Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Detected by Avast


  • This topic is locked This topic is locked
31 replies to this topic

#1 alanschoeff

alanschoeff

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 23 November 2012 - 02:07 AM

Hello, My name is Alan.

I have had a little experience with computers and viruses in the past but this one is winning the fight.

Recently, my AVAST Antivirus free edition has been telling me about a Trojan named JS:ScriptSH-inf [Trj]

I have run a scan with AVAST - no success.
I have run System Restore - no success.
I have run MalwareBytes - no success.
I have run SpyBot - no success.
I have downloaded HiJackThis and created the following log.

Can you please help me remove this virus from my Windows Vista Home Edition SP2 Toshiba Satellite laptop?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:50:20 AM, on 11/23/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Users\SysAdmin\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.msn.com/?ocid=OIE9HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
R3 - URLSearchHook: (no name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN236582S805PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Dropbox.lnk = C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: SoundSwitch.appref-ms
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 11555 bytes

Edited by hamluis, 23 November 2012 - 08:07 AM.
Moved from Vista to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 PM

Posted 23 November 2012 - 08:28 AM

Hi alanschoeff :),
I will be handling your topic to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

#3 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 PM

Posted 26 November 2012 - 07:09 AM

Hi alanschoeff :)
:welcome: to BleepingComputer. My name is Karsten and I'll help you with the cleanup of malware from your computer.

Please be aware of the following:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
NEXT

I found something in your log that I want to inform you about:

Online Gaming Warning!

Online gaming sites are a security risk which can make your computer susceptible to a large number of malware infections, remote attacks, exposure of personal information, and identity theft. They can lead to other sites containing malware which you can inadvertently download without knowledge. Users visiting such sites may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Gaming sites can put you at risk to fraud, phishing and theft of personal data. Even if the gaming site is a clean site, there is always the potential of some type of malware making its way there and then onto your system. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

More specifically, I noticed you had WildTangent on your computer.
WildTangent Program Warning

Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:
  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from
For that reason I would suggest you uninstalled it via add/remove.

Reboot after the uninstallation.<- Important.

NEXT

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
NEXT

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

NEXT

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup:
  • AdwCleaner log
  • OTL logs both otl.txt and extras.txt
  • GMER log


#4 alanschoeff

alanschoeff
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 26 November 2012 - 11:54 AM

Karsten,

Thank you for providing assistance. Per your recommendation, I have removed the WildTangent games. I have also downloaded and run the three programs. I attempted to send the log files in one post but received a message stating "your post was too long" so, I have submitted them in shorter versions.

# AdwCleaner v2.009 - Logfile created 11/26/2012 at 08:41:43
# Updated 24/11/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : SysAdmin - DADS_NEW_LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\SysAdmin\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Yontoo
Folder Found : C:\ProgramData\Anti-phishing Domain Advisor
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\SysAdmin\AppData\Local\Conduit
Folder Found : C:\Users\SysAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\SysAdmin\AppData\Local\Ilivid Player
Folder Found : C:\Users\SysAdmin\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\SysAdmin\AppData\Local\Temp\CT2704262
Folder Found : C:\Users\SysAdmin\AppData\LocalLow\Conduit
Folder Found : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\Conduit
Folder Found : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\ConduitCommon
Folder Found : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\ConduitEngine
Folder Found : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\CT2642709
Folder Found : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\CT2704262
Folder Found : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a}
Folder Found : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}(885)
Folder Found : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions\engine@conduit.com
Folder Found : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions\plugin@yontoo.com

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKLM\Software\Tarma Installer
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\rf3h90x8.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\ldi0uwfl.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\SysAdmin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4488 octets] - [26/11/2012 08:41:43]

########## EOF - C:\AdwCleaner[R1].txt - [4548 octets] ##########

#5 alanschoeff

alanschoeff
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 26 November 2012 - 11:56 AM

Karsten,
This is the second part of the log file contents:



OTL logfile created on: 11/26/2012 9:05:58 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SysAdmin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 28.60% Memory free
3.98 Gb Paging File | 2.48 Gb Available in Paging File | 62.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 124.71 Gb Free Space | 55.62% Space Free | Partition Type: NTFS

Computer Name: DADS_NEW_LAPTOP | User Name: SysAdmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/26 08:43:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SysAdmin\Desktop\OTL.exe
PRC - [2012/10/27 22:36:32 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/04 15:20:46 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/05 08:28:34 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/07/29 15:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/04/30 17:13:26 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/04/01 00:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/30 17:46:06 | 001,721,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
PRC - [2011/03/30 17:43:14 | 000,636,776 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/01 17:11:06 | 001,283,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/04/01 17:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 16:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 14:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 15:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 20:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 18:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 16:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/20 21:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/24 09:54:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012/11/23 01:40:22 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012/11/23 01:39:49 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012/11/23 01:39:36 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012/11/23 01:37:04 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012/11/23 01:36:05 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2012/10/27 22:36:31 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/09/04 15:20:45 | 009,813,704 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2009/03/06 09:50:25 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2008/03/06 13:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 15:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 00:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 13:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - [2012/10/27 22:36:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/04/30 17:13:26 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/04/19 09:42:28 | 001,181,328 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/01 00:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/04/01 17:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 18:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Camdrl.sys -- (CamDrL)
DRV - [2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 04:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 04:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/06/11 10:56:32 | 000,020,864 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2012/06/08 15:08:52 | 000,006,656 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2012/06/08 15:08:26 | 000,024,576 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2012/01/25 13:57:46 | 000,008,448 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/12/02 08:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/05/08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2008/07/28 18:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 21:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 19:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/20 21:32:47 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 14:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\..\SearchScopes,DefaultScope = {5D7ECE36-D93B-4DD9-B3A4-71B183018E6D}
IE - HKLM\..\SearchScopes\{5D7ECE36-D93B-4DD9-B3A4-71B183018E6D}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-234329832-1625283619-1638487238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-234329832-1625283619-1638487238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-234329832-1625283619-1638487238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-234329832-1625283619-1638487238-1000\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
IE - HKU\S-1-5-21-234329832-1625283619-1638487238-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-234329832-1625283619-1638487238-1000\..\SearchScopes,DefaultScope = {5D7ECE36-D93B-4DD9-B3A4-71B183018E6D}
IE - HKU\S-1-5-21-234329832-1625283619-1638487238-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-234329832-1625283619-1638487238-1000\..\SearchScopes\{5D7ECE36-D93B-4DD9-B3A4-71B183018E6D}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB_enUS324
IE - HKU\S-1-5-21-234329832-1625283619-1638487238-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80470&lng=en
IE - HKU\S-1-5-21-234329832-1625283619-1638487238-1000\..\SearchScopes\{D85D5426-F4BD-4BEA-9D2F-85C6413B2083}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
IE - HKU\S-1-5-21-234329832-1625283619-1638487238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-234329832-1625283619-1638487238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 20:21:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/22 20:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 22:36:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 22:36:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 22:36:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 22:36:26 | 000,000,000 | ---D | M]

