.0662 2552 fastfat - ok
14:34:00.0698 2552 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:34:00.0699 2552 fdc - ok
14:34:00.0718 2552 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:34:00.0721 2552 fdPHost - ok
14:34:00.0734 2552 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:34:00.0736 2552 FDResPub - ok
14:34:00.0749 2552 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:34:00.0750 2552 FileInfo - ok
14:34:00.0762 2552 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:34:00.0764 2552 Filetrace - ok
14:34:00.0773 2552 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:34:00.0775 2552 flpydisk - ok
14:34:00.0793 2552 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:34:00.0803 2552 FltMgr - ok
14:34:00.0900 2552 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:34:00.0906 2552 FontCache - ok
14:34:01.0033 2552 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:34:01.0035 2552 FontCache3.0.0.0 - ok
14:34:01.0107 2552 ForceWare Intelligent Application Manager (IAM) (283195c5301eadbcf56dee637573ed12) C:\Program Files\bin32\nSvcAppFlt.exe
14:34:01.0121 2552 ForceWare Intelligent Application Manager (IAM) - ok
14:34:01.0197 2552 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:34:01.0198 2552 Fs_Rec - ok
14:34:01.0211 2552 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:34:01.0213 2552 gagp30kx - ok
14:34:01.0288 2552 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:34:01.0302 2552 gpsvc - ok
14:34:01.0426 2552 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:34:01.0447 2552 gupdate - ok
14:34:01.0454 2552 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:34:01.0457 2552 gupdatem - ok
14:34:01.0524 2552 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:34:01.0534 2552 HdAudAddService - ok
14:34:01.0580 2552 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:34:01.0614 2552 HDAudBus - ok
14:34:01.0627 2552 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:34:01.0629 2552 HidBth - ok
14:34:01.0644 2552 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:34:01.0646 2552 HidIr - ok
14:34:01.0673 2552 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
14:34:01.0676 2552 hidserv - ok
14:34:01.0722 2552 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:34:01.0724 2552 HidUsb - ok
14:34:01.0746 2552 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:34:01.0752 2552 hkmsvc - ok
14:34:01.0765 2552 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:34:01.0767 2552 HpCISSs - ok
14:34:01.0799 2552 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:34:01.0819 2552 HTTP - ok
14:34:01.0841 2552 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:34:01.0844 2552 i2omp - ok
14:34:01.0887 2552 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:34:01.0890 2552 i8042prt - ok
14:34:01.0919 2552 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:34:01.0927 2552 iaStorV - ok
14:34:02.0045 2552 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:34:02.0073 2552 idsvc - ok
14:34:02.0089 2552 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:34:02.0091 2552 iirsp - ok
14:34:02.0134 2552 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:34:02.0145 2552 IKEEXT - ok
14:34:02.0199 2552 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
14:34:02.0201 2552 int15 - ok
14:34:02.0355 2552 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
14:34:02.0392 2552 IntcAzAudAddService - ok
14:34:02.0542 2552 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:34:02.0544 2552 intelide - ok
14:34:02.0556 2552 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:34:02.0559 2552 intelppm - ok
14:34:02.0585 2552 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:34:02.0599 2552 IPBusEnum - ok
14:34:02.0619 2552 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:34:02.0621 2552 IpFilterDriver - ok
14:34:02.0654 2552 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:34:02.0665 2552 iphlpsvc - ok
14:34:02.0670 2552 IpInIp - ok
14:34:02.0685 2552 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:34:02.0688 2552 IPMIDRV - ok
14:34:02.0722 2552 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:34:02.0726 2552 IPNAT - ok
14:34:02.0736 2552 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:34:02.0739 2552 IRENUM - ok
14:34:02.0752 2552 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:34:02.0755 2552 isapnp - ok
14:34:02.0804 2552 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:34:02.0815 2552 iScsiPrt - ok
14:34:02.0829 2552 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:34:02.0832 2552 iteatapi - ok
14:34:02.0848 2552 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:34:02.0851 2552 iteraid - ok
14:34:02.0876 2552 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:34:02.0879 2552 kbdclass - ok
14:34:02.0892 2552 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
14:34:02.0895 2552 kbdhid - ok
14:34:02.0919 2552 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:34:02.0924 2552 KeyIso - ok
14:34:03.0037 2552 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
14:34:03.0047 2552 KSecDD - ok
14:34:03.0108 2552 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:34:03.0128 2552 KtmRm - ok
14:34:03.0162 2552 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
14:34:03.0172 2552 LanmanServer - ok
14:34:03.0209 2552 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:34:03.0229 2552 LanmanWorkstation - ok
14:34:03.0407 2552 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
14:34:03.0443 2552 Lavasoft Ad-Aware Service - ok
14:34:03.0505 2552 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
14:34:03.0507 2552 Lavasoft Kernexplorer - ok
14:34:03.0678 2552 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
14:34:03.0681 2552 Lbd - ok
14:34:03.0716 2552 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:34:03.0719 2552 lltdio - ok
14:34:03.0752 2552 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:34:03.0762 2552 lltdsvc - ok
14:34:03.0774 2552 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:34:03.0780 2552 lmhosts - ok
14:34:03.0803 2552 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:34:03.0816 2552 LSI_FC - ok
14:34:03.0835 2552 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:34:03.0841 2552 LSI_SAS - ok
14:34:03.0858 2552 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:34:03.0871 2552 LSI_SCSI - ok
14:34:03.0886 2552 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:34:03.0892 2552 luafv - ok
14:34:03.0915 2552 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
14:34:03.0918 2552 MBAMProtector - ok
14:34:04.0000 2552 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:34:04.0008 2552 MBAMService - ok
14:34:04.0072 2552 Mcx2Svc (3bd2ad18179dead6652e87157fb98e4a) C:\Windows\system32\Mcx2Svc.dll
14:34:04.0079 2552 Mcx2Svc - ok
14:34:04.0113 2552 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:34:04.0115 2552 megasas - ok
14:34:04.0140 2552 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:34:04.0146 2552 MegaSR - ok
14:34:04.0242 2552 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:34:04.0244 2552 Microsoft Office Groove Audit Service - ok
14:34:04.0263 2552 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:34:04.0267 2552 MMCSS - ok
14:34:04.0278 2552 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:34:04.0279 2552 Modem - ok
14:34:04.0321 2552 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:34:04.0322 2552 monitor - ok
14:34:04.0363 2552 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:34:04.0365 2552 mouclass - ok
14:34:04.0379 2552 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:34:04.0382 2552 mouhid - ok
14:34:04.0398 2552 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:34:04.0400 2552 MountMgr - ok
14:34:04.0458 2552 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:34:04.0517 2552 MozillaMaintenance - ok
14:34:04.0551 2552 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:34:04.0564 2552 mpio - ok
14:34:04.0582 2552 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:34:04.0585 2552 mpsdrv - ok
14:34:04.0635 2552 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:34:04.0644 2552 MpsSvc - ok
14:34:04.0685 2552 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:34:04.0688 2552 Mraid35x - ok
14:34:04.0715 2552 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:34:04.0719 2552 MRxDAV - ok
14:34:04.0766 2552 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:34:04.0770 2552 mrxsmb - ok
14:34:04.0824 2552 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:34:04.0830 2552 mrxsmb10 - ok
14:34:04.0872 2552 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:34:04.0876 2552 mrxsmb20 - ok
14:34:04.0915 2552 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:34:04.0917 2552 msahci - ok
14:34:04.0932 2552 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:34:04.0945 2552 msdsm - ok
14:34:04.0975 2552 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:34:04.0987 2552 MSDTC - ok
14:34:05.0025 2552 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:34:05.0028 2552 Msfs - ok
14:34:05.0072 2552 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:34:05.0074 2552 msisadrv - ok
14:34:05.0103 2552 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:34:05.0116 2552 MSiSCSI - ok
14:34:05.0121 2552 msiserver - ok
14:34:05.0148 2552 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:34:05.0151 2552 MSKSSRV - ok
14:34:05.0189 2552 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:34:05.0192 2552 MSPCLOCK - ok
14:34:05.0200 2552 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:34:05.0202 2552 MSPQM - ok
14:34:05.0228 2552 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:34:05.0238 2552 MsRPC - ok
14:34:05.0256 2552 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:34:05.0259 2552 mssmbios - ok
14:34:05.0282 2552 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:34:05.0285 2552 MSTEE - ok
14:34:05.0319 2552 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:34:05.0322 2552 Mup - ok
14:34:05.0354 2552 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:34:05.0385 2552 napagent - ok
14:34:05.0431 2552 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:34:05.0442 2552 NativeWifiP - ok
14:34:05.0500 2552 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:34:05.0517 2552 NDIS - ok
14:34:05.0540 2552 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:34:05.0543 2552 NdisTapi - ok
14:34:05.0552 2552 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:34:05.0555 2552 Ndisuio - ok
14:34:05.0572 2552 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:34:05.0584 2552 NdisWan - ok
14:34:05.0604 2552 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:34:05.0607 2552 NDProxy - ok
14:34:05.0623 2552 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:34:05.0627 2552 NetBIOS - ok
14:34:05.0649 2552 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:34:05.0659 2552 netbt - ok
