Computer is crawling slow

ptrkptz · #1 July 4th, 2012, 09:45 PM

Hey all,
I was hoping that someone would help me with my XP Computer, recently is has become unbearably slow... I can't run more than one thing at a time, but the CPU shows somewhere in the 90s as free.
Hoping someone can help.

**Jintan** · #2 July 5th, 2012, 01:20 AM

Hello ptrkptz,

Hope I didn't misspell that. Let's take a look, and get that computer crawling real fast, instead of slow.

To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
If avast! antivirus is already installed, just do the next step.
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.

ptrkptz · #3 July 7th, 2012, 08:32 PM

Thanks for the help... here are the logs:

OTL logfile created on: 7/7/2012 10:19:52 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Patrick\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 60.73% Memory free
2.11 Gb Paging File | 1.67 Gb Available in Paging File | 79.52% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 25.29 Gb Free Space | 33.96% Space Free | Partition Type: NTFS

Computer Name: PE0110 | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/07 10:19:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\My Documents\Downloads\OTL.exe
PRC - [2012/06/28 05:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/28 19:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/09/28 19:34:16 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/11/20 15:12:24 | 000,282,713 | ---- | M] (GlobespanVirata, Inc.) -- C:\WINDOWS\SYSTEM32\PRISMSVR.exe
PRC - [2003/08/13 10:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/06 23:50:25 | 001,781,248 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12070700\algo.dll
MOD - [2012/07/05 14:14:14 | 001,781,248 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12070501\algo.dll
MOD - [2012/07/03 14:15:39 | 004,051,456 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll
MOD - [2012/07/03 14:15:39 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll
MOD - [2012/06/28 05:28:56 | 000,438,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppgoo glenaclpluginchrome.dll
MOD - [2012/06/28 05:28:54 | 003,972,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.d ll
MOD - [2012/06/28 05:27:29 | 000,140,328 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avuti l-51.dll
MOD - [2012/06/28 05:27:28 | 000,262,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avfor mat-54.dll
MOD - [2012/06/28 05:27:26 | 002,386,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avcod ec-54.dll
MOD - [2012/06/28 03:27:26 | 009,252,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf 32.dll
MOD - [2009/09/15 18:07:50 | 001,063,248 | ---- | M] () -- C:\Program Files\LogMeIn\x86\ICSAgent32.dll
MOD - [2007/07/12 22:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\SYSTEM32\cpwmon2k.dll
MOD - [2003/11/20 15:28:38 | 000,651,264 | R--- | M] () -- C:\WINDOWS\SYSTEM32\libeay32.dll
MOD - [2003/11/20 15:28:38 | 000,147,456 | R--- | M] () -- C:\WINDOWS\SYSTEM32\ssleay32.dll
MOD - [2003/04/30 19:43:32 | 000,078,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DLBKPP5C .DLL
MOD - [2003/02/11 18:56:20 | 000,049,152 | ---- | M] () -- C:\Program Files\Dell AIO Printer A920\ConvDIB.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Unknown] -- -- (Dcpsecastmm)
SRV - [2012/05/05 15:19:05 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/28 19:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe -- (SymWSC)
SRV - [2004/09/22 10:37:02 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SensorsViewPro41\drv\sensorsview32.sys -- (sensorsview)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2011/07/04 06:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 06:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 06:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 06:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 06:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 06:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 06:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2006/05/19 16:16:24 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/05/19 16:16:24 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/04/19 18:06:24 | 000,014,464 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tbhsd.sys -- (tbhsd)
DRV - [2006/03/20 23:19:30 | 000,657,152 | ---- | M] (Windows (R) 2000/XP) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SndTDriverV32.sys -- (SndTDriverV32)
DRV - [2006/01/24 19:23:34 | 000,006,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sysid.sys -- (sysid)
DRV - [2005/08/17 09:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 09:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 09:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 09:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2004/07/21 21:53:07 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003/11/20 15:28:38 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/11 12:12:00 | 000,336,800 | ---- | M] (GlobespanVirata, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PRISMA02.sys -- (DELL_A02)
DRV - [2003/08/14 10:58:12 | 001,296,384 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\..\SearchScopes,DefaultScope = {1F91F254-BA1F-4314-976C-D829FC112243}
IE - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\..\SearchScopes\{1F91F254-BA1F-4314-976C-D829FC112243}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8&rlz=
IE - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {962e0d4d-6b89-4b73-aa72-df03360da12e}:0.3.8
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: goo.gl_lite@matthew.flaschen.gatech.edu:1.7.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/06 08:42:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/05 15:19:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/04 15:48:20 | 000,000,000 | ---D | M]

[2008/09/22 20:08:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions
[2012/06/30 16:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\zpm0ile3.default\ext ensions
[2010/09/07 10:31:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\zpm0ile3.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/30 16:12:58 | 000,000,000 | ---D | M] (goo.gl lite) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\zpm0ile3.default\ext ensions\goo.gl_lite@matthew.flaschen.gatech.edu
[2006/06/16 17:55:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\zpm0ile3.default\ext ensions\temp
[2012/05/05 15:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/30 16:12:59 | 000,084,634 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PATRICK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZPM0ILE3.DEFAULT\EXT ENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2012/06/30 16:13:00 | 000,004,271 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PATRICK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZPM0ILE3.DEFAULT\EXT ENSIONS\{962E0D4D-6B89-4B73-AA72-DF03360DA12E}.XPI
[2011/08/06 08:42:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/01/01 15:46:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/05/05 15:19:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/01 15:46:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/06/17 13:32:22 | 000,053,248 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2012/05/05 15:19:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/05 15:19:01 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}sourceid=chrome&ie= {inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client=chrome&hl={language}&q={searc hTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoo gleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.d ll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf 32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: NapsterLink (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\
CHR - Extension: goo.gl URL Shortener = C:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocd bnlagk\0.7.2_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnp ncnbda\6.0.1203_0\
CHR - Extension: Late Night = C:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonf kipohm\1.0\
CHR - Extension: Gmail = C:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2008/02/17 11:33:41 | 000,224,678 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7885 more lines...
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\..\Toolbar\WebBrowser: (JunoBar) - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\toolbar.dll File not found
O3 - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\..\Toolbar\WebBrowser: (JunoBar) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\Juno\Toolbar.dll File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PRISMSVR.EXE] C:\WINDOWS\System32\PRISMSVR.EXE (GlobespanVirata, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3282942883-3049317573-3453175993-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.microsoft.com/downlo...?1093982022301 (MSSecurityAdvisor Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeup...tent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} http://www.webshots.com/samplers/WSDownloader.ocx (WSDownloader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{163080A6-45C7-4212-B6DB-DBBDD8CA215A}: DhcpNameServer = 10.1.1.11 10.1.1.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{4A6FFCFA-B289-4F1F-AC7E-82C16D83F184}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 10:17:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Patrick\Recent
[2012/07/04 16:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012/07/04 15:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/07/02 17:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Desktop\Bellevue
[2012/07/02 17:27:54 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/07/02 17:27:54 | 000,017,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/07/02 17:27:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Patrick\My Documents\My Shapes
[2012/07/02 16:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/07/02 16:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012/07/02 16:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/07/02 16:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft Help
[2012/07/02 16:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/06/28 19:36:34 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/17 16:47:39 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/07 10:11:02 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/07 09:46:21 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/07/07 09:45:23 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/07 09:44:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/07/07 09:44:55 | 1609,617,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/05 20:43:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3282942883-3049317573-3453175993-1010UA.job
[2012/07/05 20:12:34 | 000,344,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/02 22:14:49 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/07/02 18:21:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/02 18:14:15 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/28 20:39:26 | 000,521,314 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/06/28 20:39:26 | 000,088,596 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/06/28 19:36:34 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/28 19:36:34 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/17 19:17:04 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/17 18:12:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/10/26 17:48:55 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2008/02/15 18:13:24 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\Patrick\numlock.vbs
[2007/10/21 13:59:09 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\FASTApp.html
[2004/11/21 17:36:01 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\fusioncache.dat
[2004/11/21 17:31:52 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

ptrkptz · #4 July 7th, 2012, 08:32 PM

OTL Extras logfile created on: 7/7/2012 10:19:52 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Patrick\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 60.73% Memory free
2.11 Gb Paging File | 1.67 Gb Available in Paging File | 79.52% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 25.29 Gb Free Space | 33.96% Space Free | Partition Type: NTFS

Computer Name: PE0110 | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_USERS\S-1-5-21-3282942883-3049317573-3453175993-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet

isabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet

isabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe" = C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe:*:Enabled:Sunbelt Kerio Personal Firewall 4 - GUI
"C:\Program Files\Napster\napster.exe" = C:\Program Files\Napster\napster.exe:*:Enabled:Napster -- (Napster)
"C:\Program Files\FTP Commander Pro\cftp.exe" = C:\Program Files\FTP Commander Pro\cftp.exe:*:Enabled:cftp
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:Turbo Tax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet

isabled:In tuit Update v4 Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{1990DE06-9769-46E7-8B9E-1631165F2859}" = TurboTax 2011 wneiper
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{216BB99F-F43D-46E8-BC11-06F2A696675D}" = AxCrypt 1.7.2614.0
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIOR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = TrueMobile 1300 USB 2.0 WLAN
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E5DF32-8248-4347-908C-E030EDAE4368}" = DA920EN
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced IP Scanner v1.4" = Advanced IP Scanner v1.4
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Cleanse Uninstaller" = Cleanse Uninstaller 2.57
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F1 4F1" = Conexant D850 56K V.9x DFVc Modem
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Dell AIO Printer A920" = Dell AIO Printer A920
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (766)
"FTP Commander" = FTP Commander
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HTPE3" = HyperTerminal Private Edition v6.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mix-FX" = Mix-FX
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Packet Tracer 4.1 (No Tutorials)_is1" = Packet Tracer 4.1
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Shockwave" = Shockwave
"SoundTaxi_is1" = SoundTaxi 1.0
"SpywareBlaster_is1" = SpywareBlaster 4.6
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TurboTax 2011" = TurboTax 2011
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2012 5:49:21 PM | Computer Name = PE0110 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
- 1>Failed to compile: System.DirectoryServices, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06

Error - 6/30/2012 5:49:22 PM | Computer Name = PE0110 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
- 1>Failed to compile: System.DirectoryServices, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06

Error - 6/30/2012 5:49:22 PM | Computer Name = PE0110 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
- 1>Failed to compile: System.EnterpriseServices, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06

Error - 7/4/2012 3:26:32 AM | Computer Name = PE0110 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/4/2012 3:26:32 AM | Computer Name = PE0110 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3616766

Error - 7/4/2012 3:26:32 AM | Computer Name = PE0110 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3616766

Error - 7/4/2012 4:25:43 PM | Computer Name = PE0110 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/4/2012 5:05:23 PM | Computer Name = PE0110 | Source = Application Error | ID = 1000
Description = Faulting application OSE.EXE, version 14.0.4730.1010, faulting module
OSE.EXE, version 14.0.4730.1010, fault address 0x00004ec9.