[2009/04/26 15:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SysAdmin\AppData\Roaming\Mozilla\Extensions
[2012/11/06 21:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions
[2012/11/06 21:27:59 | 000,000,000 | ---D | M] (MapNeto 1 Community Toolbar) -- C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a}
[2011/11/08 18:16:50 | 000,000,000 | ---D | M] (FreeSoundRecorder Community Toolbar) -- C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}(885)
[2011/04/02 16:54:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions\engine@conduit.com
[2012/10/16 21:59:37 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions\plugin@yontoo.com
[2012/10/16 21:59:26 | 000,214,909 | ---- | M] () (No name found) -- C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions\onlinehdtv@onlinehd.tv.xpi
[2012/02/01 22:17:41 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2011/02/15 22:58:48 | 000,002,292 | ---- | M] () -- C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\searchplugins\inbox-search.xml
[2012/11/11 19:21:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/27 22:36:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/27 22:36:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/11 19:21:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/11/22 20:27:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/10/27 22:36:32 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/05 08:29:28 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/08/28 17:23:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 21:43:15 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\SysAdmin\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\SysAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\SysAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\SysAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\SysAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\SysAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Yontoo = C:\Users\SysAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
CHR - Extension: Gmail = C:\Users\SysAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-234329832-1625283619-1638487238-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-234329832-1625283619-1638487238-1000..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-234329832-1625283619-1638487238-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-234329832-1625283619-1638487238-1000..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - Startup: C:\Users\SysAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\SysAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: DhcpNameServer = 10.59.20.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D727DAE-E9C3-493F-B8FE-222CE5289741}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\SysAdmin\Pictures\bluemarble.jpg
O24 - Desktop BackupWallPaper: C:\Users\SysAdmin\Pictures\bluemarble.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/26 08:43:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SysAdmin\Desktop\OTL.exe
[2012/11/23 01:21:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/23 01:13:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/23 01:13:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/23 01:13:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/23 01:13:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/23 01:13:00 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/23 01:12:57 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/23 01:12:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/23 01:12:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/23 00:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/23 00:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/23 00:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/11/22 21:04:59 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/22 21:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/22 21:03:12 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/22 21:03:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/18 03:02:11 | 000,000,000 | ---D | C] -- C:\2fd054feb2f679c2d819ad4ac2becd5a
[2012/11/17 18:04:38 | 000,000,000 | ---D | C] -- C:\898d17f73aedc5858644
[2012/11/10 21:34:47 | 000,000,000 | ---D | C] -- C:\Users\SysAdmin\Desktop\iphone pictures
[2012/11/10 21:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/10 20:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/10 20:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/10 20:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/10 20:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/11/04 20:26:45 | 000,000,000 | ---D | C] -- C:\Users\SysAdmin\Desktop\Emma Day Three
[2012/11/02 09:03:26 | 000,000,000 | ---D | C] -- C:\Users\SysAdmin\Desktop\Emma day one
[2012/10/27 22:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/26 08:43:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SysAdmin\Desktop\OTL.exe
[2012/11/26 08:40:03 | 000,480,125 | ---- | M] () -- C:\Users\SysAdmin\Desktop\AdwCleaner.exe
[2012/11/26 08:36:59 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/26 08:36:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/26 08:36:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/26 08:36:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/26 08:36:25 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/25 22:20:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/25 20:03:54 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2012/11/25 20:03:54 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2012/11/25 20:03:54 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2012/11/24 22:25:59 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2012/11/23 01:32:44 | 000,398,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/23 01:26:55 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/23 01:26:55 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/23 00:36:04 | 000,001,071 | ---- | M] () -- C:\Users\SysAdmin\Desktop\Spybot - Search & Destroy.lnk
[2012/11/22 21:03:13 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/22 20:29:47 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/22 20:29:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/11/10 21:00:09 | 000,001,680 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/08 17:31:07 | 000,002,585 | ---- | M] () -- C:\Users\SysAdmin\Desktop\excel.lnk
[2012/10/30 21:37:27 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/26 08:40:26 | 000,480,125 | ---- | C] () -- C:\Users\SysAdmin\Desktop\AdwCleaner.exe
[2012/11/23 00:36:04 | 000,001,071 | ---- | C] () -- C:\Users\SysAdmin\Desktop\Spybot - Search & Destroy.lnk
[2012/11/22 21:03:13 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/10 21:00:09 | 000,001,680 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/23 20:34:08 | 000,157,493 | ---- | C] () -- C:\Windows\hpoins29.dat
[2012/07/31 09:07:41 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/06/26 10:04:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\vhosts
[2012/06/26 10:04:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\manual
[2012/06/26 10:04:13 | 000,000,268 | RH-- | C] () -- C:\Users\SysAdmin\AppData\Roaming\laserjet
[2012/06/26 10:04:13 | 000,000,268 | RH-- | C] () -- C:\Users\SysAdmin\AppData\Roaming\howto
[2012/06/26 10:04:13 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Application Support
[2012/06/26 10:04:13 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Analog Sync
[2012/06/22 21:36:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\programs
[2012/06/22 21:36:42 | 000,000,268 | RH-- | C] () -- C:\Users\SysAdmin\AppData\Roaming\images
[2012/06/22 21:36:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/06/22 21:36:42 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Applause and Laugher
[2012/06/22 21:35:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/06/22 21:35:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/04/22 15:12:22 | 004,424,704 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2012/04/08 18:40:36 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/04/08 18:39:46 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2012/04/08 18:39:32 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2012/04/08 18:39:32 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2012/04/08 18:39:30 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2012/04/08 18:39:30 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2012/04/08 18:39:28 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2012/04/08 18:39:28 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2012/04/08 18:39:26 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2012/03/29 09:21:26 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012/03/29 09:21:18 | 006,582,226 | ---- | C] () -- C:\Windows\System32\avcodec-lav-54.dll
[2012/03/29 09:21:18 | 001,152,365 | ---- | C] () -- C:\Windows\System32\avformat-lav-54.dll
[2012/03/29 09:21:18 | 000,374,152 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012/03/29 09:21:18 | 000,207,872 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012/03/29 09:21:18 | 000,144,523 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2012/01/24 01:05:01 | 000,000,021 | -H-- | C] () -- C:\Users\SysAdmin\AppData\Local\xftredahs.dat
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011/11/19 21:51:42 | 000,000,000 | ---- | C] () -- C:\Users\SysAdmin\AppData\Local\{A0A15CFD-37D3-4953-95FF-73C716DB33F3}
[2011/09/08 09:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011/09/08 09:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011/09/08 09:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011/09/08 09:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011/09/08 09:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011/09/08 09:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011/09/08 09:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011/09/08 09:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011/09/08 08:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011/09/08 08:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/28 21:12:59 | 000,075,776 | ---- | C] () -- C:\Users\SysAdmin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/05/17 06:48:16 | 000,000,000 | ---- | C] () -- C:\Users\SysAdmin\AppData\Local\{FCDA8158-D60F-4795-8C5D-C73BE705DBD8}
[2011/04/26 23:17:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/05 08:37:37 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2011/04/01 00:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 00:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 00:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/03/22 22:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/03/16 04:29:44 | 001,841,000 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3050A_J611.dll
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010/12/05 20:14:54 | 000,000,000 | ---- | C] () -- C:\Users\SysAdmin\activity.text
[2010/06/25 22:18:57 | 000,149,504 | ---- | C] () -- C:\Users\SysAdmin\AppData\Roaming\SharedSettings.ccs
[2009/05/11 21:46:43 | 000,134,656 | ---- | C] () -- C:\Program Files\Common Files\PCSBoff.exe
[2009/05/11 21:46:43 | 000,097,280 | ---- | C] () -- C:\Program Files\Common Files\pcsbClean.exe