14:34:05.0669 2552 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:34:05.0675 2552 Netlogon - ok
14:34:05.0721 2552 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:34:05.0726 2552 Netman - ok
14:34:05.0751 2552 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:34:05.0760 2552 netprofm - ok
14:34:05.0819 2552 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:34:05.0831 2552 NetTcpPortSharing - ok
14:34:05.0857 2552 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:34:05.0861 2552 nfrd960 - ok
14:34:05.0897 2552 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:34:05.0908 2552 NlaSvc - ok
14:34:05.0981 2552 NMIndexingService - ok
14:34:06.0018 2552 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:34:06.0019 2552 Npfs - ok
14:34:06.0044 2552 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:34:06.0048 2552 nsi - ok
14:34:06.0081 2552 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:34:06.0083 2552 nsiproxy - ok
14:34:06.0157 2552 nSvcIp (3c7bd1ec817d300a8826d49c406d5894) C:\Program Files\bin32\nSvcIp.exe
14:34:06.0169 2552 nSvcIp - ok
14:34:06.0257 2552 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:34:06.0272 2552 Ntfs - ok
14:34:06.0309 2552 NTIBackupSvc (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
14:34:06.0311 2552 NTIBackupSvc - ok
14:34:06.0333 2552 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
14:34:06.0335 2552 NTIDrvr - ok
14:34:06.0364 2552 NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
14:34:06.0373 2552 NTISchedulerSvc - ok
14:34:06.0388 2552 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:34:06.0389 2552 ntrigdigi - ok
14:34:06.0406 2552 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:34:06.0409 2552 Null - ok
14:34:06.0513 2552 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:34:06.0527 2552 NVENETFD - ok
14:34:06.0551 2552 NVHDA (f972dc046c374a9e02f2dfbe74ebb203) C:\Windows\system32\drivers\nvhda32v.sys
14:34:06.0553 2552 NVHDA - ok
14:34:07.0623 2552 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:34:07.0687 2552 nvlddmkm - ok
14:34:07.0894 2552 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:34:07.0896 2552 nvraid - ok
14:34:07.0942 2552 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
14:34:07.0943 2552 nvsmu - ok
14:34:07.0957 2552 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:34:07.0960 2552 nvstor - ok
14:34:08.0011 2552 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
14:34:08.0012 2552 nvstor32 - ok
14:34:08.0044 2552 nvsvc (4ed813efd77a9b7e57e341cdc1c5cbc4) C:\Windows\system32\nvvsvc.exe
14:34:08.0048 2552 nvsvc - ok
14:34:08.0063 2552 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:34:08.0068 2552 nv_agp - ok
14:34:08.0072 2552 NwlnkFlt - ok
14:34:08.0079 2552 NwlnkFwd - ok
14:34:08.0173 2552 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:34:08.0185 2552 odserv - ok
14:34:08.0210 2552 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:34:08.0212 2552 ohci1394 - ok
14:34:08.0278 2552 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:34:08.0289 2552 ose - ok
14:34:08.0337 2552 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:34:08.0351 2552 p2pimsvc - ok
14:34:08.0358 2552 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:34:08.0366 2552 p2psvc - ok
14:34:08.0405 2552 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:34:08.0407 2552 Parport - ok
14:34:08.0458 2552 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
14:34:08.0461 2552 partmgr - ok
14:34:08.0503 2552 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:34:08.0505 2552 Parvdm - ok
14:34:08.0534 2552 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:34:08.0538 2552 PcaSvc - ok
14:34:08.0566 2552 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:34:08.0578 2552 pci - ok
14:34:08.0606 2552 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:34:08.0608 2552 pciide - ok
14:34:08.0626 2552 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:34:08.0630 2552 pcmcia - ok
14:34:08.0709 2552 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
14:34:08.0712 2552 pcouffin - ok
14:34:08.0876 2552 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:34:08.0896 2552 PEAUTH - ok
14:34:09.0142 2552 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:34:09.0183 2552 pla - ok
14:34:09.0318 2552 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:34:09.0344 2552 PlugPlay - ok
14:34:09.0400 2552 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:34:09.0414 2552 PNRPAutoReg - ok
14:34:09.0425 2552 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:34:09.0442 2552 PNRPsvc - ok
14:34:09.0492 2552 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:34:09.0501 2552 PolicyAgent - ok
14:34:09.0543 2552 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:34:09.0546 2552 PptpMiniport - ok
14:34:09.0560 2552 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
14:34:09.0563 2552 Processor - ok
14:34:09.0581 2552 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:34:09.0600 2552 ProfSvc - ok
14:34:09.0619 2552 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:34:09.0621 2552 ProtectedStorage - ok
14:34:09.0636 2552 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:34:09.0639 2552 PSched - ok
14:34:09.0658 2552 PSDFilter (628321c8dd76ad369b362b202e655a68) C:\Windows\system32\DRIVERS\psdfilter.sys
14:34:09.0661 2552 PSDFilter - ok
14:34:09.0693 2552 PSDNServ (79d7117e62709c7690cf3dd55acead37) C:\Windows\system32\DRIVERS\PSDNServ.sys
14:34:09.0696 2552 PSDNServ - ok
14:34:09.0710 2552 psdvdisk (cae5e82827990cf4bd4a49576bde3a43) C:\Windows\system32\DRIVERS\PSDVdisk.sys
14:34:09.0713 2552 psdvdisk - ok
14:34:09.0821 2552 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:34:09.0888 2552 ql2300 - ok
14:34:09.0915 2552 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:34:09.0928 2552 ql40xx - ok
14:34:09.0961 2552 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:34:09.0977 2552 QWAVE - ok
14:34:10.0006 2552 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:34:10.0009 2552 QWAVEdrv - ok
14:34:10.0159 2552 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
14:34:10.0164 2552 RapportCerberus_34302 - ok
14:34:10.0247 2552 RapportEI (a5a800faa8ab5f7f19743cd60cc1cbed) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
14:34:10.0251 2552 RapportEI - ok
14:34:10.0333 2552 RapportIaso (35199ec35edc7dcba71fda711dfb05c0) c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
14:34:10.0337 2552 RapportIaso - ok
14:34:10.0377 2552 RapportKELL (e5adfe497baf93eac2be20a58c40c874) C:\Windows\system32\Drivers\RapportKELL.sys
14:34:10.0381 2552 RapportKELL - ok
14:34:10.0465 2552 RapportMgmtService (c862053be4168c0bb6191af76b9fc878) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
14:34:10.0491 2552 RapportMgmtService - ok
14:34:10.0544 2552 RapportPG (fe69d9bc32dccb4b49885070d6518275) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
14:34:10.0555 2552 RapportPG - ok
14:34:10.0572 2552 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:34:10.0576 2552 RasAcd - ok
14:34:10.0604 2552 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:34:10.0617 2552 RasAuto - ok
14:34:10.0632 2552 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:34:10.0636 2552 Rasl2tp - ok
14:34:10.0671 2552 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:34:10.0687 2552 RasMan - ok
14:34:10.0701 2552 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:34:10.0703 2552 RasPppoe - ok
14:34:10.0718 2552 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:34:10.0721 2552 RasSstp - ok
14:34:10.0746 2552 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:34:10.0756 2552 rdbss - ok
14:34:10.0771 2552 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:34:10.0773 2552 RDPCDD - ok
14:34:10.0802 2552 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:34:10.0811 2552 rdpdr - ok
14:34:10.0819 2552 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:34:10.0821 2552 RDPENCDD - ok
14:34:11.0007 2552 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
14:34:11.0030 2552 RDPWD - ok
14:34:11.0069 2552 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:34:11.0083 2552 RemoteAccess - ok
14:34:11.0104 2552 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:34:11.0117 2552 RemoteRegistry - ok
14:34:11.0135 2552 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:34:11.0143 2552 RpcLocator - ok
14:34:11.0252 2552 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:34:11.0266 2552 RpcSs - ok
14:34:11.0318 2552 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:34:11.0321 2552 rspndr - ok
14:34:11.0335 2552 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:34:11.0338 2552 SamSs - ok
14:34:11.0401 2552 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:34:11.0403 2552 SASDIFSV - ok
14:34:11.0433 2552 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
14:34:11.0434 2552 SASENUM - ok
14:34:11.0459 2552 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
14:34:11.0461 2552 SASKUTIL - ok
14:34:11.0483 2552 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:34:11.0486 2552 sbp2port - ok
14:34:11.0509 2552 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:34:11.0522 2552 SCardSvr - ok
14:34:11.0570 2552 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:34:11.0593 2552 Schedule - ok
14:34:11.0611 2552 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:34:11.0612 2552 SCPolicySvc - ok
14:34:11.0644 2552 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:34:11.0658 2552 SDRSVC - ok
14:34:11.0673 2552 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:34:11.0675 2552 secdrv - ok
14:34:11.0689 2552 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:34:11.0713 2552 seclogon - ok
14:34:11.0731 2552 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:34:11.0741 2552 SENS - ok
14:34:11.0755 2552 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:34:11.0758 2552 Serenum - ok
14:34:11.0776 2552 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:34:11.0781 2552 Serial - ok
14:34:11.0793 2552 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:34:11.0796 2552 sermouse - ok
14:34:11.0825 2552 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:34:11.0838 2552 SessionEnv - ok
14:34:11.0851 2552 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:34:11.0854 2552 sffdisk - ok
14:34:11.0873 2552 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:34:11.0876 2552 sffp_mmc - ok
14:34:11.0889 2552 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:34:11.0891 2552 sffp_sd - ok
14:34:11.0902 2552 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:34:11.0904 2552 sfloppy - ok
14:34:11.0936 2552 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:34:11.0969 2552 SharedAccess - ok
14:34:11.0999 2552 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:34:12.0008 2552 ShellHWDetection - ok