Error - 7/5/2012 9:34:46 PM | Computer Name = PE0110 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/5/2012 9:34:46 PM | Computer Name = PE0110 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 5/23/2012 4:14:12 PM | Computer Name = PE0110 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 5/23/2012 4:14:12 PM | Computer Name = PE0110 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 6/5/2012 10:33:53 PM | Computer Name = PE0110 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 6/9/2012 9:03:15 AM | Computer Name = PE0110 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.106 on
the Network Card with network address 00111104D25E.

Error - 6/17/2012 5:31:45 PM | Computer Name = PE0110 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.106 on
the Network Card with network address 00111104D25E.

Error - 6/26/2012 4:47:39 PM | Computer Name = PE0110 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 6/30/2012 9:43:25 PM | Computer Name = PE0110 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 7/2/2012 5:43:16 PM | Computer Name = PE0110 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.106 on
the Network Card with network address 00111104D25E.

Error - 7/5/2012 9:17:28 PM | Computer Name = PE0110 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 00111104D25E.

Error - 7/5/2012 9:55:10 PM | Computer Name = PE0110 | Source = Dhcp | ID = 1002
Description = The IP address lease 98.179.24.161 for the Network Card with network
address 00111104D25E has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

< End of report >

ptrkptz · #5 July 7th, 2012, 08:35 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-07 13:43:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-75FJA1 rev.14.03G14
Running: 1cw9n4dk.exe; Driver: C:\DOCUME~1\Patrick\LOCALS~1\Temp\pxtdapog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAFBD5202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAFC3BD8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAFBF96C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAFBD77F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAFBD7848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAFBD795E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAFBF9075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAFBD7746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAFBD7898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAFBD779A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAFBD790C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAFBD5226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAFBF9D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAFBFA03D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAFBD7BE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAFBF9BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAFBF9A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAFC3BE3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAFBD4FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAFBD524A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAFBD7D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAFBD5CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAFBD7820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAFBD7870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAFBD7988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAFBF93D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAFBD7772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAFBD7A1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAFBD78D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAFBD77C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAFBD7AFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAFBD7936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAFC3BED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAFBF98D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAFBD5BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAFBF972A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAFC4410E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAFBF86E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAFBD526E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAFBD5292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAFBD504A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAFBD5186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAFBF9E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAFBD5162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAFBD51AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAFBD52B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAFC51398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 3A6 804E4C00 4 Bytes [E8, 86, BF, AF]
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP AFC4E7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576705 4 Bytes CALL AFBD6335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7F4 7 Bytes JMP AFC5139C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E0536 5 Bytes JMP AFC4CD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB95B0340, 0xFD9DF, 0xF8000020]
.text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP AFBD8CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP AFBD8BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP AFBD7F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP AFBD8E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP AFBD9014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839EAC 5 Bytes JMP AFBD8B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85174B 5 Bytes JMP AFBD7E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5 Bytes JMP AFBD8180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5 Bytes JMP AFBD8326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5F2 5 Bytes JMP AFBD7E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649C1 5 Bytes JMP AFBD8BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4138 BF873D04 5 Bytes JMP AFBD82FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF894515 5 Bytes JMP AFBD8D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894FED 5 Bytes JMP AFBD8F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D928 5 Bytes JMP AFBD7FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9DC BF8C1E70 5 Bytes JMP AFBD803E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA2D2 5 Bytes JMP AFBD80AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA552 5 Bytes JMP AFBD80E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EBF17 5 Bytes JMP AFBD7D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A5A BF913814 5 Bytes JMP AFBD7EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 262E BF9143E8 5 Bytes JMP AFBD8008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4FA7 BF916D61 5 Bytes JMP AFBD8440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1937 BF946E38 5 Bytes JMP AFBD8ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x2342C0, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\dla\tfswctrl.exe[180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\CTsvcCDA.exe[348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\LEXBCES.EXE[356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LEXBCES.EXE[356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\LEXBCES.EXE[356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LEXBCES.EXE[356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LEXBCES.EXE[356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LEXBCES.EXE[356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LEXBCES.EXE[356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\LEXBCES.EXE[356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LEXBCES.EXE[356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\LEXBCES.EXE[356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\LEXBCES.EXE[356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\LEXBCES.EXE[356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\LEXBCES.EXE[356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\LEXBCES.EXE[356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\LEXBCES.EXE[356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\LEXBCES.EXE[356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\LEXBCES.EXE[356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\LEXPPS.EXE[424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LEXPPS.EXE[424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\LEXPPS.EXE[424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LEXPPS.EXE[424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LEXPPS.EXE[424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\LEXPPS.EXE[424] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LEXPPS.EXE[424] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LEXPPS.EXE[424] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\LEXPPS.EXE[424] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\LEXPPS.EXE[424] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LEXPPS.EXE[424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\LEXPPS.EXE[424] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\LEXPPS.EXE[424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\LEXPPS.EXE[424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\LEXPPS.EXE[424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\LEXPPS.EXE[424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\LEXPPS.EXE[424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\spoolsv.exe[432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[432] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[432] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[432] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[432] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[432] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[432] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[432] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[432] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[432] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[432] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[432] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[676] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[700] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[700] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[700] USER32.dll!UnhookWinEvent

ptrkptz · #6 July 7th, 2012, 08:35 PM

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[744] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[744] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[960] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[960] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[960] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[960] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[1096] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1272] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1272] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1272] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1272] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1364] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\PRISMSVR.EXE[1408] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1520] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1520] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[1696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[1696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[1696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[1696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[1696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[1696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[1696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[1696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[1696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[1696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[1696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[1696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[1696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Digital Line Detect\DLG.exe[1972] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600

ptrkptz · #7 July 7th, 2012, 08:36 PM

.text C:\WINDOWS\System32\DSentry.exe[2032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\DSentry.exe[2032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\DSentry.exe[2032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\DSentry.exe[2032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\DSentry.exe[2032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\System32\DSentry.exe[2032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\DSentry.exe[2032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\DSentry.exe[2032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\System32\DSentry.exe[2032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\System32\DSentry.exe[2032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\DSentry.exe[2032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\DSentry.exe[2032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\DSentry.exe[2032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\DSentry.exe[2032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\DSentry.exe[2032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\DSentry.exe[2032] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\DSentry.exe[2032] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2524] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2568] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2568] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2568] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2568] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00901014
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2568] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00900804
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2568] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00900A08
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2568] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00900C0C
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2568] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00900E10
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2568] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009001F8
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2568] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009003FC
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2568] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00900600
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\System32\nvsvc32.exe[2636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\nvsvc32.exe[2636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\nvsvc32.exe[2636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\nvsvc32.exe[2636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\nvsvc32.exe[2636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\nvsvc32.exe[2636] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\nvsvc32.exe[2636] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\nvsvc32.exe[2636] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\nvsvc32.exe[2636] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\nvsvc32.exe[2636] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\System32\nvsvc32.exe[2636] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\nvsvc32.exe[2636] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\nvsvc32.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\System32\nvsvc32.exe[2636] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\System32\nvsvc32.exe[2636] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\nvsvc32.exe[2636] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\nvsvc32.exe[2636] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\svchost.exe[2692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2692] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[2692] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[2692] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[2692] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[2692] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[2692] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[2692] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[2692] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[2692] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[2856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[2856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[2856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[2856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[2856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[2856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[2856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[2856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[2856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\MsPMSPSv.exe[2896] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\alg.exe[3944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3944] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3944] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3944] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3944] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[3944] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[3944] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[3944] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[3944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3944] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[4012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[4012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[4012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[4012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[4012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wuauclt.exe[4012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[4012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[4012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wuauclt.exe[4012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wuauclt.exe[4012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[4012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[4012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[4012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wuauclt.exe[4012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wuauclt.exe[4012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wuauclt.exe[4012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[4012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Documents and Settings\Patrick\My Documents\Downloads\1cw9n4dk.exe[6640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Patrick\My Documents\Downloads\1cw9n4dk.exe[6640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6772] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F51A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F58B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F6B9