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#6 alanschoeff

alanschoeff
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 26 November 2012 - 11:58 AM

Karsten,

This is part three of the log files:

OTL Extras logfile created on: 11/26/2012 8:44:34 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SysAdmin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 34.79% Memory free
3.98 Gb Paging File | 2.52 Gb Available in Paging File | 63.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 124.72 Gb Free Space | 55.63% Space Free | Partition Type: NTFS

Computer Name: DADS_NEW_LAPTOP | User Name: SysAdmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E26ED3-60B2-4917-ADC9-AED8A8562F2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0D8CC546-50A7-49D6-BFC0-9EA6FF94971A}" = lport=137 | protocol=17 | dir=in | app=system |
"{13962DBD-9A9C-4E9D-9345-184DCCB9BD80}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{26832DB4-2BE7-4A0C-B73E-11DA5E5E316D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{297D8FD4-CB9E-4BD9-BA6C-F969D2A95122}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D3E2D25-B437-477E-9EC0-533270A24D69}" = lport=138 | protocol=17 | dir=in | app=system |
"{37746B49-9AB8-4EF0-9ED4-8A824AF63FDD}" = rport=445 | protocol=6 | dir=out | app=system |
"{38C42FCB-6E95-4B25-925E-B8EB23C4E354}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4CF4B78E-8FA1-4BEC-B9FB-C2E5E8CA4B74}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F325980-74E5-4A43-91E9-B0DF524F02C3}" = lport=139 | protocol=6 | dir=in | app=system |
"{760D549C-59E2-43C5-AC03-78A9CD81A01D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7A3EB109-93C7-4871-B45A-4040B8934A4C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C6514F4-D8E9-4467-859B-55BAC26AB7C7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8957527F-5267-4675-8BCF-5239551784B5}" = lport=445 | protocol=6 | dir=in | app=system |
"{8DA4C1ED-2FDC-408C-8DCD-B8036491AE1A}" = rport=139 | protocol=6 | dir=out | app=system |
"{982EA9A9-FA68-4C8D-907B-A87FCCD7E596}" = rport=138 | protocol=17 | dir=out | app=system |
"{9F030BF5-7488-48B6-8653-FBE647316327}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A6328CD4-A432-4738-9EA2-070F4020AAC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A73FC6AC-29B1-42AC-A5AD-572DD925CBF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B88522C3-5FDA-4AE2-9CD1-05BE8FCA43AB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B89AB3DE-162D-4C9C-B4C8-F0776A3187D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BA8D1E83-CAB7-492D-86F2-7416D0F6A3D4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BAD2EA04-B0F0-46AB-9065-F94677BF3423}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1FD762A-DD31-4944-9697-1A4E98144639}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E77F4F28-0882-4048-B64E-B1D2DD01E5C1}" = rport=137 | protocol=17 | dir=out | app=system |
"{EC2CCD43-DD34-4D9C-8D15-56014745FABF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE423EC4-CCFD-4E8D-B889-484E8C0369ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFB272EC-F3BC-44B2-9380-D42C29964AE2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04205820-CD88-4CD4-B610-6299A6C54A8D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0FC3488D-3854-4C9D-9DE7-27C033A327D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{158111AA-60FE-43F5-B1D0-A24343FD4054}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{21D1C575-CD45-44C4-878B-33F07C33DA75}" = protocol=6 | dir=out | app=system |
"{2F73512C-E783-46AF-B63E-E6FDE8249DFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{319629A6-EC73-46A0-BFEA-AC9CA2EB19AB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3556E0D6-17A1-49B9-9B31-95B2DEEA842C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38A805B2-4353-4102-8724-D2878978EAD8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{38B52814-304B-4293-B305-96E6DC11DAE6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{438A8794-EA60-4B53-932F-0DBC4F122FED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4A8E11B3-7FAA-44AC-B5B9-9F3FC189B3E8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5E22EFA8-9B45-48ED-95EF-614A6889EE3D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{666353C8-9634-4368-963C-CE9D9A8F2144}" = protocol=6 | dir=in | app=c:\users\sysadmin\appdata\roaming\dropbox\bin\dropbox.exe |
"{685F2E07-2510-487F-81EB-3903D58CFD8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6949D48D-DA79-4025-9708-7E08967A7F94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7686F5D6-C1C8-4BE3-A7FD-108E84D75935}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8675659A-C4C3-474B-9B71-A6EF459C3FCE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8F656776-F69B-4E3E-9FF6-05B059E10F38}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{96886629-D133-4FCD-BE9A-1825E145329D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9ADF958E-08FA-4ECA-978D-F1B86DD6A532}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AFB7AFBF-27DC-40BE-99DD-A3562DBF1E61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B6CC4980-FAA6-4FC4-84AC-A6726BDD805C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BBA0B008-0183-4E6E-90A7-7B832A0B1672}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C52370B3-29CB-46DF-93AA-FADD6197E608}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
"{C8BCE768-BA88-465A-B49C-CF5F6651336A}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{D1A25B1D-528F-4D18-80AA-DA57591D9F0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E1D9BA34-CEDF-4B2B-9AAE-F9C5585FE57C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F5B47658-09B6-4D40-8ABF-41A91EF83189}" = protocol=17 | dir=in | app=c:\users\sysadmin\appdata\roaming\dropbox\bin\dropbox.exe |