14:34:12.0024 2552 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:34:12.0027 2552 sisagp - ok
14:34:12.0039 2552 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:34:12.0042 2552 SiSRaid2 - ok
14:34:12.0062 2552 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:34:12.0064 2552 SiSRaid4 - ok
14:34:12.0697 2552 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:34:12.0787 2552 slsvc - ok
14:34:13.0380 2552 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:34:13.0392 2552 SLUINotify - ok
14:34:13.0436 2552 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:34:13.0440 2552 Smb - ok
14:34:13.0468 2552 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:34:13.0477 2552 SNMPTRAP - ok
14:34:13.0500 2552 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:34:13.0503 2552 spldr - ok
14:34:13.0523 2552 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:34:13.0535 2552 Spooler - ok
14:34:13.0570 2552 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:34:13.0584 2552 srv - ok
14:34:13.0612 2552 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:34:13.0622 2552 srv2 - ok
14:34:13.0645 2552 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:34:13.0657 2552 srvnet - ok
14:34:13.0682 2552 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:34:13.0703 2552 SSDPSRV - ok
14:34:13.0726 2552 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:34:13.0746 2552 SstpSvc - ok
14:34:13.0812 2552 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:34:13.0837 2552 stisvc - ok
14:34:13.0861 2552 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:34:13.0864 2552 swenum - ok
14:34:13.0908 2552 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:34:13.0921 2552 swprv - ok
14:34:13.0936 2552 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:34:13.0939 2552 Symc8xx - ok
14:34:13.0952 2552 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:34:13.0955 2552 Sym_hi - ok
14:34:13.0974 2552 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:34:13.0977 2552 Sym_u3 - ok
14:34:14.0027 2552 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:34:14.0051 2552 SysMain - ok
14:34:14.0078 2552 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:34:14.0092 2552 TabletInputService - ok
14:34:14.0122 2552 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:34:14.0139 2552 TapiSrv - ok
14:34:14.0154 2552 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:34:14.0165 2552 TBS - ok
14:34:14.0238 2552 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
14:34:14.0262 2552 Tcpip - ok
14:34:14.0279 2552 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
14:34:14.0290 2552 Tcpip6 - ok
14:34:14.0347 2552 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:34:14.0350 2552 tcpipreg - ok
14:34:14.0373 2552 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:34:14.0375 2552 TDPIPE - ok
14:34:14.0386 2552 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:34:14.0388 2552 TDTCP - ok
14:34:14.0406 2552 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:34:14.0409 2552 tdx - ok
14:34:14.0428 2552 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:34:14.0430 2552 TermDD - ok
14:34:14.0456 2552 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:34:14.0469 2552 TermService - ok
14:34:14.0498 2552 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:34:14.0504 2552 Themes - ok
14:34:14.0529 2552 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:34:14.0532 2552 THREADORDER - ok
14:34:14.0559 2552 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:34:14.0565 2552 TrkWks - ok
14:34:14.0599 2552 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:34:14.0601 2552 TrustedInstaller - ok
14:34:14.0624 2552 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:34:14.0627 2552 tssecsrv - ok
14:34:14.0642 2552 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:34:14.0645 2552 tunmp - ok
14:34:14.0669 2552 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:34:14.0672 2552 tunnel - ok
14:34:14.0695 2552 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:34:14.0702 2552 uagp35 - ok
14:34:14.0725 2552 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:34:14.0737 2552 udfs - ok
14:34:14.0767 2552 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:34:14.0778 2552 UI0Detect - ok
14:34:14.0802 2552 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:34:14.0809 2552 uliagpkx - ok
14:34:14.0840 2552 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:34:14.0879 2552 uliahci - ok
14:34:14.0902 2552 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:34:14.0915 2552 UlSata - ok
14:34:14.0933 2552 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:34:14.0945 2552 ulsata2 - ok
14:34:14.0962 2552 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:34:14.0965 2552 umbus - ok
14:34:14.0993 2552 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:34:15.0005 2552 upnphost - ok
14:34:15.0036 2552 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:34:15.0044 2552 usbccgp - ok
14:34:15.0074 2552 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:34:15.0080 2552 usbcir - ok
14:34:15.0125 2552 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:34:15.0128 2552 usbehci - ok
14:34:15.0150 2552 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:34:15.0160 2552 usbhub - ok
14:34:15.0184 2552 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:34:15.0187 2552 usbohci - ok
14:34:15.0208 2552 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
14:34:15.0211 2552 usbprint - ok
14:34:15.0227 2552 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:34:15.0231 2552 USBSTOR - ok
14:34:15.0246 2552 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:34:15.0250 2552 usbuhci - ok
14:34:15.0279 2552 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:34:15.0291 2552 usbvideo - ok
14:34:15.0308 2552 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:34:15.0318 2552 UxSms - ok
14:34:15.0360 2552 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:34:15.0380 2552 vds - ok
14:34:15.0416 2552 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:34:15.0420 2552 vga - ok
14:34:15.0437 2552 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:34:15.0440 2552 VgaSave - ok
14:34:15.0459 2552 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:34:15.0462 2552 viaagp - ok
14:34:15.0488 2552 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:34:15.0491 2552 ViaC7 - ok
14:34:15.0505 2552 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:34:15.0509 2552 viaide - ok
14:34:15.0517 2552 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:34:15.0520 2552 volmgr - ok
14:34:15.0559 2552 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:34:15.0581 2552 volmgrx - ok
14:34:15.0605 2552 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:34:15.0610 2552 volsnap - ok
14:34:15.0650 2552 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:34:15.0662 2552 vsmraid - ok
14:34:15.0750 2552 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:34:15.0770 2552 VSS - ok
14:34:15.0916 2552 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:34:15.0931 2552 W32Time - ok
14:34:15.0988 2552 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:34:15.0992 2552 WacomPen - ok
14:34:16.0011 2552 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:34:16.0015 2552 Wanarp - ok
14:34:16.0020 2552 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:34:16.0023 2552 Wanarpv6 - ok
14:34:16.0066 2552 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:34:16.0081 2552 wcncsvc - ok
14:34:16.0114 2552 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:34:16.0124 2552 WcsPlugInService - ok
14:34:16.0138 2552 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:34:16.0141 2552 Wd - ok
14:34:16.0201 2552 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:34:16.0208 2552 Wdf01000 - ok
14:34:16.0227 2552 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:34:16.0242 2552 WdiServiceHost - ok
14:34:16.0247 2552 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:34:16.0257 2552 WdiSystemHost - ok
14:34:16.0289 2552 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:34:16.0301 2552 WebClient - ok
14:34:16.0357 2552 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:34:16.0369 2552 Wecsvc - ok
14:34:16.0402 2552 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:34:16.0408 2552 wercplsupport - ok
14:34:16.0451 2552 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:34:16.0463 2552 WerSvc - ok
14:34:16.0515 2552 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:34:16.0524 2552 WinDefend - ok
14:34:16.0529 2552 WinHttpAutoProxySvc - ok
14:34:16.0600 2552 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:34:16.0603 2552 Winmgmt - ok
14:34:16.0759 2552 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:34:16.0803 2552 WinRM - ok
14:34:16.0913 2552 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:34:16.0946 2552 Wlansvc - ok
14:34:16.0993 2552 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:34:16.0996 2552 WmiAcpi - ok
14:34:17.0050 2552 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:34:17.0054 2552 wmiApSrv - ok
14:34:17.0224 2552 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:34:17.0507 2552 WMPNetworkSvc - ok
14:34:17.0556 2552 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:34:17.0569 2552 WPCSvc - ok
14:34:17.0615 2552 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:34:17.0627 2552 WPDBusEnum - ok
14:34:17.0666 2552 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:34:17.0669 2552 WpdUsb - ok
14:34:17.0927 2552 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:34:17.0946 2552 WPFFontCache_v0400 - ok
14:34:17.0967 2552 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:34:17.0970 2552 ws2ifsl - ok
14:34:18.0000 2552 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
14:34:18.0012 2552 wscsvc - ok
14:34:18.0018 2552 WSearch - ok
14:34:18.0280 2552 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
14:34:18.0315 2552 wuauserv - ok
14:34:18.0486 2552 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:34:18.0491 2552 WUDFRd - ok
14:34:18.0517 2552 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:34:18.0532 2552 wudfsvc - ok
14:34:18.0550 2552 MBR (0x1B8) (ef932eaa6ef4c94e66a7f6ceec7eb422) \Device\Harddisk0\DR0
14:34:21.0059 2552 \Device\Harddisk0\DR0 - ok
14:34:21.0073 2552 Boot (0x1200) (c2827fb1daa3287be850444ad07ab3da) \Device\Harddisk0\DR0\Partition0
14:34:21.0076 2552 \Device\Harddisk0\DR0\Partition0 - ok
14:34:21.0098 2552 Boot (0x1200) (93fde9f26d4d3ce5e6c7a510d34d9abc) \Device\Harddisk0\DR0\Partition1
14:34:21.0100 2552 \Device\Harddisk0\DR0\Partition1 - ok
14:34:21.0101 2552 ============================================================
14:34:21.0101 2552 Scan finished
14:34:21.0101 2552 ============================================================
14:34:21.0111 3924 Detected object count: 0
14:34:21.0111 3924 Actual detected object count: 0