ptrkptz · #8 July 7th, 2012, 08:37 PM

.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002101F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002103FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 005E1014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 005E0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 005E0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 005E0C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 005E0E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005E01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005E03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 005E0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 005F0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 005F0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 005F0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005F01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6928] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 18, 00] {SUB [EAX], AL; SBB [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 18, 00] {SUB [EBX], AL; SBB [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 18, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 18, 00] {TEST AL, 0x1; SBB [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EE1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 18, 00] {TEST AL, 0x2; SBB [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 18, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 18, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EE8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 18, 00] {TEST AL, 0x0; SBB [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EFB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 18, 00] {SUB [ECX], AL; SBB [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 18, 00] {SUB [EDX], AL; SBB [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 18, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001A01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001A03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00571014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00570804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00570A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00570C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00570E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00570600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00580804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00580A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00580600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6956] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912B8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 005603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007F1014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007F0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 007F0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 007F0C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 007F0E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007F01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007F0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00800804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00800A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00800600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 008001F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7124] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 008003FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7132] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7184] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 3A, 00] {SUB [EAX], AL; CMP AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 3A, 00] {SUB [EBX], AL; CMP AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 3A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 3A, 00] {TEST AL, 0x1; CMP AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91101A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 3A, 00] {TEST AL, 0x2; CMP AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 3A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 3A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91108B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 3A, 00] {TEST AL, 0x0; CMP AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9111B9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 3A, 00] {SUB [ECX], AL; CMP AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 3A, 00] {SUB [EDX], AL; CMP AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 3A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00791014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00790804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00790A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00790C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00790E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00790600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007A0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 007A0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 007A0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007A01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7232] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007A03FC
.text C:\WINDOWS\system32\wscntfy.exe[7420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[7420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[6928] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00370010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[6956] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00310010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[7124] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 006C0010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[7232] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003E0010

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat ADAF1D20
Device \FileSystem\Fastfat \Fat ADB01428

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.15 ----

Thread System [4:156] 8A2EF260

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{970642B8-1805-C747-BF71-0AD8DF4D07F8}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{970642B8-1805-C747-BF71-0AD8DF4D07F8}@iagonldnlnglfddekf 0x6A 0x61 0x6A 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{970642B8-1805-C747-BF71-0AD8DF4D07F8}@hampdobhmioakacf 0x69 0x61 0x65 0x70 ...

---- EOF - GMER 1.0.15 ----

ptrkptz · #9 July 7th, 2012, 08:37 PM

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-07 13:44:08
-----------------------------
13:44:08.453 OS Version: Windows 5.1.2600 Service Pack 3
13:44:08.453 Number of processors: 2 586 0x304
13:44:08.453 ComputerName: PE0110 UserName:
13:44:09.328 Initialize success
13:44:09.484 AVAST engine defs: 12070700
13:44:32.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:44:32.421 Disk 0 Vendor: WDC_WD800BB-75FJA1 14.03G14 Size: 76293MB BusType: 3
13:44:32.453 Disk 0 MBR read successfully
13:44:32.453 Disk 0 MBR scan
13:44:32.453 Disk 0 Windows XP default MBR code
13:44:32.484 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
13:44:32.500 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76245 MB offset 80325
13:44:32.531 Disk 0 scanning sectors +156232125
13:44:32.906 Disk 0 scanning C:\WINDOWS\system32\drivers
13:45:41.140 Service scanning
13:46:06.578 Modules scanning
13:47:30.484 Disk 0 trace - called modules:
13:47:30.562 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:47:30.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a57aab8]
13:47:30.562 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a575b00]
13:47:31.046 AVAST engine scan C:\WINDOWS
13:48:32.781 AVAST engine scan C:\WINDOWS\system32
14:02:31.125 AVAST engine scan C:\WINDOWS\system32\drivers
14:04:23.109 AVAST engine scan C:\Documents and Settings\Patrick
14:23:17.390 AVAST engine scan C:\Documents and Settings\All Users
14:29:28.000 Scan finished successfully
14:32:28.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Patrick\Desktop\fix\MBR.dat"
14:32:28.296 The log file has been saved successfully to "C:\Documents and Settings\Patrick\Desktop\fix\aswMBR.txt"

**Jintan** · #10 July 8th, 2012, 12:41 AM

Pretty sure Gmer is showing some possible rootkit activity there, but Avast's hidden functions are stepping all over the scan log.

Please go to Start – Settings – Control Panel. Click on Add/Remove Programs, and uninstall Avast. You can always reinstall it later.

Reboot, then go here and download the avast! aswClear.exe uninstaller to your desktop, then click that to remove avast!.

Reboot.

Then run and post a new Gmer scan log please.

One other scan - close Gmer, then open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

ptrkptz · #11 July 8th, 2012, 07:32 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-08 13:28:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-75FJA1 rev.14.03G14
Running: 1cw9n4dk.exe; Driver: C:\DOCUME~1\Patrick\LOCALS~1\Temp\pxtdapog.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB9D2B340, 0xFD9DF, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x2342C0, 0xF8000020]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat AEE10D20
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.15 ----

Thread System [4:156] 8A3AB260

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{970642B8-1805-C747-BF71-0AD8DF4D07F8}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{970642B8-1805-C747-BF71-0AD8DF4D07F8}@iagonldnlnglfddekf 0x6A 0x61 0x6A 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{970642B8-1805-C747-BF71-0AD8DF4D07F8}@hampdobhmioakacf 0x69 0x61 0x65 0x70 ...

---- EOF - GMER 1.0.15 ----

ptrkptz · #12 July 8th, 2012, 07:33 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-08 13:31:35
Windows 5.1.2600 Service Pack 3
Running: 1cw9n4dk.exe; Driver: C:\DOCUME~1\Patrick\LOCALS~1\Temp\pxtdapog.sys

---- Modules - GMER 1.0.15 ----

Module drvmcdb.sys (Device Driver/Sonic Solutions) F745B000-F7470000 (86016 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F7647000-F7653000 (49152 bytes)
Module \SystemRoot\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.02 /NVIDIA Corporation) B9D2B000-B9E60000 (1265664 bytes)
Module \SystemRoot\System32\DRIVERS\HSFHWBS2.sys (HSF_HWB2 WDM driver/Conexant Systems, Inc.) B9CBF000-B9CF3000 (212992 bytes)
Module \SystemRoot\System32\DRIVERS\HSF_DP.sys (HSF_DP driver/Conexant Systems, Inc.) B9B9D000-B9C9C000 (1044480 bytes)
Module \SystemRoot\System32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) B9AF6000-B9B9D000 (684032 bytes)
Module \SystemRoot\system32\drivers\P16X.sys (WDM Audio Miniport/Creative Technology Ltd.) B99B9000-B9AF6000 (1298432 bytes)
Module \SystemRoot\System32\DRIVERS\e100b325.sys (Intel(R) PRO/100 Adapter NDIS 5.1 driver/Intel Corporation) B9971000-B9995000 (147456 bytes)
Module \SystemRoot\system32\drivers\sscdbhk5.sys (Shared Driver Component/Sonic Solutions) F79A3000-F79A5000 (8192 bytes)
Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) F7747000-F774D000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\lmimirr.sys (LogMeIn Mirror Miniport Driver/LogMeIn, Inc.) B9FC8000-B9FC9000 (4096 bytes)
Module \SystemRoot\system32\drivers\SndTDriverV32.sys (Support Device/Windows (R) 2000/XP) B98BC000-B995D000 (659456 bytes)
Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F7777000-F777C000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\omci.sys (OMCI Device Driver/Dell Computer Corporation) F77A7000-F77AC000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Cdr4_xp.SYS (CDR4 CD and DVD Place Holder Driver (see PxHelp)/Sonic Solutions) F7A99000-F7A9A000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Cdralw2k.SYS (CDRAL Place Holder Driver (see PxHelp)/Sonic Solutions) F7A9A000-F7A9B000 (4096 bytes)
Module \SystemRoot\system32\drivers\ssrtln.sys (Shared Driver Component/Sonic Solutions) F77FF000-F7805000 (24576 bytes)
Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 45.02 /NVIDIA Corporation) BF012000-BF341000 (3338240 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BF341000-BF388000 (290816 bytes)
Module \SystemRoot\system32\drivers\drvnddm.sys (Device Driver Manager/Sonic Solutions) B9815000-B981F000 (40960 bytes)
Module \SystemRoot\system32\dla\tfsndres.sys (Drive Letter Access Component/Sonic Solutions) BA037000-BA038000 (4096 bytes)
Module \SystemRoot\system32\dla\tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) AFDF3000-AFE08000 (86016 bytes)
Module \SystemRoot\system32\dla\tfsnopio.sys (Drive Letter Access Component/Sonic Solutions) AFF18000-AFF1C000 (16384 bytes)
Module \SystemRoot\system32\dla\tfsnpool.sys (Drive Letter Access Component/Sonic Solutions) F79E1000-F79E3000 (8192 bytes)
Module \SystemRoot\system32\dla\tfsnboio.sys (Drive Letter Access Component/Sonic Solutions) B97BC000-B97C3000 (28672 bytes)
Module \SystemRoot\system32\dla\tfsncofs.sys (Drive Letter Access Component/Sonic Solutions) B9805000-B980E000 (36864 bytes)
Module \SystemRoot\system32\dla\tfsndrct.sys (Drive Letter Access Component/Sonic Solutions) BA034000-BA035000 (4096 bytes)
Module \SystemRoot\system32\dla\tfsnudf.sys (Drive Letter Access Component/Sonic Solutions) AFDDA000-AFDF3000 (102400 bytes)
Module \SystemRoot\system32\dla\tfsnudfa.sys (Drive Letter Access Component/Sonic Solutions) AFDC1000-AFDDA000 (102400 bytes)
Module \SystemRoot\System32\DRIVERS\mdc8021x.sys (IEEE 802.1X Protocol Driver/Meetinghouse Data Communications) AFDB1000-AFDB5000 (16384 bytes)
Module \SystemRoot\System32\Drivers\ASCTRM.SYS (TR Manager/Windows (R) 2000 DDK provider) F7A05000-F7A07000 (8192 bytes)
Module \??\C:\Program_Files\LogMeIn\x86\RaInfo.sys (RemotelyAnywhere Kernel Information Provider/LogMeIn, Inc.) F79F5000-F79F7000 (8192 bytes)
Module \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn Rfs Drivemap Driver/LogMeIn, Inc.) AF6D5000-AF6DF000 (40960 bytes)
Module \SystemRoot\System32\DRIVERS\mdmxsdk.sys (Diagnostic Interface DRIVER/Conexant) AF65D000-AF660000 (12288 bytes)
Module \??\C:\WINDOWS\System32\PfModNT.sys (PCI/ISA Device Info. Service/Creative Technology Ltd.) AF81F000-AF821000 (8192 bytes)
Module \??\C:\DOCUME~1\Patrick\LOCALS~1\Temp\pxtdapog.sys (GMER) AEE2D000-AEE46000 (102400 bytes)
Module \SystemRoot\System32\Drivers\hiber_WMILIB.SYS F79BD000-F79BF000 (8192 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 124
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000