"{F7C9259C-CD77-4F47-B9D8-6033C0CB4CB5}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
"TCP Query User{215A1383-BDA6-42EF-81F8-4F66E7D6E49E}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{3464F489-6678-4FC7-B70A-89BDD8B753BA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{7276AC62-D9B6-42E5-939B-CC17E7E56463}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{93765329-0449-419E-8438-224105DF18B8}C:\program files\motorola media link\lite\mml.exe" = protocol=6 | dir=in | app=c:\program files\motorola media link\lite\mml.exe |
"TCP Query User{A21A2FB3-0D34-4011-8783-877A7604E665}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{B917836F-C209-4B50-A696-833949CECB5C}C:\users\sysadmin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sysadmin\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D75EC48D-57BB-4A53-813D-549038BC9264}C:\program files\coffeecup software\free ftp\freeftp.exe" = protocol=6 | dir=in | app=c:\program files\coffeecup software\free ftp\freeftp.exe |
"UDP Query User{23A3BD29-BFEB-4A33-AE25-150D91E8B51E}C:\program files\motorola media link\lite\mml.exe" = protocol=17 | dir=in | app=c:\program files\motorola media link\lite\mml.exe |
"UDP Query User{2B9A6FEB-8A70-4A85-8987-CA7F25849329}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{696DAFE6-B0E7-40C9-991D-84640D618179}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{717DB18E-7E2A-4D38-9EC4-2A6139395DD0}C:\users\sysadmin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sysadmin\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A834AE39-D7EB-4F29-9C41-4C199433A606}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{A9521837-6CF2-4E14-856B-251B68215869}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{DF60FB79-CC30-4CC6-8062-AFF4667C70E6}C:\program files\coffeecup software\free ftp\freeftp.exe" = protocol=17 | dir=in | app=c:\program files\coffeecup software\free ftp\freeftp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{018C7ADA-ED29-413F-BE57-2200A0FEFC06}" = Moto Contacts Tool
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 35
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{55352FFB-7062-4058-A7F1-B6B57F310FD9}" = Blaine's Contrast Effects
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93E66E20-4EC9-46BA-B64C-DF135CC0D8B3}" = Blaine's Color Fade Effects
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{96B3175B-2D07-42A1-93C9-7485E4C1E9CC}" = Blaine's Resize Effects
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB2228C5-EA86-44E1-AFF6-58B9CC260CE3}" = HP Deskjet 3050A J611 series Basic Device Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D85517-6EAC-496A-965A-FA349036E74E}" = RehanFX Shader Transitions and Effects (ShaderTFX)
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F35D5A5E-7739-49DB-8A0E-23E2E8F99D1A}" = Motorola Mobile Drivers Installation 5.9.0
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"1ClickDownload" = OnlineHDTV
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"FlashWorks_is1" = FlashWorks
"Free Sound Recorder_is1" = Free Sound Recorder v9.2.7
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Java Media Framework 2.1.1e" = Java Media Framework 2.1.1e
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Media Player - Codec Pack" = Media Player Codec Pack 4.2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MotoHelper" = MotoHelper 2.1.32 Driver 5.9.0
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC Study Bible" = PC Study Bible (remove only)
"PROHYBRIDR" = 2007 Microsoft Office system
"PUBLISHERR" = Microsoft Office Publisher 2007
"RealPlayer 15.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"AirInstaller" = Download Manager and Options
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 1/29/2010 6:22:12 PM | Computer Name = dads_new_laptop | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 11/24/2012 11:33:00 PM | Computer Name = dads_new_laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11622

Error - 11/24/2012 11:33:01 PM | Computer Name = dads_new_laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/24/2012 11:33:01 PM | Computer Name = dads_new_laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12683

Error - 11/24/2012 11:33:01 PM | Computer Name = dads_new_laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12683

Error - 11/24/2012 11:33:02 PM | Computer Name = dads_new_laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/24/2012 11:33:02 PM | Computer Name = dads_new_laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13759

Error - 11/24/2012 11:33:02 PM | Computer Name = dads_new_laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13759

Error - 11/25/2012 9:05:21 PM | Computer Name = dads_new_laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/26/2012 9:24:22 AM | Computer Name = dads_new_laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/26/2012 9:38:07 AM | Computer Name = dads_new_laptop | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 11/28/2009 10:31:46 PM | Computer Name = dads_new_laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15563816
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 6/1/2009 11:28:05 PM | Computer Name = dads_new_laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7632
seconds with 2880 seconds of active time. This session ended with a crash.

Error - 4/19/2011 8:08:30 AM | Computer Name = dads_new_laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/14/2011 3:18:41 PM | Computer Name = dads_new_laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 665
seconds with 0 seconds of active time. This session ended with a crash.