and the aswMBR log file

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 14:40:07
-----------------------------
14:40:07.547 OS Version: Windows 6.0.6002 Service Pack 2
14:40:07.547 Number of processors: 2 586 0x203
14:40:07.547 ComputerName: SUE-PC UserName: admin
14:40:26.464 Initialize success
14:42:09.439 AVAST engine defs: 12081100
14:42:19.469 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
14:42:19.472 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 6
14:42:19.487 Disk 0 MBR read successfully
14:42:19.491 Disk 0 MBR scan
14:42:19.503 Disk 0 unknown MBR code
14:42:19.509 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
14:42:19.530 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145453 MB offset 29362176
14:42:19.555 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 145454 MB offset 327249920
14:42:19.573 Disk 0 scanning sectors +625139712
14:42:19.647 Disk 0 scanning C:\Windows\system32\drivers
14:42:28.066 Service scanning
14:42:52.153 Modules scanning
14:43:22.188 Disk 0 trace - called modules:
14:43:22.555 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
14:43:22.560 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x93d05578]
14:43:22.568 3 CLASSPNP.SYS[977e28b3] -> nt!IofCallDriver -> [0x929fa770]
14:43:22.576 5 acpi.sys[9020f6bc] -> nt!IofCallDriver -> \Device\00000061[0x93787b88]
14:43:23.390 AVAST engine scan C:\Windows
14:43:32.290 AVAST engine scan C:\Windows\system32
14:47:26.932 AVAST engine scan C:\Windows\system32\drivers
14:48:02.174 AVAST engine scan C:\Users\admin
14:53:32.674 AVAST engine scan C:\ProgramData
14:56:38.941 Scan finished successfully
15:18:08.775 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
15:18:08.794 The log file has been saved successfully to "F:\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 15:20:40
-----------------------------
15:20:40.130 OS Version: Windows 6.0.6002 Service Pack 2
15:20:40.130 Number of processors: 2 586 0x203
15:20:40.131 ComputerName: SUE-PC UserName: admin
15:20:40.867 Initialize success
15:20:53.548 AVAST engine defs: 12081100
15:20:57.951 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
15:20:57.953 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 6
15:20:58.001 Disk 0 MBR read successfully
15:20:58.005 Disk 0 MBR scan
15:20:58.013 Disk 0 unknown MBR code
15:20:58.024 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
15:20:58.046 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145453 MB offset 29362176
15:20:58.078 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 145454 MB offset 327249920
15:20:58.097 Disk 0 scanning sectors +625139712
15:20:58.198 Disk 0 scanning C:\Windows\system32\drivers
15:21:13.794 Service scanning
15:21:38.340 Modules scanning
15:22:13.102 Disk 0 trace - called modules:
15:22:13.204 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys ndis.sys nvmfdx32.sys nvlddmkm.sys dxgkrnl.sys watchdog.sys tcpip.sys NETIO.SYS
15:22:13.213 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x93d05578]
15:22:13.221 3 CLASSPNP.SYS[977e28b3] -> nt!IofCallDriver -> [0x929fa770]
15:22:13.230 5 acpi.sys[9020f6bc] -> nt!IofCallDriver -> \Device\00000061[0x93787b88]
15:22:14.297 AVAST engine scan C:\
15:56:40.636 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
15:56:40.654 The log file has been saved successfully to "F:\aswMBR.txt"

Thanks

Harlequeen

Attached Files

  • Attached File  MBR.zip   467bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 AM

Posted 11 August 2012 - 10:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#7 harlequeen

harlequeen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 12 August 2012 - 08:37 AM

HI

Here is the ComboFix log

ComboFix 12-08-10.02 - admin 12/08/2012 11:23:59.1.2 - x86
Running from: c:\users\admin\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 10:33 . 2012-08-12 10:35 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-08-12 10:33 . 2012-08-12 10:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-12 10:33 . 2012-08-12 10:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 13:47 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{802F2812-8AE7-488B-8E54-91301E92C5F6}\mpengine.dll
2012-08-04 12:08 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-04 11:59 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-08-04 11:58 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-08-04 11:58 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-04 11:58 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-04 11:58 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-08-04 11:58 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-04 11:03 . 2012-08-04 11:03 -------- d-----w- c:\program files\Magical Jelly Bean
2012-07-29 19:52 . 2012-07-29 19:52 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-07-26 19:14 . 2012-07-26 19:14 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2012-07-26 19:14 . 2012-07-26 19:14 -------- d-----w- c:\programdata\Malwarebytes
2012-07-26 19:14 . 2012-07-26 19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-26 19:14 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 19:49 . 2012-07-13 19:49 -------- d--h--w- c:\windows\PIF
2012-07-13 19:11 . 2012-07-13 19:11 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-8\Markup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 19:11 . 2010-05-17 22:18 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-06 10:50 . 2012-07-06 10:50 388096 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-06 09:21 . 2012-07-06 10:46 1402880 ----a-w- C:\HiJackThis(1).msi
2012-06-02 22:19 . 2012-07-05 15:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-05 15:50 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-05 15:48 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-05 15:48 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-07-05 15:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-07-05 15:50 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-07-05 15:48 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-07-05 15:48 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-07-05 15:48 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 11:25 . 2010-04-19 01:08 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-30 12:34 . 2010-05-17 22:18 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-05-30 12:34 . 2012-05-30 12:34 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-8\SpotlightResources.dll
2012-05-17 12:48 . 2012-05-17 12:48 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-7\SpotlightResources.dll
2012-04-29 13:51 . 2012-04-18 12:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-09 16:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-20 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-10-01 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-10-01 323584]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:cc0a612298\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-04-09 16:43 1557160 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 18:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-10-11 11:49 1179648 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTCERBERUS_42020
*Deregistered* - RapportIaso
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-20 21:18]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-20 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1006&m=aspire_x1300
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3042917&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.sky.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=W3I4&o=41648000&locale=en_UK&apn_uid=D593D66A-E2BB-431E-A6EE-14CE69BD865F&apn_ptnrs=^A9L&apn_sauid=394EF7E1-1517-4631-A5E1-5521EC67A981&apn_dtid=^YYYYYY^YY^GB&&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{00BF7B9C-ACD2-4080-BEA8-B1C41987070F} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Setresolution - c:\acer\config\1366x768.cmd
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-MontiorGeo - c:\acer\MonitorGeo.cmd
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
MSConfigStartUp-RestartNeroSetup - c:\users\admin\AppData\Local\Temp\Nero Web\SetupXu.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-12 11:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6052)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Completion time: 2012-08-12 11:38:15
ComboFix-quarantined-files.txt 2012-08-12 10:38
.
Pre-Run: 70,166,892,544 bytes free
Post-Run: 70,425,190,400 bytes free
.
- - End Of File - - F0657107601445A43954DFE06A6A7E09


and the Security log.

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.62.0.1300
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVAST Software Avast AvastSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````


Thanks

Harlequeen

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 AM

Posted 12 August 2012 - 08:50 AM

The ComboFix log is clean.
===

Using the Add/Remove programs applet delete this old version of Flash.
Adobe Flash Player 10 Flash Player out of Date!
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#9 harlequeen

harlequeen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 15 August 2012 - 02:52 PM

Hi

I removed Adobe flash Player 10
Couldn't douwnload Adobe reader to the infected computer as I can't get web pages up. I downloaded to another computer and tried then to install after copying to the infected computer, but it would not run.
Have not removed old version of Adobe, consequently

Here are the logs you asked for.

adwcleaner

# AdwCleaner v1.801 - Logfile created 08/15/2012 at 20:44:35
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : admin - SUE-PC
# Boot Mode : Normal
# Running from : C:\Users\admin\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\admin\AppData\Local\Babylon
Folder Found : C:\Users\admin\AppData\Local\Conduit
Folder Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Found : C:\Users\admin\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\admin\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\admin\AppData\LocalLow\Conduit
Folder Found : C:\Users\admin\AppData\Roaming\Babylon
Folder Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\Conduit
Folder Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\ConduitCommon
Folder Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\ConduitEngine
Folder Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\CT3042917
Folder Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\extensions\{575bddf5-790a-4d01-a37d-2863dec1c085}(103)
Folder Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\extensions\engine@conduit.com
Folder Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\extensions\toolbar@ask.com
Folder Found : C:\ProgramData\~0
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\Free Offers from Freeze.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Found : C:\ProgramData\Premium
File Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\searchplugins\Askcom.xml
File Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\searchplugins\Conduit.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Windows\system32\conduitEngine.tmp
File Found : C:\user.js

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2237994
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2392836
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Hotbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-GB)

Profile name : default
File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\prefs.js