Process C:\WINDOWS\System32\DSentry.exe (DVDSentry/Dell - Advanced Desktop Engineering) 128
Library C:\WINDOWS\System32\DSentry.exe (DVDSentry/Dell - Advanced Desktop Engineering) 0x00400000

Process C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) 184
Library C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) 0x00400000

Process C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 212
Library C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 0x00400000

Process C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 45.02/NVIDIA Corporation) 328
Library C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 45.02/NVIDIA Corporation) 0x00400000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 484
Library C:\Program Files\Dell AIO Printer A920\dlbkmcro.dll (Dell AIO Printer A920WIA Micro Driver/Dell Computer Corporation) 0x00B20000
Library C:\Program Files\Dell AIO Printer A920\ConvDIB.dll 0x10000000
Library C:\Program Files\Dell AIO Printer A920\rtscan.dll (Rtscan.dll for J4150/Funai) 0x50000000

Process C:\WINDOWS\System32\CTsvcCDA.exe (Creative Service for CDROM Access/Creative Technology Ltd) 492
Library C:\WINDOWS\System32\CTsvcCDA.exe (Creative Service for CDROM Access/Creative Technology Ltd) 0x00400000

Process C:\WINDOWS\System32\PRISMSVR.EXE (PRISM Profiles Server Module /GlobespanVirata, Inc.) 500
Library C:\WINDOWS\System32\PRISMSVR.EXE (PRISM Profiles Server Module /GlobespanVirata, Inc.) 0x00400000
Library C:\WINDOWS\System32\AEGISE5.DLL (IEEE 802.1X Protocol/Meetinghouse Data Communications) 0x10000000
Library C:\WINDOWS\System32\SSLEAY32.dll 0x009B0000
Library C:\WINDOWS\System32\LIBEAY32.dll 0x009E0000
Library C:\WINDOWS\system32\PrismApi.DLL (PRISM COM API Interface Library/GlobespanVirata, Inc.) 0x1C000000

Process C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Update Service/Intuit Inc.) 624
Library C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Update Service/Intuit Inc.) 0x00400000

Process C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 660
Library C:\WINDOWS\system32\LMIinit.dll (LogMeIn Remote Control Helper/LogMeIn, Inc.) 0x10000000

Process C:\WINDOWS\system32\dla\tfswctrl.exe (Drive Letter Access Component/Sonic Solutions) 900
Library C:\WINDOWS\system32\dla\tfswctrl.exe (Drive Letter Access Component/Sonic Solutions) 0x00400000
Library C:\WINDOWS\system32\tfswapi.dll (Drive Letter Access Component/Sonic Solutions) 0x10000000
Library C:\WINDOWS\system32\dla\tfswcres.dll (Drive Letter Access Component/Sonic Solutions) 0x00330000

Process C:\Program Files\Common Files\Java\Java Update\jusched.exe (Java(TM) Update Scheduler/Sun Microsystems, Inc.) 936
Library C:\Program Files\Common Files\Java\Java Update\jusched.exe (Java(TM) Update Scheduler/Sun Microsystems, Inc.) 0x00400000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 988
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000

Process C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LMIGuardian/LogMeIn, Inc.) 1156
Library C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LMIGuardian/LogMeIn, Inc.) 0x00400000
Library C:\Program Files\LogMeIn\x86\LMIGuardianDll.dll (LMIGuardianDll/LogMeIn, Inc.) 0x10000000

Process C:\Program Files\Digital Line Detect\DLG.exe (Digital Line Detection/BVRP Software) 1372
Library C:\Program Files\Digital Line Detect\DLG.exe (Digital Line Detection/BVRP Software) 0x00400000
Library C:\Program Files\Digital Line Detect\BVRPDIAG.dll (BVRP Diagnostics/BVRP Software) 0x10000000
Library C:\WINDOWS\system32\MdmXSdk.dll (Diagnostic Interface DLL/Conexant) 0x003B0000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1376
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000

Process C:\WINDOWS\system32\LEXBCES.EXE (LexBce Service/Lexmark International, Inc.) 1504
Library C:\WINDOWS\system32\LEXBCES.EXE (LexBce Service/Lexmark International, Inc.) 0x00400000
Library C:\WINDOWS\system32\lexp2p32.dll (LEXP2P32 DLL/Lexmark International, Inc.) 0x10000000
Library C:\WINDOWS\system32\lex2kusb.dll (LEX2KUSB DLL/Lexmark International, Inc.) 0x01150000

Process C:\WINDOWS\system32\LEXPPS.EXE (LEXPPS.EXE/Lexmark International, Inc.) 1536
Library C:\WINDOWS\system32\LEXPPS.EXE (LEXPPS.EXE/Lexmark International, Inc.) 0x00400000
Library C:\WINDOWS\system32\LEXBCE.DLL (LexBce Client/Lexmark International, Inc.) 0x63000000

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1544
Library C:\WINDOWS\system32\cpwmon2k.dll 0x10000000
Library C:\WINDOWS\system32\LEXLMPM.DLL (LEXLMPM DLL/Lexmark International, Inc.) 0x00BC0000
Library C:\WINDOWS\system32\LexBce.dll (LexBce Client/Lexmark International, Inc.) 0x63000000
Library C:\WINDOWS\system32\LMIport.dll (RemotelyAnywhere Printer Port Monitor/LogMeIn, Inc.) 0x50400000
Library C:\WINDOWS\system32\mdimon.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00DE0000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBKPP5C .dll 0x00E70000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp5in .DLL (Hewlett-Packard Corporation) 0x00E90000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LMIproc. dll (RemotelyAnywhere Print Processor/LogMeIn, Inc.) 0x6A900000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.d ll (Microsoft® Document Imaging/Microsoft Corporation) 0x00EE0000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpi pelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000
Library C:\WINDOWS\system32\DLBKpwr.dll (POR Monitor/Dell Computer Corporation) 0x019E0000

Process C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 1688
Library C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000

Process C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn Maintenance Service/LogMeIn, Inc.) 1700
Library C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn Maintenance Service/LogMeIn, Inc.) 0x00400000

Process C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn/LogMeIn, Inc.) 1808
Library C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn/LogMeIn, Inc.) 0x00400000
Library C:\Program Files\LogMeIn\x86\LogMeIn.dll (LogMeIn/LogMeIn, Inc.) 0x10000000
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000
Library C:\Program Files\LogMeIn\x86\ICSAgent32.dll 0x019F0000

Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1888
Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000
Library C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn Rfs Client Network Provider/LogMeIn, Inc.) 0x02770000
Library C:\WINDOWS\system32\dla\tfswshx.dll (Drive Letter Access Component/Sonic Solutions) 0x00C80000
Library C:\WINDOWS\system32\tfswapi.dll (Drive Letter Access Component/Sonic Solutions) 0x00BB0000
Library C:\WINDOWS\system32\dla\tfswcres.dll (Drive Letter Access Component/Sonic Solutions) 0x02540000

Process C:\WINDOWS\system32\notepad.exe (Notepad/Microsoft Corporation) 2564
Library C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn Rfs Client Network Provider/LogMeIn, Inc.) 0x10000000