Error encountered while reading event logs.

< End of report >

#7 alanschoeff

alanschoeff
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 26 November 2012 - 12:01 PM

Karsten,
This is part four of the log files (it contains the gmer log which is too large and I have had to split it into parts):


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-26 11:41:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0
Running: r92iyyee.exe; Driver: C:\Users\SysAdmin\AppData\Local\Temp\agaoauod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E01E708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E6817C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8E01F11C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E029F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E029F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E02A0F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E029E96]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E681BBA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E029EDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8E01F310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E02A0B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8E01FA9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E01E756]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E6818AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E01E3BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E01E7A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E023456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E020464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E029F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E029F96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E02A11A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E029EBC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E02A03A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E029F06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E02A0D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E681A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E020330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x8E01FEDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E01E7F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E01E840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8E01F91C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E01E448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E01E5F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E01E59E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8E01FBFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8E01FD5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E01E668]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8E681AF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8E01F794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E01E88E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8E681962]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8E01F498]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E699966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 832BD7D0 4 Bytes [08, E7, 01, 8E]
.text ntkrnlpa.exe!KeSetEvent + 131 832BD7F4 4 Bytes [C8, 17, 68, 8E] {ENTER 0x6817, 0x8e}
.text ntkrnlpa.exe!KeSetEvent + 191 832BD854 4 Bytes [1C, F1, 01, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1D1 832BD894 8 Bytes [28, 9F, 02, 8E, 74, 9F, 02, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 832BD8A0 4 Bytes [F6, A0, 02, 8E]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 833E8633 5 Bytes JMP 8E696806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 83441593 5 Bytes JMP 8E698320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8344AEB8 4 Bytes CALL 8E020B07 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8344EB2C 4 Bytes CALL 8E020B1D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 834A2E8C 7 Bytes JMP 8E69996A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88F55480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88F96900, 0x3CA, 0x48000040]
.text win32k.sys!EngCreateRectRgn + 4537 96AA0470 5 Bytes JMP 8E023F20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + FDC 96AB0628 5 Bytes JMP 8E023FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 96AB9689 5 Bytes JMP 8E024BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 96ABA475 5 Bytes JMP 8E024D3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C2F 96AC2C03 5 Bytes JMP 8E02348C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 96AC3B59 5 Bytes JMP 8E0249A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 30FB 96ACF297 5 Bytes JMP 8E023DDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 456D 96AD0709 5 Bytes JMP 8E0236E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 46BC 96AD0858 5 Bytes JMP 8E02408C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4C51 96AD0DED 5 Bytes JMP 8E0240A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 5239 96AD13D5 5 Bytes JMP 8E023C00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A16 96AEA285 5 Bytes JMP 8E023B40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A6A 96AEA2D9 5 Bytes JMP 8E023E06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 96B11378 5 Bytes JMP 8E02486E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DC 96B13CD5 5 Bytes JMP 8E023592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 96B1A63E 5 Bytes JMP 8E023756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B44 96B24AD4 5 Bytes JMP 8E024DE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 96B279BC 5 Bytes JMP 8E0235AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1D73 96B317E7 5 Bytes JMP 8E02495E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + B990 96B41D8D 5 Bytes JMP 8E023FCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 8C4 96B45F7F 5 Bytes JMP 8E024B20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6F80 96B4C63B 5 Bytes JMP 8E024918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 96B4FDAA 5 Bytes JMP 8E024A6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 96B576C9 5 Bytes JMP 8E023682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 96B75C6A 5 Bytes JMP 8E02393E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 96B7B512 5 Bytes JMP 8E023812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 96B7F04A 5 Bytes JMP 8E024C96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 3775 96B97434 5 Bytes JMP 8E023FE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A15 96B9D57D 5 Bytes JMP 8E023866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D28F 96BA9DF7 5 Bytes JMP 8E023A6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + 10D00 96BAD868 5 Bytes JMP 8E0239D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[284] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\csrss.exe[660] KERNEL32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[704] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\csrss.exe[716] KERNEL32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\services.exe[748] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text ...
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000703FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00070600
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00071014
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00070804
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00070A08
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00070C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00070E10
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000701F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00080600
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00080804
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00080A08
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000801F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1216] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[1236] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1272] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\igfxext.exe[1316] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxext.exe[1316] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxext.exe[1316] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\igfxext.exe[1316] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00170600
.text C:\Windows\system32\igfxext.exe[1316] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00170804
.text C:\Windows\system32\igfxext.exe[1316] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\igfxext.exe[1316] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxext.exe[1316] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\igfxext.exe[1316] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxext.exe[1316] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxext.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\igfxext.exe[1316] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxext.exe[1316] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxext.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\igfxext.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\igfxext.exe[1316] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\AUDIODG.EXE[1368] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00170600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00170804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00170A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 002803FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00280600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00281014
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00280804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00280A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00280C0C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00280E10
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1492] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 002801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00171014
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00170C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00170E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1608] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1612] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1808] kernel32.dll!SetUnhandledExceptionFilter 7757A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1808] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1816] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[1832] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000803FC
.text C:\Windows\System32\spoolsv.exe[1972] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\agrsmsvc.exe[2004] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2060] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2072] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00170600
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00170804
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00170A08
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001701F8
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001703FC
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001803FC
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00180600
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00181014
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00180804
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00180A08
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00180C0C
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00180E10
.text C:\Users\SysAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2196] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001801F8
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00170600
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00180600
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00180804
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00180A08
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[2200] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[2236] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2236] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2236] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2236] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2236] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2236] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2236] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00C60600
.text C:\Windows\system32\svchost.exe[2236] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00C60804
.text C:\Windows\system32\svchost.exe[2236] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00C60A08
.text C:\Windows\system32\svchost.exe[2236] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 00C601F8
.text C:\Windows\system32\svchost.exe[2236] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 00C603FC
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001401F8
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001403FC
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00160600
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00160804
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00160A08
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 002703FC
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00270600
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00271014
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00270804
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00270A08
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00270C0C
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00270E10
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2596] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 002701F8
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00180600
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001801F8
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00190600
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00190804
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00190A08
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001901F8
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2600] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001903FC
.text C:\Windows\System32\svchost.exe[2644] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2644] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2644] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2644] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00100600
.text C:\Windows\System32\svchost.exe[2644] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00100804
.text C:\Windows\System32\svchost.exe[2644] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00100A08
.text C:\Windows\System32\svchost.exe[2644] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001001F8
.text C:\Windows\System32\svchost.exe[2644] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001003FC
.text C:\Windows\System32\svchost.exe[2672] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2672] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2672] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2672] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2672] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2672] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2672] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2672] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2672] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2672] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2672] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2688] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2688] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2688] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2688] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[2688] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 000F0804
.text C:\Windows\system32\svchost.exe[2688] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 000F0A08
.text C:\Windows\system32\svchost.exe[2688] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000F01F8
.text C:\Windows\system32\svchost.exe[2688] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000F03FC
.text C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe[2704] KERNEL32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2716] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2716] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2716] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[2716] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000B01F8
.text C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe[2744] KERNEL32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2796] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00070600
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00070804
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00070A08
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000701F8
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000703FC
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001803FC
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00180600
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00181014
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00180804
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00180A08
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00180C0C
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00180E10
.text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2904] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\Dwm.exe[2952] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[2952] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[2952] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2952] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[2952] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[2952] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[2952] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[2952] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[2952] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[2952] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[2952] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[2952] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[2952] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[2952] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[2952] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[2952] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00170600
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00180600
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00180804
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00180A08
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2972] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2980] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2988] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2988] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2988] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2988] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2988] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2988] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2988] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2988] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2988] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2988] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2988] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2988] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2988] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00180600
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3024] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\TODDSrv.exe[3052] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Windows\system32\TODDSrv.exe[3052] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Windows\system32\TODDSrv.exe[3052] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\TODDSrv.exe[3052] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00170600
.text C:\Windows\system32\TODDSrv.exe[3052] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00170804
.text C:\Windows\system32\TODDSrv.exe[3052] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\TODDSrv.exe[3052] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\TODDSrv.exe[3052] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\TODDSrv.exe[3052] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\TODDSrv.exe[3052] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\TODDSrv.exe[3052] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\TODDSrv.exe[3052] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\TODDSrv.exe[3052] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\TODDSrv.exe[3052] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\TODDSrv.exe[3052] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\TODDSrv.exe[3052] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\taskeng.exe[3076] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3076] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3076] kernel32.dll!GetBinaryTypeW + 70