Found : user_pref("CT2786678..clientLogIsEnabled", true);
Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2786678.AppTrackingLastCheckTime", "Wed Aug 10 2011 17:51:04 GMT+0100 (GMT Daylight Tim[...]
Found : user_pref("CT2786678.CTID", "CT2786678");
Found : user_pref("CT2786678.CurrentServerDate", "10-8-2011");
Found : user_pref("CT2786678.DialogsAlignMode", "LTR");
Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sun Aug 07 2011 22:06:02 GMT+0100 (GMT Daylight T[...]
Found : user_pref("CT2786678.DownloadReferralCookieData", "");
Found : user_pref("CT2786678.EMailNotifierPollDate", "Wed Aug 10 2011 20:46:46 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 482);
Found : user_pref("CT2786678.FeedPollDate2429156812186649977", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2786678.FeedPollDate2429156813040823546", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2786678.FeedPollDate2429156813130095866", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2786678.FeedPollDate2429156813224203613", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2786678.FeedPollDate2429156813230837251", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2786678.FeedPollDate2429156813454291735", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2786678.FeedPollDate2429156813729834876", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2786678.FeedPollDate2429156813860870021", "Wed Aug 10 2011 19:50:56 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2786678.FeedPollDate2429156814264681793", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2786678.FeedPollDate2429156814863075366", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2786678.FeedPollDate2429156815257761081", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Found : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Found : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Found : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Found : user_pref("CT2786678.FirstServerDate", "21-7-2011");
Found : user_pref("CT2786678.FirstTime", true);
Found : user_pref("CT2786678.FirstTimeFF3", true);
Found : user_pref("CT2786678.FixPageNotFoundErrors", false);
Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2786678.HasUserGlobalKeys", true);
Found : user_pref("CT2786678.HomePageProtectorEnabled", false);
Found : user_pref("CT2786678.Initialize", true);
Found : user_pref("CT2786678.InitializeCommonPrefs", true);
Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Found : user_pref("CT2786678.InstalledDate", "Thu Jul 21 2011 19:27:33 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT2786678.IsAlertDBUpdated", true);
Found : user_pref("CT2786678.IsGrouping", false);
Found : user_pref("CT2786678.IsInitSetupIni", true);
Found : user_pref("CT2786678.IsMulticommunity", false);
Found : user_pref("CT2786678.IsOpenThankYouPage", true);
Found : user_pref("CT2786678.IsOpenUninstallPage", false);
Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Wed Aug 10 2011 17:50:55 GMT+0100 (GMT Daylight Ti[...]
Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2786678.LastLogin_3.5.0.12", "Wed Aug 10 2011 17:50:55 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT2786678.LatestVersion", "3.3.3.2");
Found : user_pref("CT2786678.Locale", "en");
Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Found : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2786678.OriginalFirstVersion", "3.5.0.12");
Found : user_pref("CT2786678.SearchEngineBeforeUnload", "Google");
Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Found : user_pref("CT2786678.SearchInNewTabEnabled", true);
Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Wed Aug 10 2011 17:50:54 GMT+0100 (GMT Daylight [...]
Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2786678.SearchProtectorEnabled", false);
Found : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Wed Aug 10 2011 17:50:54 GMT+0100 (GMT Daylight Time[...]
Found : user_pref("CT2786678.SettingsLastCheckTime", "Wed Aug 10 2011 20:21:44 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("CT2786678.SettingsLastUpdate", "1312887586");
Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Thu Jul 21 2011 19:27:29 GMT+0100 (GMT Dayligh[...]
Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246786978");
Found : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Found : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2786678.UserID", "UN10343277105470356");
Found : user_pref("CT2786678.ValidationData_Search", 2);
Found : user_pref("CT2786678.ValidationData_Toolbar", 2);
Found : user_pref("CT2786678.WeatherNetwork", "");
Found : user_pref("CT2786678.WeatherPollDate", "Wed Aug 10 2011 20:21:46 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT2786678.WeatherUnit", "C");
Found : user_pref("CT2786678.alertChannelId", "1178763");
Found : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Found : user_pref("CT2786678.backendstorage.url_history", "6A6176617363726970743A736176655F666F6375733D303B7[...]
Found : user_pref("CT2786678.backendstorage.url_history_time", "31333133303035343531373331");
Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Wed Aug 10 2011 17:50:55 GMT+0100 (GMT Dayl[...]
Found : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2786678.initDone", true);
Found : user_pref("CT2786678.isAppTrackingManagerOn", true);
Found : user_pref("CT2786678.myStuffEnabled", true);
Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,111,1000234,12929569801701[...]
Found : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Found : user_pref("CT2786678.testingCtid", "");
Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Wed Aug 10 2011 17:50:55 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sun Aug 07 2011 22:06:02 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2786678.usagesFlag", 2);
Found : user_pref("CT3042917..clientLogIsEnabled", false);
Found : user_pref("CT3042917..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3042917..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3042917.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3042917.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3042917.BrowserCompStateIsOpen_1000515", true);
Found : user_pref("CT3042917.BrowserCompStateIsOpen_129575144806956036", true);
Found : user_pref("CT3042917.BrowserCompStateIsOpen_129683391284816719", true);
Found : user_pref("CT3042917.CT3042917", "CT3042917");
Found : user_pref("CT3042917.CurrentServerDate", "26-5-2012");
Found : user_pref("CT3042917.DSChangedManually", true);
Found : user_pref("CT3042917.DSInstall", true);
Found : user_pref("CT3042917.DSProtectChoice", true);
Found : user_pref("CT3042917.DSProtectCount", 1);
Found : user_pref("CT3042917.DialogsAlignMode", "LTR");
Found : user_pref("CT3042917.DialogsGetterLastCheckTime", "Sun May 27 2012 21:14:12 GMT+0100 (GMT Daylight T[...]
Found : user_pref("CT3042917.DownloadReferralCookieData", "");
Found : user_pref("CT3042917.ExternalComponentPollDate129538334474722776", "Wed May 30 2012 20:28:15 GMT+010[...]
Found : user_pref("CT3042917.FirstServerDate", "18-4-2012");
Found : user_pref("CT3042917.FirstTime", true);
Found : user_pref("CT3042917.FirstTimeFF3", true);
Found : user_pref("CT3042917.FixPageNotFoundErrors", false);
Found : user_pref("CT3042917.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3042917.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3042917.HPChangedManually", false);
Found : user_pref("CT3042917.HPInstall", true);
Found : user_pref("CT3042917.HPProtectChoice", true);
Found : user_pref("CT3042917.HPProtectCount", 1);
Found : user_pref("CT3042917.HasUserGlobalKeys", true);
Found : user_pref("CT3042917.HomePageProtectorEnabled", false);
Found : user_pref("CT3042917.HomepageBeforeUnload", "hxxp://www.sky.com/");
Found : user_pref("CT3042917.Initialize", true);
Found : user_pref("CT3042917.InitializeCommonPrefs", true);
Found : user_pref("CT3042917.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3042917.InstallationType", "Unknown");
Found : user_pref("CT3042917.InstalledDate", "Wed Apr 18 2012 13:02:17 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3042917.InvalidateCache", false);
Found : user_pref("CT3042917.IsAlertDBUpdated", true);
Found : user_pref("CT3042917.IsGrouping", false);
Found : user_pref("CT3042917.IsInitSetupIni", true);
Found : user_pref("CT3042917.IsMulticommunity", false);
Found : user_pref("CT3042917.IsOpenThankYouPage", true);
Found : user_pref("CT3042917.IsOpenUninstallPage", true);
Found : user_pref("CT3042917.IsProtectorsInit", true);
Found : user_pref("CT3042917.LanguagePackLastCheckTime", "Wed May 30 2012 20:28:17 GMT+0100 (GMT Daylight Ti[...]
Found : user_pref("CT3042917.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3042917.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3042917.LastLogin_3.12.0.7", "Wed Apr 25 2012 15:22:30 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3042917.LastLogin_3.12.2.3", "Wed May 30 2012 20:28:16 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3042917.LatestVersion", "3.12.2.3");
Found : user_pref("CT3042917.Locale", "en");
Found : user_pref("CT3042917.MCDetectTooltipHeight", "83");
Found : user_pref("CT3042917.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT3042917.MCDetectTooltipWidth", "295");
Found : user_pref("CT3042917.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3042917.OriginalFirstVersion", "3.12.0.7");
Found : user_pref("CT3042917.RadioIsPodcast", false);
Found : user_pref("CT3042917.RadioLastCheckTime", "Wed May 30 2012 20:28:15 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3042917.RadioLastUpdateIPServer", "3");
Found : user_pref("CT3042917.RadioLastUpdateServer", "3");
Found : user_pref("CT3042917.RadioMediaID", "9962");
Found : user_pref("CT3042917.RadioMediaType", "Media Player");
Found : user_pref("CT3042917.RadioMenuSelectedID", "EBRadioMenu_CT30429179962");
Found : user_pref("CT3042917.RadioShrinked", "shrinked");
Found : user_pref("CT3042917.RadioShrinkedFromSetup", true);
Found : user_pref("CT3042917.RadioStationName", "California%20Rock");
Found : user_pref("CT3042917.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT3042917.SHRINK_TOOLBAR", 1);
Found : user_pref("CT3042917.SavedHomepage", "hxxp://www.bbc.co.uk/");
Found : user_pref("CT3042917.SearchCaption", "Produtools Maps Customized Web Search");
Found : user_pref("CT3042917.SearchEngineBeforeUnload", "Bing");
Found : user_pref("CT3042917.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3042917.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT304[...]
Found : user_pref("CT3042917.SearchInNewTabEnabled", true);
Found : user_pref("CT3042917.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3042917.SearchInNewTabLastCheckTime", "Wed May 30 2012 20:28:15 GMT+0100 (GMT Daylight [...]
Found : user_pref("CT3042917.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3042917.SearchProtectorEnabled", false);
Found : user_pref("CT3042917.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3042917.SendProtectorDataViaLogin", true);