Process C:\Documents and Settings\Patrick\My Documents\Downloads\1cw9n4dk.exe 4044
Library C:\Documents and Settings\Patrick\My Documents\Downloads\1cw9n4dk.exe 0x00400000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [DISABLED] AliIde
Service C:\WINDOWS\System32\DRIVERS\amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) [DISABLED] amdagp
Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\WINDOWS\System32\DRIVERS\asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) [DISABLED] asc
Service C:\WINDOWS\System32\DRIVERS\asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) [DISABLED] asc3550
Service (TR Manager/Windows (R) 2000 DDK provider) [AUTO] ASCTRM
Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service [MANUAL] bvrp_pci
Service (CDR4 CD and DVD Place Holder Driver (see PxHelp)/Sonic Solutions) [SYSTEM] Cdr4_xp
Service (CDRAL Place Holder Driver (see PxHelp)/Sonic Solutions) [SYSTEM] Cdralw2k
Service C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [DISABLED] CmdIde
Service C:\WINDOWS\System32\CTsvcCDA.exe (Creative Service for CDROM Access/Creative Technology Ltd) [AUTO] Creative Service for CDROM Access
Service C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) [DISABLED] dac2w2k
Service [MANUAL] Dcpsecastmm
Service C:\WINDOWS\System32\DRIVERS\PRISMA02.sys (PRISM Wireless NDIS 5.1 Driver/GlobespanVirata, Inc.) [MANUAL] DELL_A02
Service C:\WINDOWS\system32\drivers\drvmcdb.sys (Device Driver/Sonic Solutions) [BOOT] drvmcdb
Service drvncdb
Service C:\WINDOWS\system32\drivers\drvnddm.sys (Device Driver Manager/Sonic Solutions) [AUTO] drvnddm
Service C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel(R) PRO/100 Adapter NDIS 5.1 driver/Intel Corporation) [MANUAL] E100B
Service fwdrv
Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [AUTO] gupdate
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [MANUAL] gupdatem
Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [AUTO] gusvc
Service C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (HSF_HWB2 WDM driver/Conexant Systems, Inc.) [MANUAL] HSFHWBS2
Service C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DP
Service ILADFtmi
Service C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (IMAPI Helper component/Alex Feinman) [MANUAL] Imapi Helper
Service ImapiHelper
Service C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Update Service/Intuit Inc.) [AUTO] IntuitUpdateServiceV4
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service khips
Service C:\WINDOWS\system32\LEXBCES.EXE (LexBce Service/Lexmark International, Inc.) [AUTO] LexBceS
Service C:\Program Files\LogMeIn\x86\RaInfo.sys (RemotelyAnywhere Kernel Information Provider/LogMeIn, Inc.) [AUTO] LMIInfo
Service C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn Maintenance Service/LogMeIn, Inc.) [AUTO] LMIMaint
Service C:\WINDOWS\system32\DRIVERS\lmimirr.sys (LogMeIn Mirror Miniport Driver/LogMeIn, Inc.) [MANUAL] lmimirr
Service C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn Rfs Drivemap Driver/LogMeIn, Inc.) [AUTO] LMIRfsDriver
Service C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn/LogMeIn, Inc.) [AUTO] LogMeIn
Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [MANUAL] Macromedia Licensing Service
Service C:\WINDOWS\System32\DRIVERS\mdc8021x.sys (IEEE 802.1X Protocol Driver/Meetinghouse Data Communications) [AUTO] MDC8021X
Service C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Diagnostic Interface DRIVER/Conexant) [AUTO] mdmxsdk
Service C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) [MANUAL] MozillaMaintenance
Service C:\WINDOWS\System32\DRIVERS\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) [DISABLED] mraid35x
Service MSDTC Bridge 3.0.0.0
Service MSDTC Bridge 4.0.0.0
Service C:\Program Files\Intel\NCS\Sync\NetSvc.exe (NetSvc Module/Intel(R) Corporation) [MANUAL] NetSvc
Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.02 /NVIDIA Corporation) [MANUAL] nv
Service C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 45.02/NVIDIA Corporation) [AUTO] NVSvc
Service C:\WINDOWS\System32\DRIVERS\omci.sys (OMCI Device Driver/Dell Computer Corporation) [SYSTEM] omci
Service Outlook
Service C:\WINDOWS\system32\drivers\P16X.sys (WDM Audio Miniport/Creative Technology Ltd.) [MANUAL] P16X
Service C:\WINDOWS\System32\PfModNT.sys (PCI/ISA Device Info. Service/Creative Technology Ltd.) [AUTO] PfModNT
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\WINDOWS\System32\DRIVERS\ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql1080
Service C:\WINDOWS\System32\DRIVERS\ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql12160
Service C:\WINDOWS\System32\DRIVERS\ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql1280
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\Program Files\SensorsViewPro41\drv\sensorsview32.sys [SYSTEM] sensorsview
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelEndpoint 4.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelOperation 4.0.0.0
Service ServiceModelService 3.0.0.0
Service ServiceModelService 4.0.0.0
Service C:\WINDOWS\System32\DRIVERS\sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) [DISABLED] sisagp
Service SMSvcHost 3.0.0.0
Service SMSvcHost 4.0.0.0
Service C:\WINDOWS\system32\drivers\SndTDriverV32.sys (Support Device/Windows (R) 2000/XP) [MANUAL] SndTDriverV32
Service C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\sscdbhk5.sys (Shared Driver Component/Sonic Solutions) [SYSTEM] sscdbhk5
Service C:\WINDOWS\system32\DRIVERS\sscdbus.sys (SAMSUNG USB Composite Device Driver/MCCI) [MANUAL] sscdbus
Service C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys (SAMSUNG CDMA Modem Filter Driver/MCCI) [MANUAL] sscdmdfl
Service C:\WINDOWS\system32\DRIVERS\sscdmdm.sys (SAMSUNG CDMA Modem WDM/MCCI) [MANUAL] sscdmdm
Service C:\WINDOWS\system32\DRIVERS\sscdserd.sys (SAMSUNG CDMA Modem Diagnostic Serial Port Device Driver/MCCI) [MANUAL] sscdserd
Service C:\WINDOWS\system32\drivers\ssrtln.sys (Shared Driver Component/Sonic Solutions) [SYSTEM] ssrtln
Service C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) [DISABLED] symc810
Service C:\WINDOWS\System32\DRIVERS\symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] symc8xx
Service C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Norton Security Center Service/Symantec Corporation) [AUTO] SymWSC
Service C:\WINDOWS\System32\DRIVERS\sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] sym_hi
Service C:\WINDOWS\System32\DRIVERS\sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) [DISABLED] sym_u3
Service C:\WINDOWS\System32\drivers\sysid.sys [MANUAL] sysid
Service C:\WINDOWS\system32\drivers\tbhsd.sys (Tunebite High-Speed Dubbing/RapidSolution Software AG) [MANUAL] tbhsd
Service C:\WINDOWS\system32\dla\tfsnboio.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsnboio
Service C:\WINDOWS\system32\dla\tfsncofs.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsncofs
Service C:\WINDOWS\system32\dla\tfsndrct.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsndrct
Service C:\WINDOWS\system32\dla\tfsndres.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsndres
Service C:\WINDOWS\system32\dla\tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsnifs
Service C:\WINDOWS\system32\dla\tfsnopio.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsnopio
Service C:\WINDOWS\system32\dla\tfsnpool.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsnpool
Service C:\WINDOWS\system32\dla\tfsnudf.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsnudf
Service C:\WINDOWS\system32\dla\tfsnudfa.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsnudfa
Service C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Ultra66 Miniport Driver/Promise Technology, Inc.) [DISABLED] ultra
Service C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL
Service C:\WINDOWS\System32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [DISABLED] ViaIde
Service System32\DRIVERS\wanatw4.sys [MANUAL] wanatw
Service C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf
Service Windows Workflow Foundation 3.0.0.0
Service C:\WINDOWS\system32\DRIVERS\wpdusb.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] WpdUsb

---- EOF - GMER 1.0.15 ----

**Jintan** · #13 July 9th, 2012, 02:03 AM

One unknown running thread, and this unknown driver:

Service [MANUAL] Dcpsecastmm

And some Sunbelt remnant:

Service khips

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested.
When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.

ptrkptz · #14 July 10th, 2012, 03:00 AM

Jintan,

Here are the results:

20:59:28.0062 2628 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
20:59:28.0390 2628 ================================================== ==========
20:59:28.0390 2628 Current date / time: 2012/07/09 20:59:28.0390
20:59:28.0390 2628 SystemInfo:
20:59:28.0390 2628
20:59:28.0390 2628 OS Version: 5.1.2600 ServicePack: 3.0
20:59:28.0390 2628 Product type: Workstation
20:59:28.0390 2628 ComputerName: PE0110
20:59:28.0390 2628 UserName: Patrick
20:59:28.0390 2628 Windows directory: C:\WINDOWS
20:59:28.0390 2628 System windows directory: C:\WINDOWS
20:59:28.0390 2628 Processor architecture: Intel x86
20:59:28.0390 2628 Number of processors: 2
20:59:28.0390 2628 Page size: 0x1000
20:59:28.0390 2628 Boot type: Normal boot
20:59:28.0390 2628 ================================================== ==========
20:59:31.0953 2628 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:59:31.0968 2628 ================================================== ==========
20:59:31.0968 2628 \Device\Harddisk0\DR0:
20:59:31.0968 2628 MBR partitions:
20:59:31.0968 2628 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x94EAFF8
20:59:31.0968 2628 ================================================== ==========
20:59:32.0000 2628 C: <-> \Device\Harddisk0\DR0\Partition0
20:59:32.0000 2628 ================================================== ==========
20:59:32.0000 2628 Initialize success
20:59:32.0000 2628 ================================================== ==========
20:59:34.0359 1812 ================================================== ==========
20:59:34.0359 1812 Scan started
20:59:34.0359 1812 Mode: Manual;
20:59:34.0359 1812 ================================================== ==========
20:59:36.0000 1812 Abiosdsk - ok
20:59:36.0031 1812 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
20:59:36.0046 1812 abp480n5 - ok
20:59:36.0078 1812 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:59:36.0109 1812 ACPI - ok
20:59:36.0156 1812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:59:36.0156 1812 ACPIEC - ok
20:59:36.0187 1812 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
20:59:36.0203 1812 adpu160m - ok
20:59:36.0265 1812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:59:36.0265 1812 aec - ok
20:59:36.0312 1812 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:59:36.0328 1812 AFD - ok
20:59:36.0359 1812 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
20:59:36.0359 1812 agp440 - ok
20:59:36.0390 1812 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
20:59:36.0406 1812 agpCPQ - ok
20:59:36.0437 1812 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
20:59:36.0437 1812 Aha154x - ok
20:59:36.0468 1812 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
20:59:36.0468 1812 aic78u2 - ok
20:59:36.0500 1812 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
20:59:36.0515 1812 aic78xx - ok
20:59:36.0546 1812 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:59:36.0546 1812 Alerter - ok
20:59:36.0578 1812 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:59:36.0578 1812 ALG - ok
20:59:36.0593 1812 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
20:59:36.0593 1812 AliIde - ok
20:59:36.0609 1812 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
20:59:36.0609 1812 alim1541 - ok
20:59:36.0656 1812 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
20:59:36.0656 1812 amdagp - ok
20:59:36.0671 1812 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
20:59:36.0671 1812 amsint - ok
20:59:36.0812 1812 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:59:36.0828 1812 Apple Mobile Device - ok
20:59:36.0875 1812 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:59:36.0906 1812 AppMgmt - ok
20:59:36.0953 1812 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
20:59:36.0953 1812 asc - ok
20:59:36.0968 1812 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
20:59:36.0968 1812 asc3350p - ok
20:59:37.0000 1812 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
20:59:37.0000 1812 asc3550 - ok
20:59:37.0046 1812 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
20:59:37.0046 1812 ASCTRM - ok
20:59:37.0156 1812 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe
20:59:37.0234 1812 aspnet_state - ok
20:59:37.0250 1812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:59:37.0250 1812 AsyncMac - ok
20:59:37.0281 1812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:59:37.0281 1812 atapi - ok
20:59:37.0281 1812 Atdisk - ok
20:59:37.0312 1812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:59:37.0312 1812 Atmarpc - ok
20:59:37.0343 1812 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:59:37.0343 1812 AudioSrv - ok
20:59:37.0406 1812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:59:37.0406 1812 audstub - ok
20:59:37.0468 1812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:59:37.0468 1812 Beep - ok
20:59:37.0531 1812 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:59:37.0625 1812 BITS - ok
20:59:37.0687 1812 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
20:59:37.0703 1812 Bonjour Service - ok
20:59:37.0750 1812 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:59:37.0750 1812 Browser - ok
20:59:37.0750 1812 bvrp_pci - ok
20:59:37.0812 1812 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
20:59:37.0812 1812 cbidf - ok
20:59:37.0812 1812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:59:37.0812 1812 cbidf2k - ok
20:59:37.0843 1812 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
20:59:37.0843 1812 cd20xrnt - ok
20:59:37.0890 1812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:59:37.0890 1812 Cdaudio - ok
20:59:37.0937 1812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:59:37.0937 1812 Cdfs - ok
20:59:37.0968 1812 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
20:59:37.0968 1812 Cdr4_xp - ok
20:59:37.0968 1812 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
20:59:37.0968 1812 Cdralw2k - ok
20:59:37.0984 1812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:59:37.0984 1812 Cdrom - ok
20:59:38.0000 1812 Changer - ok
20:59:38.0046 1812 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:59:38.0062 1812 CiSvc - ok
20:59:38.0093 1812 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:59:38.0109 1812 ClipSrv - ok
20:59:38.0187 1812 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
20:59:38.0296 1812 clr_optimization_v2.0.50727_32 - ok
20:59:38.0375 1812 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
20:59:38.0375 1812 clr_optimization_v4.0.30319_32 - ok
20:59:38.0390 1812 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:59:38.0390 1812 CmBatt - ok
20:59:38.0421 1812 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
20:59:38.0421 1812 CmdIde - ok
20:59:38.0453 1812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:59:38.0453 1812 Compbatt - ok
20:59:38.0468 1812 COMSysApp - ok
20:59:38.0484 1812 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
20:59:38.0484 1812 Cpqarray - ok
20:59:38.0546 1812 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\System32\CTsvcCDA.exe
20:59:38.0546 1812 Creative Service for CDROM Access - ok
20:59:38.0593 1812 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:59:38.0593 1812 CryptSvc - ok
20:59:38.0671 1812 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
20:59:38.0671 1812 dac2w2k - ok
20:59:38.0687 1812 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
20:59:38.0687 1812 dac960nt - ok
20:59:38.0750 1812 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:59:38.0750 1812 DcomLaunch - ok
20:59:38.0859 1812 DELL_A02 (3102f13afdcdfbfe1467bf03bf027cb1) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
20:59:38.0875 1812 DELL_A02 - ok
20:59:38.0921 1812 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:59:38.0921 1812 Dhcp - ok
20:59:38.0937 1812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:59:38.0937 1812 Disk - ok
20:59:38.0937 1812 dmadmin - ok
20:59:39.0015 1812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:59:39.0078 1812 dmboot - ok
20:59:39.0109 1812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:59:39.0125 1812 dmio - ok
20:59:39.0156 1812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:59:39.0156 1812 dmload - ok
20:59:39.0203 1812 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:59:39.0203 1812 dmserver - ok
20:59:39.0234 1812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:59:39.0250 1812 DMusic - ok
20:59:39.0296 1812 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:59:39.0296 1812 Dnscache - ok
20:59:39.0375 1812 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:59:39.0375 1812 Dot3svc - ok
20:59:39.0406 1812 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
20:59:39.0406 1812 dpti2o - ok
20:59:39.0453 1812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:59:39.0453 1812 drmkaud - ok
20:59:39.0500 1812 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
20:59:39.0515 1812 drvmcdb - ok
20:59:39.0515 1812 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
20:59:39.0531 1812 drvnddm - ok
20:59:39.0578 1812 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:59:39.0578 1812 E100B - ok
20:59:39.0625 1812 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:59:39.0625 1812 EapHost - ok
20:59:39.0750 1812 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:59:39.0765 1812 ERSvc - ok
20:59:39.0984 1812 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:59:40.0031 1812 Eventlog - ok
20:59:40.0078 1812 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
20:59:40.0093 1812 EventSystem - ok
20:59:40.0125 1812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:59:40.0125 1812 Fastfat - ok
20:59:40.0171 1812 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:59:40.0171 1812 FastUserSwitchingCompatibility - ok
20:59:40.0234 1812 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
20:59:40.0234 1812 Fax - ok
20:59:40.0265 1812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:59:40.0265 1812 Fdc - ok
20:59:40.0296 1812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:59:40.0296 1812 Fips - ok
20:59:40.0312 1812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:59:40.0312 1812 Flpydisk - ok
20:59:40.0359 1812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:59:40.0359 1812 FltMgr - ok
20:59:40.0531 1812 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
20:59:40.0531 1812 FontCache3.0.0.0 - ok
20:59:40.0562 1812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:59:40.0578 1812 Fs_Rec - ok
20:59:40.0625 1812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:59:40.0640 1812 Ftdisk - ok
20:59:40.0671 1812 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:59:40.0671 1812 gameenum - ok
20:59:40.0718 1812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:59:40.0718 1812 GEARAspiWDM - ok
20:59:40.0750 1812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:59:40.0750 1812 Gpc - ok
20:59:40.0890 1812 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:59:40.0890 1812 gupdate - ok
20:59:40.0906 1812 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:59:40.0906 1812 gupdatem - ok
20:59:40.0984 1812 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:59:40.0984 1812 gusvc - ok
20:59:41.0078 1812 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:59:41.0078 1812 helpsvc - ok
20:59:41.0078 1812 HidServ - ok
20:59:41.0140 1812 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:59:41.0140 1812 hkmsvc - ok
20:59:41.0187 1812 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
20:59:41.0187 1812 hpn - ok
20:59:41.0250 1812 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
20:59:41.0265 1812 HSFHWBS2 - ok
20:59:41.0375 1812 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:59:41.0437 1812 HSF_DP - ok
20:59:41.0531 1812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:59:41.0546 1812 HTTP - ok
20:59:41.0593 1812 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:59:41.0609 1812 HTTPFilter - ok
20:59:41.0625 1812 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:59:41.0625 1812 i2omgmt - ok