#8 alanschoeff

alanschoeff
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 26 November 2012 - 12:02 PM

Karsten,

This is part 5 of the log files and part 2 of the gmer log

775A2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3076] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00090600
.text C:\Windows\system32\taskeng.exe[3076] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00090804
.text C:\Windows\system32\taskeng.exe[3076] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\taskeng.exe[3076] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskeng.exe[3076] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000903FC
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001A03FC
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 001A0600
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 001A1014
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 001A0804
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 001A0A08
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 001A0C0C
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 001A0E10
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001A01F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 001B0600
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 001B0804
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 001B0A08
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001B01F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3092] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001B03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00181014
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3120] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001801F8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000401F8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000403FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] kernel32.dll!SetUnhandledExceptionFilter 7757A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00260600
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00260804
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00260A08
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 002601F8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 002603FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 002703FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00270600
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00271014
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00270804
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00270A08
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00270C0C
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00270E10
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3136] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 002701F8
.text C:\Windows\Explorer.EXE[3224] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[3224] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[3224] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\Explorer.EXE[3224] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[3224] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[3224] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[3224] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[3224] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[3224] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[3224] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[3224] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[3224] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[3224] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[3224] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[3224] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[3224] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000803FC
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001703FC
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00170600
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00171014
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00170804
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00170A08
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00170C0C
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00170E10
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001701F8
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00180600
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00180804
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00180A08
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001801F8
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3252] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3300] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3300] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3300] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3300] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3300] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3300] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00161014
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3300] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3300] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3300] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00160C0C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3300] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00160E10
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3300] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001601F8
.text C:\Windows\System32\svchost.exe[3320] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3320] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3320] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3320] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[3320] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[3320] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[3320] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[3320] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[3320] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[3320] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[3320] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3336] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\SearchIndexer.exe[3340] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[3340] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[3340] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3340] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[3340] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[3340] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[3340] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[3340] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[3340] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[3340] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[3340] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3340] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3340] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[3340] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[3340] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[3340] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00160600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00160804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00160A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00170600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3384] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001701F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00170600
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00170804
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00170A08
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001701F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001703FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001803FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00180600
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00181014
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00180804
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00180A08
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3468] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3492] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00200600
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00200804
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00200A08
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 002001F8
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 002003FC
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 002103FC
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00210600
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00211014
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00210804
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00210A08
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00210C0C
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00210E10
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3560] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 002101F8
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00070600
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00070804
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00070A08
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000701F8
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000703FC
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000803FC
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00080600
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00081014
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00080804
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00080A08
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00080C0C
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00080E10
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe[3608] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00181014
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3736] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\igfxtray.exe[3776] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxtray.exe[3776] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxtray.exe[3776] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[3776] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxtray.exe[3776] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxtray.exe[3776] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxtray.exe[3776] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\igfxtray.exe[3776] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxtray.exe[3776] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\igfxtray.exe[3776] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00190600
.text C:\Windows\System32\igfxtray.exe[3776] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\igfxtray.exe[3776] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxtray.exe[3776] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\igfxtray.exe[3776] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\igfxtray.exe[3776] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\igfxtray.exe[3776] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001901F8
.text C:\Windows\System32\hkcmd.exe[3788] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Windows\System32\hkcmd.exe[3788] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Windows\System32\hkcmd.exe[3788] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[3788] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00180600
.text C:\Windows\System32\hkcmd.exe[3788] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00180804
.text C:\Windows\System32\hkcmd.exe[3788] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\hkcmd.exe[3788] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\hkcmd.exe[3788] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\hkcmd.exe[3788] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[3788] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00190600
.text C:\Windows\System32\hkcmd.exe[3788] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\hkcmd.exe[3788] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\hkcmd.exe[3788] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\hkcmd.exe[3788] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\hkcmd.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\hkcmd.exe[3788] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001901F8
.text C:\Windows\System32\igfxpers.exe[3812] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxpers.exe[3812] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxpers.exe[3812] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[3812] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00170600
.text C:\Windows\System32\igfxpers.exe[3812] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00170804
.text C:\Windows\System32\igfxpers.exe[3812] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\igfxpers.exe[3812] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\igfxpers.exe[3812] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001703FC
.text C:\Windows\System32\igfxpers.exe[3812] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxpers.exe[3812] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxpers.exe[3812] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00181014
.text C:\Windows\System32\igfxpers.exe[3812] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxpers.exe[3812] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxpers.exe[3812] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00180C0C
.text C:\Windows\System32\igfxpers.exe[3812] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00180E10