Found : user_pref("CT3042917.ServiceMapLastCheckTime", "Wed May 30 2012 20:28:16 GMT+0100 (GMT Daylight Time[...]
Found : user_pref("CT3042917.SettingsLastCheckTime", "Wed May 30 2012 20:28:15 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("CT3042917.SettingsLastUpdate", "1337169810");
Found : user_pref("CT3042917.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3042917&SearchSource=13");
Found : user_pref("CT3042917.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3042917.ThirdPartyComponentsLastCheck", "Wed May 30 2012 20:28:15 GMT+0100 (GMT Dayligh[...]
Found : user_pref("CT3042917.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT3042917.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3042917.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3042917");
Found : user_pref("CT3042917.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3042917.UserID", "UN56492927293382368");
Found : user_pref("CT3042917.ValidationData_Toolbar", 2);
Found : user_pref("CT3042917.alertChannelId", "1434483");
Found : user_pref("CT3042917.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT3042917.backendstorage.cb_user_id_000", "43423938393331303139373334385F46697265666F78")[...]
Found : user_pref("CT3042917.backendstorage.cbcountry_000", "4742");
Found : user_pref("CT3042917.backendstorage.cbfirsttime", "5765642041707220313820323031322031333A30323A33312[...]
Found : user_pref("CT3042917.backendstorage.facebook_mode", "32");
Found : user_pref("CT3042917.backendstorage.for_aoi", "31333334373534323637");
Found : user_pref("CT3042917.backendstorage.for_ccid", "446176656E747279");
Found : user_pref("CT3042917.backendstorage.for_cid", "4742");
Found : user_pref("CT3042917.backendstorage.for_ip", "322E3132322E3234302E3230");
Found : user_pref("CT3042917.backendstorage.for_lcut", "31333337393738373737");
Found : user_pref("CT3042917.backendstorage.for_rid", "4A31");
Found : user_pref("CT3042917.backendstorage.for_zoneid", "3136393030");
Found : user_pref("CT3042917.backendstorage.shoppingapp.gk.exipres", "547565204D617920323920323031322031393A[...]
Found : user_pref("CT3042917.backendstorage.shoppingapp.gk.geolocation", "756E69746564206B696E67646F6D");
Found : user_pref("CT3042917.backendstorage.url_history0001", "687474703A2F2F7468657069726174656261792E73652[...]
Found : user_pref("CT3042917.components.1000515", true);
Found : user_pref("CT3042917.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3042917.globalFirstTimeInfoLastCheckTime", "Mon May 21 2012 12:36:29 GMT+0100 (GMT Dayl[...]
Found : user_pref("CT3042917.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3042917.initDone", true);
Found : user_pref("CT3042917.isAppTrackingManagerOn", true);
Found : user_pref("CT3042917.isFirstRadioInstallation", false);
Found : user_pref("CT3042917.myStuffEnabled", true);
Found : user_pref("CT3042917.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3042917.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3042917.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3042917.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3042917.navigateToUrlOnSearch", false);
Found : user_pref("CT3042917.oldAppsList", "129491538127987918,129538334471724607,111,129538334472457058,129[...]
Found : user_pref("CT3042917.revertSettingsEnabled", true);
Found : user_pref("CT3042917.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3042917.searchProtectorEnableByLogin", true);
Found : user_pref("CT3042917.testingCtid", "");
Found : user_pref("CT3042917.toolbarAppMetaDataLastCheckTime", "Wed May 30 2012 20:28:17 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT3042917.toolbarContextMenuLastCheckTime", "Mon May 21 2012 12:36:29 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT3042917.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3042917&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "Produtools Maps Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3042917/CT3042917[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/UK", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1434483/1430138/UK", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/UK", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3042917", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3042917",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...]
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\admin\\AppData\\Roaming\\Mozilla\\F[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/62/6f/6208e71[...]
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2786678,CT3042917");
Found : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678,CT3042917");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678,CT3042917");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Jul 21 2011 19:27:31 GMT+01[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Apr 11 2012 16:46:22 GMT+0100 (GMT D[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Apr 11 2012 16:46:15 GMT+0100 (GMT Dayli[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "8878dd10-af0d-4b0a-9c8e-e6e588a5a054");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Aug 10 2011 17:50:54 GMT+0100 (GMT[...]
Found : user_pref("CommunityToolbar.globalUserId", "f88efb82-2ed8-40f4-9096-290075840943");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3042917");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon May 28 2012 17:36:3[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed May 30 2012 20:28:23 GMT+010[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 30 2012 20:29:22 GMT+0100 (G[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "9670ae8e-26a8-4c77-bc74-1b4ec6a0c5d4");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.bbc.co.uk/");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Apr 04 2012 12:53:16 GMT+0100 (GMT Daylight[...]
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Apr 11 2012 16:46:22 GMT+0100 (GMT Daylig[...]
Found : user_pref("ConduitEngine.FirstServerDate", "07/21/2011 21");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Found : user_pref("ConduitEngine.InstalledDate", "Thu Jul 21 2011 19:27:33 GMT+0100 (GMT Daylight Time)");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Apr 11 2012 16:46:22 GMT+0100 (GMT Dayligh[...]
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Apr 12 2012 06:52:49 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Apr 12 2012 06:52:49 GMT+0100 (GMT Daylight Ti[...]
Found : user_pref("ConduitEngine.UserID", "UN91805339032749585");
Found : user_pref("ConduitEngine.engineLocale", "en-GB");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Apr 11 2012 16:46:22 GMT+0100 (GMT D[...]
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Apr 12 2012 06:52:49 GMT+0100 (GMT [...]
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.usagesFlag", 2);
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.defaultthis.engineName", "Produtools Maps Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3042917&Sea[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.3499ur3ur4hfsudfs.scode", "\n(function(){var bdomains={\"search.babylon.com\":[...]
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 12);
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Found : user_pref("extensions.BabylonToolbar.hmpg", true);
Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=111361&babsrc=KW[...]
Found : user_pref("extensions.BabylonToolbar.lastDP", 12);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?affID=111361&babsrc=NT_[...]
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.propectorlck", 72770927);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Found : user_pref("extensions.asktb.abar-war-timeout", "4000");
Found : user_pref("extensions.asktb.apn_dbr", "ff_3.6.27");
Found : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Found : user_pref("extensions.asktb.cbid", "^A9L");
Found : user_pref("extensions.asktb.config-updated", false);
Found : user_pref("extensions.asktb.crumb", "2012.03.14+11.28.24-toolbar019iad-GB-QnJpZ2h0b24sVW5pdGVkIEtpbm[...]
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://uk.ask.com/web?qsrc={qsrc}&o={o}&l={l[...]
Found : user_pref("extensions.asktb.displaybehavior", "");
Found : user_pref("extensions.asktb.displaytext", "");
Found : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^GB");
Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "UKXX0215");
Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Found : user_pref("extensions.asktb.first-launch-url", "hxxp://www.avs4you.com/Register.aspx?Type=Install&Pr[...]
Found : user_pref("extensions.asktb.fresh-install", false);
Found : user_pref("extensions.asktb.guid", "D593D66A-E2BB-431E-A6EE-14CE69BD865F");
Found : user_pref("extensions.asktb.hpr", "YES");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.if", "first");
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1337978746537");
Found : user_pref("extensions.asktb.last-search-timestamp", "1338406120975");
Found : user_pref("extensions.asktb.locale", "en_UK");
Found : user_pref("extensions.asktb.location", "Brighton,United Kingdom");
Found : user_pref("extensions.asktb.lstation", "");
Found : user_pref("extensions.asktb.new-tab-enabled", true);
Found : user_pref("extensions.asktb.news-native-on", true);
Found : user_pref("extensions.asktb.o", "41648000");
Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Found : user_pref("extensions.asktb.pstate", "");
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.r", "6");
Found : user_pref("extensions.asktb.sa", "YES");
Found : user_pref("extensions.asktb.saguid", "394EF7E1-1517-4631-A5E1-5521EC67A981");
Found : user_pref("extensions.asktb.search-history-queries", "torrentomega||easy dvd cpoy||the avengers asse[...]
Found : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.uk.ask.com/query?qs[...]
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.silent-upgrade", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Found : user_pref("extensions.asktb.socialmini-first", true);
Found : user_pref("extensions.asktb.socialmini-interval", "1200000");
Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Found : user_pref("extensions.asktb.socialmini-max-items", "30");
Found : user_pref("extensions.asktb.socialmini-native-on", true);
Found : user_pref("extensions.asktb.socialmini-speed", "10000");
Found : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Found : user_pref("extensions.asktb.themeid", "");
Found : user_pref("extensions.asktb.timeinstalled", "14/03/2012 18:28:57");
Found : user_pref("extensions.asktb.to", "");
Found : user_pref("extensions.asktb.v", "3.15.1.100013");
Found : user_pref("extensions.asktb.version", "5.15.1.22229");
Found : user_pref("extensions.asktb.volume", "");
Found : user_pref("extensions.enabledAddons", "info@bflix.info:5.0,toolbar@ask.com:3.15.1.100013,{972ce4c6-7[...]
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=W3I4&o=41648000&loca[...]