20:59:41.0656 1812 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
20:59:41.0656 1812 i2omp - ok
20:59:41.0687 1812 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:59:41.0687 1812 i8042prt - ok
20:59:41.0843 1812 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:59:41.0921 1812 idsvc - ok
20:59:41.0968 1812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:59:41.0984 1812 Imapi - ok
20:59:42.0125 1812 Imapi Helper (1acad13923e467e473c3ec503223f983) C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
20:59:42.0125 1812 Imapi Helper - ok
20:59:42.0171 1812 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
20:59:42.0171 1812 ImapiService - ok
20:59:42.0203 1812 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
20:59:42.0218 1812 ini910u - ok
20:59:42.0218 1812 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
20:59:42.0218 1812 IntelIde - ok
20:59:42.0250 1812 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:59:42.0250 1812 intelppm - ok
20:59:42.0328 1812 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
20:59:42.0328 1812 IntuitUpdateServiceV4 - ok
20:59:42.0343 1812 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:59:42.0343 1812 ip6fw - ok
20:59:42.0375 1812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:59:42.0375 1812 IpFilterDriver - ok
20:59:42.0375 1812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:59:42.0375 1812 IpInIp - ok
20:59:42.0421 1812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:59:42.0437 1812 IpNat - ok
20:59:42.0531 1812 iPod Service (32cdedd15e2d1a557cd54552ae78ff86) C:\Program Files\iPod\bin\iPodService.exe
20:59:42.0578 1812 iPod Service - ok
20:59:42.0656 1812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:59:42.0656 1812 IPSec - ok
20:59:42.0687 1812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:59:42.0687 1812 IRENUM - ok
20:59:42.0734 1812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:59:42.0734 1812 isapnp - ok
20:59:42.0937 1812 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe
20:59:42.0953 1812 JavaQuickStarterService - ok
20:59:42.0984 1812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:59:42.0984 1812 Kbdclass - ok
20:59:43.0031 1812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:59:43.0046 1812 kmixer - ok
20:59:43.0078 1812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:59:43.0078 1812 KSecDD - ok
20:59:43.0109 1812 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:59:43.0109 1812 lanmanserver - ok
20:59:43.0171 1812 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:59:43.0171 1812 lanmanworkstation - ok
20:59:43.0171 1812 lbrtfdc - ok
20:59:43.0343 1812 LexBceS (a249f60c0ebfa1941ed0e486700d3228) C:\WINDOWS\system32\LEXBCES.EXE
20:59:43.0359 1812 LexBceS - ok
20:59:43.0406 1812 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:59:43.0421 1812 LmHosts - ok
20:59:43.0484 1812 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
20:59:43.0484 1812 LMIInfo - ok
20:59:43.0546 1812 LMIMaint (500f1e4461075d602ce77109a9a3d634) C:\Program Files\LogMeIn\x86\RaMaint.exe
20:59:43.0546 1812 LMIMaint - ok
20:59:43.0578 1812 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
20:59:43.0578 1812 lmimirr - ok
20:59:43.0593 1812 LMIRfsClientNP - ok
20:59:43.0656 1812 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
20:59:43.0656 1812 LMIRfsDriver - ok
20:59:43.0718 1812 LogMeIn (9015122d04c195bdab88febcbae229db) C:\Program Files\LogMeIn\x86\LogMeIn.exe
20:59:43.0718 1812 LogMeIn - ok
20:59:43.0796 1812 Macromedia Licensing Service (04d3a71875699098af856ee5f9f72ac3) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
20:59:43.0812 1812 Macromedia Licensing Service - ok
20:59:43.0859 1812 MDC8021X (f12d725eec3f7ed8e8c554c48bb2ba2e) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
20:59:43.0859 1812 MDC8021X - ok
20:59:43.0906 1812 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:59:43.0906 1812 mdmxsdk - ok
20:59:43.0953 1812 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:59:43.0968 1812 Messenger - ok
20:59:44.0187 1812 Microsoft SharePoint Workspace Audit Service - ok
20:59:44.0234 1812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:59:44.0234 1812 mnmdd - ok
20:59:44.0281 1812 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
20:59:44.0281 1812 mnmsrvc - ok
20:59:44.0343 1812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:59:44.0343 1812 Modem - ok
20:59:44.0406 1812 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:59:44.0406 1812 MODEMCSA - ok
20:59:44.0421 1812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:59:44.0421 1812 Mouclass - ok
20:59:44.0437 1812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:59:44.0437 1812 MountMgr - ok
20:59:44.0468 1812 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:59:44.0484 1812 MozillaMaintenance - ok
20:59:44.0515 1812 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
20:59:44.0515 1812 mraid35x - ok
20:59:44.0578 1812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:59:44.0593 1812 MRxDAV - ok
20:59:44.0687 1812 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:59:44.0703 1812 MRxSmb - ok
20:59:44.0718 1812 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
20:59:44.0718 1812 MSDTC - ok
20:59:44.0734 1812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:59:44.0734 1812 Msfs - ok
20:59:44.0734 1812 MSIServer - ok
20:59:44.0828 1812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:59:44.0828 1812 MSKSSRV - ok
20:59:44.0828 1812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:59:44.0828 1812 MSPCLOCK - ok
20:59:44.0843 1812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:59:44.0843 1812 MSPQM - ok
20:59:44.0890 1812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:59:44.0890 1812 mssmbios - ok
20:59:44.0921 1812 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:59:44.0937 1812 Mup - ok
20:59:44.0984 1812 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:59:45.0000 1812 napagent - ok
20:59:45.0031 1812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:59:45.0046 1812 NDIS - ok
20:59:45.0078 1812 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:59:45.0078 1812 NdisTapi - ok
20:59:45.0125 1812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:59:45.0125 1812 Ndisuio - ok
20:59:45.0140 1812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:59:45.0140 1812 NdisWan - ok
20:59:45.0171 1812 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:59:45.0187 1812 NDProxy - ok
20:59:45.0203 1812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:59:45.0218 1812 NetBIOS - ok
20:59:45.0234 1812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:59:45.0250 1812 NetBT - ok
20:59:45.0296 1812 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:59:45.0296 1812 NetDDE - ok
20:59:45.0296 1812 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:59:45.0312 1812 NetDDEdsdm - ok
20:59:45.0375 1812 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
20:59:45.0375 1812 Netlogon - ok
20:59:45.0437 1812 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:59:45.0453 1812 Netman - ok
20:59:45.0656 1812 NetSvc (737351f39fef765234037770abdd72bd) C:\Program Files\Intel\NCS\Sync\NetSvc.exe
20:59:45.0656 1812 NetSvc - ok
20:59:45.0750 1812 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:59:45.0750 1812 NetTcpPortSharing - ok
20:59:45.0796 1812 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:59:45.0796 1812 Nla - ok
20:59:45.0828 1812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:59:45.0828 1812 Npfs - ok
20:59:45.0890 1812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:59:45.0906 1812 Ntfs - ok
20:59:45.0968 1812 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
20:59:45.0968 1812 NtLmSsp - ok
20:59:46.0046 1812 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:59:46.0062 1812 NtmsSvc - ok
20:59:46.0125 1812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:59:46.0125 1812 Null - ok
20:59:46.0250 1812 nv (66c90afbf0d10a93789f6544be459e72) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:59:46.0265 1812 nv - ok
20:59:46.0312 1812 NVSvc (557015b4919c4a688771221c1338eed0) C:\WINDOWS\System32\nvsvc32.exe
20:59:46.0312 1812 NVSvc - ok
20:59:46.0406 1812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:59:46.0406 1812 NwlnkFlt - ok
20:59:46.0406 1812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:59:46.0421 1812 NwlnkFwd - ok
20:59:46.0468 1812 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
20:59:46.0468 1812 omci - ok
20:59:46.0609 1812 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:59:46.0609 1812 ose - ok
20:59:47.0265 1812 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E
20:59:47.0750 1812 osppsvc - ok
20:59:48.0062 1812 P16X (13026e137486d916a0677d276144ea7f) C:\WINDOWS\system32\drivers\P16X.sys
20:59:48.0109 1812 P16X - ok
20:59:48.0156 1812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:59:48.0156 1812 Parport - ok
20:59:48.0171 1812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:59:48.0187 1812 PartMgr - ok
20:59:48.0234 1812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:59:48.0234 1812 ParVdm - ok
20:59:48.0250 1812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:59:48.0250 1812 PCI - ok
20:59:48.0265 1812 PCIDump - ok
20:59:48.0296 1812 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:59:48.0296 1812 PCIIde - ok
20:59:48.0343 1812 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:59:48.0343 1812 Pcmcia - ok
20:59:48.0359 1812 PDCOMP - ok
20:59:48.0375 1812 PDFRAME - ok
20:59:48.0375 1812 PDRELI - ok
20:59:48.0390 1812 PDRFRAME - ok
20:59:48.0421 1812 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
20:59:48.0421 1812 perc2 - ok
20:59:48.0437 1812 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
20:59:48.0437 1812 perc2hib - ok
20:59:48.0484 1812 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
20:59:48.0500 1812 PfModNT - ok
20:59:48.0531 1812 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:59:48.0531 1812 PlugPlay - ok
20:59:48.0578 1812 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\WINDOWS\system32\HPZipm12.dll
20:59:48.0578 1812 Pml Driver HPZ12 - ok
20:59:48.0609 1812 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
20:59:48.0609 1812 PolicyAgent - ok
20:59:48.0656 1812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:59:48.0656 1812 PptpMiniport - ok
20:59:48.0671 1812 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:59:48.0671 1812 Processor - ok
20:59:48.0687 1812 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:59:48.0687 1812 ProtectedStorage - ok
20:59:48.0687 1812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:59:48.0703 1812 PSched - ok
20:59:48.0750 1812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:59:48.0765 1812 Ptilink - ok
20:59:48.0812 1812 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:59:48.0812 1812 PxHelp20 - ok
20:59:48.0875 1812 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
20:59:48.0875 1812 ql1080 - ok
20:59:48.0906 1812 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
20:59:48.0906 1812 Ql10wnt - ok
20:59:48.0937 1812 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
20:59:48.0937 1812 ql12160 - ok
20:59:48.0953 1812 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
20:59:48.0953 1812 ql1240 - ok
20:59:48.0968 1812 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
20:59:48.0968 1812 ql1280 - ok
20:59:49.0031 1812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:59:49.0031 1812 RasAcd - ok
20:59:49.0062 1812 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:59:49.0062 1812 RasAuto - ok
20:59:49.0125 1812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:59:49.0125 1812 Rasl2tp - ok
20:59:49.0187 1812 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:59:49.0187 1812 RasMan - ok
20:59:49.0218 1812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:59:49.0218 1812 RasPppoe - ok
20:59:49.0218 1812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:59:49.0234 1812 Raspti - ok