.text C:\Windows\System32\igfxpers.exe[3812] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[3880] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[3880] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[3880] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[3880] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001703FC
.text C:\Windows\RtHDVCpl.exe[3880] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00170600
.text C:\Windows\RtHDVCpl.exe[3880] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00171014
.text C:\Windows\RtHDVCpl.exe[3880] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00170804
.text C:\Windows\RtHDVCpl.exe[3880] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00170A08
.text C:\Windows\RtHDVCpl.exe[3880] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00170C0C
.text C:\Windows\RtHDVCpl.exe[3880] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00170E10
.text C:\Windows\RtHDVCpl.exe[3880] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001701F8
.text C:\Windows\RtHDVCpl.exe[3880] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00180600
.text C:\Windows\RtHDVCpl.exe[3880] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00180804
.text C:\Windows\RtHDVCpl.exe[3880] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00180A08
.text C:\Windows\RtHDVCpl.exe[3880] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[3880] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00160600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00160804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00160A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00170600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3888] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxsrvc.exe[3896] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxsrvc.exe[3896] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxsrvc.exe[3896] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3896] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxsrvc.exe[3896] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxsrvc.exe[3896] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxsrvc.exe[3896] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\igfxsrvc.exe[3896] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[3896] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001903FC
.text C:\Windows\system32\igfxsrvc.exe[3896] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00190600
.text C:\Windows\system32\igfxsrvc.exe[3896] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00191014
.text C:\Windows\system32\igfxsrvc.exe[3896] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00190804
.text C:\Windows\system32\igfxsrvc.exe[3896] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00190A08
.text C:\Windows\system32\igfxsrvc.exe[3896] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00190C0C
.text C:\Windows\system32\igfxsrvc.exe[3896] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00190E10
.text C:\Windows\system32\igfxsrvc.exe[3896] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001901F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001401F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001403FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00160600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00160804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00160A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001A03FC
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 001A0600
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 001A1014
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 001A0804
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 001A0A08
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 001A0C0C
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 001A0E10
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001A01F8
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 001B0600
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 001B0804
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 001B0A08
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001B01F8
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3968] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001B03FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00180600
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3980] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001801F8
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00180600
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00180804
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00180A08
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 002903FC
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00290600
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00291014
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00290804
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00290A08
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00290C0C
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00290E10
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3988] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 002901F8
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00090600
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00090804
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Defender\MSASCui.exe[4000] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000903FC
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 002C0600
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 002C0804
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 002C0A08
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 002C01F8
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 002C03FC
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 002D03FC
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 002D0600
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 002D1014
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 002D0804
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 002D0A08
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 002D0C0C
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 002D0E10
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[4052] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 002D01F8
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00070600
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00070804
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00070A08
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000701F8
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000703FC
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001803FC
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00180600
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00181014
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00180804
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00180A08
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe[4196] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\wuauclt.exe[4912] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000601F8
.text C:\Windows\system32\wuauclt.exe[4912] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000603FC
.text C:\Windows\system32\wuauclt.exe[4912] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[4912] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00070600
.text C:\Windows\system32\wuauclt.exe[4912] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00070804
.text C:\Windows\system32\wuauclt.exe[4912] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\wuauclt.exe[4912] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[4912] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[4912] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\wuauclt.exe[4912] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\wuauclt.exe[4912] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\wuauclt.exe[4912] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\wuauclt.exe[4912] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\wuauclt.exe[4912] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\wuauclt.exe[4912] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\wuauclt.exe[4912] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00171014
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00170C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00170E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4976] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001803FC
.text C:\Program Files\iPod\bin\iPodService.exe[5780] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Program Files\iPod\bin\iPodService.exe[5780] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Program Files\iPod\bin\iPodService.exe[5780] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[5780] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001703FC
.text C:\Program Files\iPod\bin\iPodService.exe[5780] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00170600
.text C:\Program Files\iPod\bin\iPodService.exe[5780] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00171014
.text C:\Program Files\iPod\bin\iPodService.exe[5780] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00170804
.text C:\Program Files\iPod\bin\iPodService.exe[5780] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00170A08
.text C:\Program Files\iPod\bin\iPodService.exe[5780] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00170C0C
.text C:\Program Files\iPod\bin\iPodService.exe[5780] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00170E10
.text C:\Program Files\iPod\bin\iPodService.exe[5780] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001701F8
.text C:\Program Files\iPod\bin\iPodService.exe[5780] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00980600
.text C:\Program Files\iPod\bin\iPodService.exe[5780] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00980804
.text C:\Program Files\iPod\bin\iPodService.exe[5780] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00980A08
.text C:\Program Files\iPod\bin\iPodService.exe[5780] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 009801F8
.text C:\Program Files\iPod\bin\iPodService.exe[5780] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 009803FC
.text C:\Windows\system32\svchost.exe[5860] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[5860] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[5860] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[5860] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[5860] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[5860] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[5860] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[5860] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[5860] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[5860] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[5860] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 000B01F8
.text C:\Users\SysAdmin\Desktop\r92iyyee.exe[6052] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] ntdll.dll!LdrLoadDll 77949378 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] ntdll.dll!LdrUnloadDll 7795B680 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] kernel32.dll!GetBinaryTypeW + 70 775A2467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] USER32.dll!SetWindowsHookExA 77856322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] USER32.dll!SetWindowsHookExW 778587AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] USER32.dll!UnhookWindowsHookEx 778598DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] USER32.dll!SetWinEventHook 77859F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] USER32.dll!UnhookWinEvent 7785C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] ADVAPI32.dll!CreateServiceW 77079EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] ADVAPI32.dll!DeleteService 7707A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] ADVAPI32.dll!SetServiceObjectSecurity 770B6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] ADVAPI32.dll!ChangeServiceConfigA 770B6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] ADVAPI32.dll!ChangeServiceConfigW 770B6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] ADVAPI32.dll!ChangeServiceConfig2A 770B7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] ADVAPI32.dll!ChangeServiceConfig2W 770B71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6132] ADVAPI32.dll!CreateServiceA 770B72A1 5 Bytes JMP 001801F8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[748] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[748] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1808] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7064F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2796] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7064F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BE7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C2B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BEBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73BDF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BE75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73BDE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73C173F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73BEDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73BDFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73BDFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73BD71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73C6CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73C0C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73BDD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73BD6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73BD687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BE2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