-\\ Google Chrome v21.0.1180.75

File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "description": "The fastest way to search the web.",
Found : "description": "Babylon tool translates texts from within your Google Chrome in a sin[...]
Found : "128": "babylon48.png",
Found : "48": "babylon48.png"
Found : "name": "Babylon Translator",
Found : "path": "BabylonChromePI.dll",
Found : "name": "Babylon Chrome Plugin",
Found : "path": "C:\\Users\\admin\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\[...]
Found : "name": "Babylon Chrome Plugin"

*************************

AdwCleaner[R1].txt - [41568 octets] - [15/08/2012 20:44:35]

########## EOF - C:\AdwCleaner[R1].txt - [41697 octets] ##########



FSS log

Farbar Service Scanner Version: 06-08-2012
Ran by admin (administrator) on 15-08-2012 at 20:47:06
Running from "C:\Users\admin\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Thanks

harlequeen

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 AM

Posted 16 August 2012 - 09:26 AM

Remove the AdWare.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
===

If still having issues please run this tool.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
Click Go and copy/paste the log (Result.txt) into your next post.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Please post the logs and let me know what issues persists.

#11 harlequeen

harlequeen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 17 August 2012 - 02:00 PM

Hi

Done as requested, here are the logs

AdwCleaner

# AdwCleaner v1.801 - Logfile created 08/17/2012 at 18:55:13
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : admin - SUE-PC
# Boot Mode : Normal
# Running from : C:\Users\admin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\admin\AppData\Local\Babylon
Folder Deleted : C:\Users\admin\AppData\Local\Conduit
Folder Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\admin\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\admin\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\admin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\admin\AppData\Roaming\Babylon
Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\Conduit
Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\ConduitCommon
Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\ConduitEngine
Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\CT3042917
Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\extensions\{575bddf5-790a-4d01-a37d-2863dec1c085}(103)
Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\extensions\engine@conduit.com
Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\extensions\toolbar@ask.com
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\ProgramData\Premium
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\searchplugins\Askcom.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\searchplugins\Conduit.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Windows\system32\conduitEngine.tmp
File Deleted : C:\user.js

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2237994
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2392836
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Hotbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-GB)

Profile name : default
File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\h2p2vc4t.default\prefs.js

Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Wed Aug 10 2011 17:51:04 GMT+0100 (GMT Daylight Tim[...]
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CurrentServerDate", "10-8-2011");
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sun Aug 07 2011 22:06:02 GMT+0100 (GMT Daylight T[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Wed Aug 10 2011 20:46:46 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 482);
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Wed Aug 10 2011 19:50:56 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Wed Aug 10 2011 19:50:55 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "21-7-2011");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Thu Jul 21 2011 19:27:33 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsInitSetupIni", true);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Wed Aug 10 2011 17:50:55 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.5.0.12", "Wed Aug 10 2011 17:50:55 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2786678.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.5.0.12");
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Wed Aug 10 2011 17:50:54 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Wed Aug 10 2011 17:50:54 GMT+0100 (GMT Daylight Time[...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Wed Aug 10 2011 20:21:44 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1312887586");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Thu Jul 21 2011 19:27:29 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN10343277105470356");
Deleted : user_pref("CT2786678.ValidationData_Search", 2);
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Wed Aug 10 2011 20:21:46 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "C");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2786678.backendstorage.url_history", "6A6176617363726970743A736176655F666F6375733D303B7[...]
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333133303035343531373331");
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Wed Aug 10 2011 17:50:55 GMT+0100 (GMT Dayl[...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,111,1000234,12929569801701[...]
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Wed Aug 10 2011 17:50:55 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sun Aug 07 2011 22:06:02 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CT3042917..clientLogIsEnabled", false);
Deleted : user_pref("CT3042917..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3042917..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3042917.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3042917.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3042917.BrowserCompStateIsOpen_1000515", true);
Deleted : user_pref("CT3042917.BrowserCompStateIsOpen_129575144806956036", true);
Deleted : user_pref("CT3042917.BrowserCompStateIsOpen_129683391284816719", true);
Deleted : user_pref("CT3042917.CT3042917", "CT3042917");
Deleted : user_pref("CT3042917.CurrentServerDate", "26-5-2012");
Deleted : user_pref("CT3042917.DSChangedManually", true);
Deleted : user_pref("CT3042917.DSInstall", true);
Deleted : user_pref("CT3042917.DSProtectChoice", true);
Deleted : user_pref("CT3042917.DSProtectCount", 1);
Deleted : user_pref("CT3042917.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3042917.DialogsGetterLastCheckTime", "Sun May 27 2012 21:14:12 GMT+0100 (GMT Daylight T[...]
Deleted : user_pref("CT3042917.DownloadReferralCookieData", "");
Deleted : user_pref("CT3042917.ExternalComponentPollDate129538334474722776", "Wed May 30 2012 20:28:15 GMT+010[...]
Deleted : user_pref("CT3042917.FirstServerDate", "18-4-2012");
Deleted : user_pref("CT3042917.FirstTime", true);
Deleted : user_pref("CT3042917.FirstTimeFF3", true);
Deleted : user_pref("CT3042917.FixPageNotFoundErrors", false);
Deleted : user_pref("CT3042917.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3042917.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3042917.HPChangedManually", false);
Deleted : user_pref("CT3042917.HPInstall", true);
Deleted : user_pref("CT3042917.HPProtectChoice", true);
Deleted : user_pref("CT3042917.HPProtectCount", 1);
Deleted : user_pref("CT3042917.HasUserGlobalKeys", true);
Deleted : user_pref("CT3042917.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3042917.HomepageBeforeUnload", "hxxp://www.sky.com/");
Deleted : user_pref("CT3042917.Initialize", true);
Deleted : user_pref("CT3042917.InitializeCommonPrefs", true);
Deleted : user_pref("CT3042917.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3042917.InstallationType", "Unknown");
Deleted : user_pref("CT3042917.InstalledDate", "Wed Apr 18 2012 13:02:17 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3042917.InvalidateCache", false);
Deleted : user_pref("CT3042917.IsAlertDBUpdated", true);
Deleted : user_pref("CT3042917.IsGrouping", false);
Deleted : user_pref("CT3042917.IsInitSetupIni", true);
Deleted : user_pref("CT3042917.IsMulticommunity", false);
Deleted : user_pref("CT3042917.IsOpenThankYouPage", true);
Deleted : user_pref("CT3042917.IsOpenUninstallPage", true);
Deleted : user_pref("CT3042917.IsProtectorsInit", true);
Deleted : user_pref("CT3042917.LanguagePackLastCheckTime", "Wed May 30 2012 20:28:17 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT3042917.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3042917.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3042917.LastLogin_3.12.0.7", "Wed Apr 25 2012 15:22:30 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3042917.LastLogin_3.12.2.3", "Wed May 30 2012 20:28:16 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3042917.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT3042917.Locale", "en");
Deleted : user_pref("CT3042917.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3042917.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3042917.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3042917.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3042917.OriginalFirstVersion", "3.12.0.7");
Deleted : user_pref("CT3042917.RadioIsPodcast", false);
Deleted : user_pref("CT3042917.RadioLastCheckTime", "Wed May 30 2012 20:28:15 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3042917.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3042917.RadioLastUpdateServer", "3");
Deleted : user_pref("CT3042917.RadioMediaID", "9962");
Deleted : user_pref("CT3042917.RadioMediaType", "Media Player");
Deleted : user_pref("CT3042917.RadioMenuSelectedID", "EBRadioMenu_CT30429179962");
Deleted : user_pref("CT3042917.RadioShrinked", "shrinked");
Deleted : user_pref("CT3042917.RadioShrinkedFromSetup", true);
Deleted : user_pref("CT3042917.RadioStationName", "California%20Rock");
Deleted : user_pref("CT3042917.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT3042917.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT3042917.SavedHomepage", "hxxp://www.bbc.co.uk/");
Deleted : user_pref("CT3042917.SearchCaption", "Produtools Maps Customized Web Search");
Deleted : user_pref("CT3042917.SearchEngineBeforeUnload", "Bing");
Deleted : user_pref("CT3042917.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3042917.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT304[...]
Deleted : user_pref("CT3042917.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3042917.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3042917.SearchInNewTabLastCheckTime", "Wed May 30 2012 20:28:15 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT3042917.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3042917.SearchProtectorEnabled", false);
Deleted : user_pref("CT3042917.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3042917.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3042917.ServiceMapLastCheckTime", "Wed May 30 2012 20:28:16 GMT+0100 (GMT Daylight Time[...]
Deleted : user_pref("CT3042917.SettingsLastCheckTime", "Wed May 30 2012 20:28:15 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT3042917.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT3042917.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3042917&SearchSource=13");
Deleted : user_pref("CT3042917.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3042917.ThirdPartyComponentsLastCheck", "Wed May 30 2012 20:28:15 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT3042917.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3042917.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3042917.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3042917");
Deleted : user_pref("CT3042917.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3042917.UserID", "UN56492927293382368");
Deleted : user_pref("CT3042917.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3042917.alertChannelId", "1434483");
Deleted : user_pref("CT3042917.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT3042917.backendstorage.cb_user_id_000", "43423938393331303139373334385F46697265666F78")[...]
Deleted : user_pref("CT3042917.backendstorage.cbcountry_000", "4742");
Deleted : user_pref("CT3042917.backendstorage.cbfirsttime", "5765642041707220313820323031322031333A30323A33312[...]
Deleted : user_pref("CT3042917.backendstorage.facebook_mode", "32");
Deleted : user_pref("CT3042917.backendstorage.for_aoi", "31333334373534323637");
Deleted : user_pref("CT3042917.backendstorage.for_ccid", "446176656E747279");
Deleted : user_pref("CT3042917.backendstorage.for_cid", "4742");
Deleted : user_pref("CT3042917.backendstorage.for_ip", "322E3132322E3234302E3230");
Deleted : user_pref("CT3042917.backendstorage.for_lcut", "31333337393738373737");
Deleted : user_pref("CT3042917.backendstorage.for_rid", "4A31");
Deleted : user_pref("CT3042917.backendstorage.for_zoneid", "3136393030");
Deleted : user_pref("CT3042917.backendstorage.shoppingapp.gk.exipres", "547565204D617920323920323031322031393A[...]
Deleted : user_pref("CT3042917.backendstorage.shoppingapp.gk.geolocation", "756E69746564206B696E67646F6D");
Deleted : user_pref("CT3042917.backendstorage.url_history0001", "687474703A2F2F7468657069726174656261792E73652[...]
Deleted : user_pref("CT3042917.components.1000515", true);
Deleted : user_pref("CT3042917.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3042917.globalFirstTimeInfoLastCheckTime", "Mon May 21 2012 12:36:29 GMT+0100 (GMT Dayl[...]
Deleted : user_pref("CT3042917.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3042917.initDone", true);
Deleted : user_pref("CT3042917.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3042917.isFirstRadioInstallation", false);
Deleted : user_pref("CT3042917.myStuffEnabled", true);
Deleted : user_pref("CT3042917.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3042917.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3042917.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3042917.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3042917.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3042917.oldAppsList", "129491538127987918,129538334471724607,111,129538334472457058,129[...]
Deleted : user_pref("CT3042917.revertSettingsEnabled", true);
Deleted : user_pref("CT3042917.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3042917.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3042917.testingCtid", "");
Deleted : user_pref("CT3042917.toolbarAppMetaDataLastCheckTime", "Wed May 30 2012 20:28:17 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT3042917.toolbarContextMenuLastCheckTime", "Mon May 21 2012 12:36:29 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT3042917.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3042917&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Produtools Maps Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3042917/CT3042917[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/UK", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1434483/1430138/UK", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/UK", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3042917", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3042917",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\admin\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/62/6f/6208e71[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2786678,CT3042917");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678,CT3042917");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678,CT3042917");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Jul 21 2011 19:27:31 GMT+01[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Apr 11 2012 16:46:22 GMT+0100 (GMT D[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Apr 11 2012 16:46:15 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "8878dd10-af0d-4b0a-9c8e-e6e588a5a054");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Aug 10 2011 17:50:54 GMT+0100 (GMT[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "f88efb82-2ed8-40f4-9096-290075840943");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3042917");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon May 28 2012 17:36:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed May 30 2012 20:28:23 GMT+010[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 30 2012 20:29:22 GMT+0100 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "9670ae8e-26a8-4c77-bc74-1b4ec6a0c5d4");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.bbc.co.uk/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Apr 04 2012 12:53:16 GMT+0100 (GMT Daylight[...]
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Apr 11 2012 16:46:22 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "07/21/2011 21");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Deleted : user_pref("ConduitEngine.InstalledDate", "Thu Jul 21 2011 19:27:33 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Apr 11 2012 16:46:22 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Apr 12 2012 06:52:49 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Apr 12 2012 06:52:49 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("ConduitEngine.UserID", "UN91805339032749585");
Deleted : user_pref("ConduitEngine.engineLocale", "en-GB");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Apr 11 2012 16:46:22 GMT+0100 (GMT D[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Apr 12 2012 06:52:49 GMT+0100 (GMT [...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "Produtools Maps Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3042917&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.3499ur3ur4hfsudfs.scode", "\n(function(){var bdomains={\"search.babylon.com\":[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 12);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=111361&babsrc=KW[...]
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 12);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?affID=111361&babsrc=NT_[...]
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 72770927);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
Deleted : user_pref("extensions.asktb.apn_dbr", "ff_3.6.27");
Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "^A9L");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.crumb", "2012.03.14+11.28.24-toolbar019iad-GB-QnJpZ2h0b24sVW5pdGVkIEtpbm[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://uk.ask.com/web?qsrc={qsrc}&o={o}&l={l[...]
Deleted : user_pref("extensions.asktb.displaybehavior", "");
Deleted : user_pref("extensions.asktb.displaytext", "");
Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^GB");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "UKXX0215");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("extensions.asktb.first-launch-url", "hxxp://www.avs4you.com/Register.aspx?Type=Install&Pr[...]
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "D593D66A-E2BB-431E-A6EE-14CE69BD865F");
Deleted : user_pref("extensions.asktb.hpr", "YES");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1337978746537");
Deleted : user_pref("extensions.asktb.last-search-timestamp", "1338406120975");
Deleted : user_pref("extensions.asktb.locale", "en_UK");
Deleted : user_pref("extensions.asktb.location", "Brighton,United Kingdom");
Deleted : user_pref("extensions.asktb.lstation", "");
Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
Deleted : user_pref("extensions.asktb.news-native-on", true);
Deleted : user_pref("extensions.asktb.o", "41648000");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.pstate", "");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "6");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "394EF7E1-1517-4631-A5E1-5521EC67A981");
Deleted : user_pref("extensions.asktb.search-history-queries", "torrentomega||easy dvd cpoy||the avengers asse[...]
Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.uk.ask.com/query?qs[...]
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "14/03/2012 18:28:57");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.15.1.100013");
Deleted : user_pref("extensions.asktb.version", "5.15.1.22229");
Deleted : user_pref("extensions.asktb.volume", "");
Deleted : user_pref("extensions.enabledAddons", "info@bflix.info:5.0,toolbar@ask.com:3.15.1.100013,{972ce4c6-7[...]
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=W3I4&o=41648000&loca[...]