20:59:49.0265 1812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:59:49.0281 1812 Rdbss - ok
20:59:49.0296 1812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:59:49.0296 1812 RDPCDD - ok
20:59:49.0328 1812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:59:49.0343 1812 rdpdr - ok
20:59:49.0390 1812 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:59:49.0390 1812 RDPWD - ok
20:59:49.0437 1812 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:59:49.0437 1812 RDSessMgr - ok
20:59:49.0468 1812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:59:49.0484 1812 redbook - ok
20:59:49.0531 1812 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:59:49.0531 1812 RemoteAccess - ok
20:59:49.0578 1812 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:59:49.0578 1812 RemoteRegistry - ok
20:59:49.0625 1812 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
20:59:49.0625 1812 RpcLocator - ok
20:59:49.0750 1812 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:59:49.0750 1812 RpcSs - ok
20:59:49.0812 1812 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
20:59:49.0812 1812 RSVP - ok
20:59:49.0875 1812 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:59:49.0875 1812 SamSs - ok
20:59:49.0906 1812 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:59:49.0906 1812 SCardSvr - ok
20:59:49.0968 1812 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:59:49.0984 1812 Schedule - ok
20:59:50.0015 1812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:59:50.0031 1812 Secdrv - ok
20:59:50.0062 1812 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:59:50.0062 1812 seclogon - ok
20:59:50.0109 1812 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:59:50.0109 1812 SENS - ok
20:59:50.0171 1812 sensorsview - ok
20:59:50.0218 1812 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:59:50.0250 1812 serenum - ok
20:59:50.0296 1812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:59:50.0296 1812 Serial - ok
20:59:50.0359 1812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:59:50.0359 1812 Sfloppy - ok
20:59:50.0421 1812 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:59:50.0437 1812 SharedAccess - ok
20:59:50.0484 1812 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:59:50.0500 1812 ShellHWDetection - ok
20:59:50.0500 1812 Simbad - ok
20:59:50.0578 1812 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
20:59:50.0578 1812 sisagp - ok
20:59:50.0656 1812 SndTDriverV32 (69a734ac61daf2107fa39ef4ebb0219d) C:\WINDOWS\system32\drivers\SndTDriverV32.sys
20:59:50.0671 1812 SndTDriverV32 - ok
20:59:50.0703 1812 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
20:59:50.0703 1812 Sparrow - ok
20:59:50.0750 1812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:59:50.0750 1812 splitter - ok
20:59:50.0796 1812 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:59:50.0796 1812 Spooler - ok
20:59:50.0828 1812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:59:50.0828 1812 sr - ok
20:59:50.0875 1812 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
20:59:50.0875 1812 srservice - ok
20:59:50.0921 1812 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:59:50.0937 1812 Srv - ok
20:59:50.0968 1812 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:59:50.0968 1812 sscdbhk5 - ok
20:59:51.0015 1812 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
20:59:51.0015 1812 sscdbus - ok
20:59:51.0078 1812 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
20:59:51.0078 1812 sscdmdfl - ok
20:59:51.0125 1812 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
20:59:51.0125 1812 sscdmdm - ok
20:59:51.0187 1812 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
20:59:51.0187 1812 sscdserd - ok
20:59:51.0234 1812 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:59:51.0250 1812 SSDPSRV - ok
20:59:51.0250 1812 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
20:59:51.0250 1812 ssrtln - ok
20:59:51.0296 1812 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:59:51.0312 1812 stisvc - ok
20:59:51.0375 1812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:59:51.0375 1812 swenum - ok
20:59:51.0390 1812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:59:51.0390 1812 swmidi - ok
20:59:51.0406 1812 SwPrv - ok
20:59:51.0468 1812 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
20:59:51.0468 1812 symc810 - ok
20:59:51.0468 1812 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
20:59:51.0484 1812 symc8xx - ok
20:59:51.0703 1812 SymWSC (67c5af84809468061121fbcbecb19285) C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
20:59:51.0703 1812 SymWSC - ok
20:59:51.0734 1812 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
20:59:51.0750 1812 sym_hi - ok
20:59:51.0750 1812 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
20:59:51.0750 1812 sym_u3 - ok
20:59:51.0796 1812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:59:51.0812 1812 sysaudio - ok
20:59:51.0843 1812 sysid (b69dad08e137341495b7edb412f20dbf) C:\WINDOWS\System32\drivers\sysid.sys
20:59:51.0843 1812 sysid - ok
20:59:51.0906 1812 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:59:51.0921 1812 SysmonLog - ok
20:59:51.0968 1812 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:59:51.0984 1812 TapiSrv - ok
20:59:52.0015 1812 tbhsd (e6b32b84d8c502a66432244e74445bb4) C:\WINDOWS\system32\drivers\tbhsd.sys
20:59:52.0015 1812 tbhsd - ok
20:59:52.0093 1812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:59:52.0093 1812 Tcpip - ok
20:59:52.0156 1812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:59:52.0156 1812 TDPIPE - ok
20:59:52.0171 1812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:59:52.0171 1812 TDTCP - ok
20:59:52.0203 1812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:59:52.0203 1812 TermDD - ok
20:59:52.0265 1812 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:59:52.0281 1812 TermService - ok
20:59:52.0328 1812 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
20:59:52.0328 1812 tfsnboio - ok
20:59:52.0343 1812 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
20:59:52.0343 1812 tfsncofs - ok
20:59:52.0343 1812 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
20:59:52.0343 1812 tfsndrct - ok
20:59:52.0375 1812 tfsndres (0d863d020633025f1e4ad3e0e325d503) C:\WINDOWS\system32\dla\tfsndres.sys
20:59:52.0390 1812 tfsndres - ok
20:59:52.0390 1812 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
20:59:52.0390 1812 tfsnifs - ok
20:59:52.0484 1812 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
20:59:52.0484 1812 tfsnopio - ok
20:59:52.0484 1812 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
20:59:52.0484 1812 tfsnpool - ok
20:59:52.0515 1812 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
20:59:52.0515 1812 tfsnudf - ok
20:59:52.0531 1812 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
20:59:52.0531 1812 tfsnudfa - ok
20:59:52.0578 1812 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:59:52.0578 1812 Themes - ok
20:59:52.0625 1812 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
20:59:52.0640 1812 TlntSvr - ok
20:59:52.0656 1812 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
20:59:52.0656 1812 TosIde - ok
20:59:52.0703 1812 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:59:52.0718 1812 TrkWks - ok
20:59:52.0765 1812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:59:52.0765 1812 Udfs - ok
20:59:52.0781 1812 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
20:59:52.0781 1812 ultra - ok
20:59:52.0859 1812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:59:52.0890 1812 Update - ok
20:59:52.0953 1812 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:59:52.0953 1812 upnphost - ok
20:59:53.0000 1812 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:59:53.0015 1812 UPS - ok
20:59:53.0062 1812 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:59:53.0078 1812 USBAAPL - ok
20:59:53.0109 1812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:59:53.0109 1812 usbehci - ok
20:59:53.0156 1812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:59:53.0156 1812 usbhub - ok
20:59:53.0187 1812 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:59:53.0203 1812 usbprint - ok
20:59:53.0203 1812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:59:53.0218 1812 usbscan - ok
20:59:53.0250 1812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:59:53.0250 1812 USBSTOR - ok
20:59:53.0281 1812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:59:53.0281 1812 usbuhci - ok
20:59:53.0328 1812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:59:53.0328 1812 VgaSave - ok
20:59:53.0375 1812 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
20:59:53.0390 1812 viaagp - ok
20:59:53.0390 1812 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
20:59:53.0390 1812 ViaIde - ok
20:59:53.0437 1812 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:59:53.0437 1812 VolSnap - ok
20:59:53.0484 1812 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:59:53.0500 1812 VSS - ok
20:59:53.0546 1812 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:59:53.0562 1812 w32time - ok
20:59:53.0609 1812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:59:53.0609 1812 Wanarp - ok
20:59:53.0609 1812 wanatw - ok
20:59:53.0625 1812 WDICA - ok
20:59:53.0656 1812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:59:53.0656 1812 wdmaud - ok
20:59:53.0703 1812 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:59:53.0703 1812 WebClient - ok
20:59:53.0812 1812 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:59:53.0828 1812 winachsf - ok
20:59:53.0921 1812 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:59:53.0921 1812 winmgmt - ok
20:59:53.0968 1812 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\System32\MsPMSPSv.exe
20:59:53.0968 1812 WMDM PMSP Service - ok
20:59:54.0000 1812 WmdmPmSN (f4db1f1417ff329e8ff217d5c474d5d7) C:\WINDOWS\system32\MsPMSNSv.dll
20:59:54.0015 1812 WmdmPmSN - ok
20:59:54.0093 1812 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:59:54.0109 1812 Wmi - ok
20:59:54.0156 1812 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:59:54.0156 1812 WmiApSrv - ok
20:59:54.0390 1812 WMPNetworkSvc (4f51f2688c51520211c3810c8548e639) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:59:54.0468 1812 WMPNetworkSvc - ok
20:59:54.0546 1812 WpdUsb (d4162c1d8fe1de8f1e6ef9ba4323d520) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:59:54.0546 1812 WpdUsb - ok
20:59:54.0750 1812 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe
20:59:54.0765 1812 WPFFontCache_v0400 - ok
20:59:54.0812 1812 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:59:54.0828 1812 wscsvc - ok
20:59:54.0859 1812 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:59:54.0890 1812 wuauserv - ok
20:59:54.0906 1812 WudfPf (443f0a35cb3be5d176053da39157a898) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:59:54.0906 1812 WudfPf - ok
20:59:54.0953 1812 WudfRd (e12d4c486d7eb4e0961c27558dc25af7) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:59:54.0953 1812 WudfRd - ok
20:59:54.0984 1812 WudfSvc (8a92b1f02571b634f50db35a934989f6) C:\WINDOWS\System32\WUDFSvc.dll
20:59:54.0984 1812 WudfSvc - ok
20:59:55.0062 1812 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:59:55.0078 1812 WZCSVC - ok
20:59:55.0125 1812 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:59:55.0125 1812 xmlprov - ok
20:59:55.0156 1812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:59:55.0828 1812 \Device\Harddisk0\DR0 - ok
20:59:55.0843 1812 Boot (0x1200) (0e56e7e6dd0cf875e1fdca00f16f7b44) \Device\Harddisk0\DR0\Partition0
20:59:55.0843 1812 \Device\Harddisk0\DR0\Partition0 - ok
20:59:55.0843 1812 ================================================== ==========
20:59:55.0843 1812 Scan finished
20:59:55.0843 1812 ================================================== ==========
20:59:55.0859 1928 Detected object count: 0
20:59:55.0859 1928 Actual detected object count: 0

**Jintan** · #15 July 11th, 2012, 12:45 AM

Not in that scan's items.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.