#9 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 PM

Posted 26 November 2012 - 01:21 PM

Hi alanschoeff :)
I will need some time to review these logs. Thank you in advance for your patience.

#10 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 PM

Posted 28 November 2012 - 02:48 PM

Hi alanschoeff :)
I will now let AdwCleaner remove the different adware etc. Please do the following:
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
NEXT

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup:
  • AdwCleaner log
  • Eset Online Scanner log
  • How is the PC behaving at this time?


#11 alanschoeff

alanschoeff
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 28 November 2012 - 08:54 PM

Karsten,

I have completed the two steps requested. Here are the logs.
# AdwCleaner v2.009 - Logfile created 11/28/2012 at 17:37:53
# Updated 24/11/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : SysAdmin - DADS_NEW_LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\SysAdmin\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\SysAdmin\AppData\Local\Conduit
Folder Deleted : C:\Users\SysAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\SysAdmin\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\SysAdmin\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\SysAdmin\AppData\Local\Temp\CT2704262
Folder Deleted : C:\Users\SysAdmin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\Conduit
Folder Deleted : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\ConduitCommon
Folder Deleted : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\ConduitEngine
Folder Deleted : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\CT2642709
Folder Deleted : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\CT2704262
Folder Deleted : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a}
Folder Deleted : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}(885)
Folder Deleted : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions\engine@conduit.com
Folder Deleted : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\extensions\plugin@yontoo.com

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\prefs.js

C:\Users\SysAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\8cn9s3pp.default\user.js ... Deleted !

[OK] File is clean.

Profile name : default
File : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\rf3h90x8.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\ldi0uwfl.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\SysAdmin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4617 octets] - [26/11/2012 08:41:43]
AdwCleaner[S1].txt - [4731 octets] - [28/11/2012 17:37:53]

########## EOF - C:\AdwCleaner[S1].txt - [4791 octets] ##########

C:\Users\Alan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\9687253-5f794587 multiple threats deleted - quarantined
C:\Users\Julie\AppData\Local\Temp\jar_cache2368121421133964295.tmp a variant of Java/Exploit.Agent.NDH trojan deleted - quarantined
C:\Users\Julie\AppData\Local\Temp\jar_cache3415615446692385622.tmp a variant of Java/Exploit.CVE-2010-0842.L trojan deleted - quarantined
C:\Users\Julie\AppData\Local\Temp\jar_cache7135708450822475485.tmp multiple threats deleted - quarantined
C:\Users\Julie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\4b6dd006-2190c325 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Users\SysAdmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0JWQ6OC\software[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\SysAdmin\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\SysAdmin\Downloads\media.player.codec.pack.v4.2.0.setup.exe probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\SysAdmin\Downloads\SoftonicDownloader_for_picasa.exe Win32/SoftonicDownloader.C application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZG198WK\upgrade[1].cab a variant of Win32/Adware.OneStep.Y application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SDO081DL\upgrade[1].cab a variant of Win32/Adware.OneStep.Y application deleted - quarantined

I will reply concerning how the laptop is acting after some use tonight.

#12 alanschoeff

alanschoeff
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 29 November 2012 - 08:18 AM

after surfing some, i did not get the avast warning I was getting, but it still seems slow.

#13 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 PM

Posted 29 November 2012 - 12:58 PM

Hi alanschoeff :)
I would like to rule out all malware with this tool, please do the following:
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you are asked to download signatures press NO to that.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


#14 alanschoeff

alanschoeff
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 29 November 2012 - 04:45 PM

Karsten,

This was a very short log. I hope I ran completely. I was not sure what to expect, but it ran very quickly.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-29 16:37:28
-----------------------------
16:37:28.019 OS Version: Windows 6.0.6002 Service Pack 2
16:37:28.019 Number of processors: 2 586 0xF0D
16:37:28.021 ComputerName: DADS_NEW_LAPTOP UserName: SysAdmin
16:38:17.391 Initialize success
16:38:20.165 AVAST engine defs: 12112900
16:38:44.800 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:38:44.802 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
16:38:44.819 Disk 0 MBR read successfully
16:38:44.822 Disk 0 MBR scan
16:38:44.826 Disk 0 Windows VISTA default MBR code
16:38:44.836 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
16:38:44.850 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 229585 MB offset 3074048
16:38:44.886 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7389 MB offset 473264128
16:38:44.893 Disk 0 scanning sectors +488396800
16:38:44.954 Disk 0 scanning C:\Windows\system32\drivers
16:38:56.330 Service scanning
16:39:18.624 Modules scanning
16:39:25.268 Disk 0 trace - called modules:
16:39:25.632 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:39:25.638 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ebd948]
16:39:25.647 3 CLASSPNP.SYS[88d118b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d39028]
16:39:27.044 AVAST engine scan C:\Windows
16:39:33.382 AVAST engine scan C:\Windows\system32
16:43:11.392 AVAST engine scan C:\Windows\system32\drivers
16:43:42.601 AVAST engine scan C:\Users\SysAdmin
16:44:11.220 Disk 0 MBR has been saved successfully to "C:\Users\SysAdmin\Desktop\MBR.dat"
16:44:11.226 The log file has been saved successfully to "C:\Users\SysAdmin\Desktop\aswMBR.txt"

#15 alanschoeff

alanschoeff
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 30 November 2012 - 01:01 PM

Karsten,

I wanted to give you a quick update.
I got another avast warning today while surfing.

Thanks,
alan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users