-\\ Google Chrome v21.0.1180.79

File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",
Deleted : "description": "Babylon tool translates texts from within your Google Chrome in a sin[...]
Deleted : "128": "babylon48.png",
Deleted : "48": "babylon48.png"
Deleted : "name": "Babylon Translator",
Deleted : "path": "BabylonChromePI.dll",
Deleted : "name": "Babylon Chrome Plugin",
Deleted : "path": "C:\\Users\\admin\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\[...]
Deleted : "name": "Babylon Chrome Plugin"

*************************

AdwCleaner[R1].txt - [41699 octets] - [15/08/2012 20:44:35]
AdwCleaner[R2].txt - [41760 octets] - [17/08/2012 18:48:56]
AdwCleaner[S1].txt - [42578 octets] - [17/08/2012 18:55:13]

########## EOF - C:\AdwCleaner[S1].txt - [42707 octets] ##########


MinitoolBox log

MiniToolBox by Farbar Version: 23-07-2012
Ran by admin (administrator) on 17-08-2012 at 19:48:09
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Sue-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Networking Controller
Physical Address. . . . . . . . . : 00-1F-16-F6-0C-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c14a:469c:fd72:affd%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 17 August 2012 19:47:39
Lease Expires . . . . . . . . . . : 18 August 2012 19:47:39
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 234888982
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0C-BE-67-6C-00-1F-16-F6-0C-EC
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: MyRouter.Home
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:804::1008
173.194.34.129
173.194.34.130
173.194.34.131
173.194.34.132
173.194.34.133
173.194.34.134
173.194.34.135
173.194.34.136
173.194.34.137
173.194.34.142
173.194.34.128



Pinging google.com [173.194.34.129] with 32 bytes of data:

Reply from 173.194.34.129: bytes=32 time=29ms TTL=57

Reply from 173.194.34.129: bytes=32 time=29ms TTL=57



Ping statistics for 173.194.34.129:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 29ms, Maximum = 29ms, Average = 29ms

Server: MyRouter.Home
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=244ms TTL=50

Reply from 98.139.183.24: bytes=32 time=140ms TTL=50



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 140ms, Maximum = 244ms, Average = 192ms

Server: MyRouter.Home
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 1f 16 f6 0c ec ...... NVIDIA nForce 10/100/1000 Mbps Networking Controller
1 ........................... Software Loopback Interface 1
17 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.5 276
192.168.0.5 255.255.255.255 On-link 192.168.0.5 276
192.168.0.255 255.255.255.255 On-link 192.168.0.5 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.5 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.5 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::c14a:469c:fd72:affd/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/17/2012 06:56:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2012 06:02:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2012 08:29:17 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.4223 - Fatal Execution Engine Error (6E8AC742) (80131506)

Error: (08/15/2012 08:28:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 11:45:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 11:10:33 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {73e749df-47b2-4030-bdd8-59ae431f8c1d}

Error: (08/12/2012 11:10:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2012 02:26:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2012 01:46:48 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (08/04/2012 01:21:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/17/2012 06:56:59 PM) (Source: Service Control Manager) (User: )
Description: avast! Firewall%%2

Error: (08/17/2012 06:02:51 PM) (Source: Service Control Manager) (User: )
Description: avast! Firewall%%2

Error: (08/15/2012 08:28:59 PM) (Source: Service Control Manager) (User: )
Description: avast! Firewall%%2

Error: (08/15/2012 08:27:54 PM) (Source: netbt) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "001F16F60CEC" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (08/15/2012 08:27:54 PM) (Source: netbt) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "001F16F60CEC" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (08/12/2012 11:45:03 AM) (Source: Service Control Manager) (User: )
Description: avast! Firewall%%2

Error: (08/12/2012 11:43:59 AM) (Source: netbt) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "001F16F60CEC" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (08/12/2012 11:43:59 AM) (Source: netbt) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "001F16F60CEC" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (08/12/2012 11:35:10 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (08/12/2012 11:28:50 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart


Microsoft Office Sessions:
=========================

**** End of log ****


I still can't get a web page to display in any of the browsers on the computer.
Thanks

Harlequeen

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 AM

Posted 18 August 2012 - 07:01 AM

Try this fix.
Click Start, click Control Panel, double-click Device Manager, expand Network Adapters, right-click the adapter you want to initialize, click Disable, and then click Yes.
Right-click the adapter that you just disabled, and then click Enable.

Quoted from this Microsoft page.
http://technet.microsoft.com/en-us/library/dd379893(v=ws.10).aspx

===

When done Restart the computer normally.

If that fails and still not able to see web pages and if the computer is connected to a router disconnect from the router and connect directly to the modem. Let me know how it goes.

Keep me posted.

#13 harlequeen

harlequeen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 18 August 2012 - 07:51 AM

I've done as suggested. No joy I'm afraid. I have a Sagecom router/modem so don't have a separate modem to connect to.

I would consider doing a clean install but this computer did not come with a Windows disk, and I'm not really sure where the backup supplied on the hard disk is, or indeed how to do it.


I still get notifications that Windows updates are available and can download them. It just seems to be web pages won't open.

thanks

harlequeen

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 AM

Posted 18 August 2012 - 09:15 AM

Please start a new topic in the Networking forum
http://www.bleepingcomputer.com/forums/forum21.html

I'm sure that an expert in that domain will be able to help you better with this problem.

#15 harlequeen

harlequeen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 18 August 2012 - 11:07 AM

Hi

OK, I will do that, thanks for your help. Is my computer 'clean' of any viruses or malware as far as you can see now?

regards

Harlequeen




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users