Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cant access windows update or any AV websites


  • Please log in to reply

#1
j60dys

j60dys

    New Member

  • Member
  • Pip
  • 8 posts
Hi like the topic says I Cant access windows update or any AV websites. I have always managed to fix it my self but this one has got me I cant get rid of it I have mbam and superanti spyware and they aren't finding any thing. any help would be most appreciated.
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello j60dys

Welcome to G2Go. :)
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
j60dys

j60dys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL logfile created on: 07/09/2009 18:34:35 - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\k47rina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.13% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229.45 Gb Total Space | 120.53 Gb Free Space | 52.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: J60DYS-PC
Current User Name: k47rina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\AUDIODG.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\SPAMfighter\SFAgent.exe (SPAMfighter ApS)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\ProgramData\Skype\Plugins\Plugins\A2F36B1829EB4E69AC53989EB936C018\ScreenShot.exe ()
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\winzip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Users\k47rina\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\iPod Access for Windows\iPAHelper.exe ()
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\SPAMfighter\sfus.exe (SPAMfighter ApS)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Users\k47rina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Windows NT\Accessories\WORDPAD.EXE (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AGCoreService [Auto | Stopped]) -- C:\Program Files\AGI\core\3.1\AGCoreService.exe (AG Interactive)
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AresChatServer [On_Demand | Stopped]) -- C:\Program Files\Ares\chatServer.exe (Ares Development Group)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Autodesk Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CoordinatorServiceHost [On_Demand | Stopped]) -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c98791dd0dfaff [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPAHelper.exe [Auto | Running]) -- C:\Program Files\iPod Access for Windows\iPAHelper.exe ()
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (msvsmon80 [Disabled | Stopped]) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Running]) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (SolidWorks Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (SPAMfighter Update Service [Auto | Running]) -- C:\Program Files\SPAMfighter\sfus.exe (SPAMfighter ApS)
SRV - (TomTomHOMEService [Auto | Running]) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (wlidsvc [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (szserver [Auto | Running]) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AegisP [Auto | Running]) -- C:\Windows\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (AR5416 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ar5416.sys (Atheros Communications, Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (athr [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\athr.sys (Atheros Communications, Inc.)
DRV - (athrusb [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\athrusb.sys (Atheros Communications, Inc.)
DRV - (athrusb6 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\athru6.sys (Atheros Communications, Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (btwaudio [On_Demand | Running]) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt [On_Demand | Running]) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwmodem [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\btwmodem.sys (Broadcom Corporation.)
DRV - (btwrchid [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV - (Cam5603D [On_Demand | Running]) -- C:\Windows\System32\Drivers\BisonCam.sys (Bison Electronics. Inc. )
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (dvd43llh [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\dvd43llh.sys (RIF)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FTD2XX [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\FTD2XX.sys (FTDI Ltd.)
DRV - (FTDIBUS [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hotcore3 [Boot | Running]) -- C:\Windows\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (hwdatacard [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MyPort [System | Running]) -- C:\Windows\System32\drivers\MyPort.sys ()
DRV - (NETw3v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel® Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (Pcouffin [On_Demand | Running]) -- C:\Windows\System32\Drivers\Pcouffin.sys (VSO Software)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCDEmu [System | Running]) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (VClone [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (wanatw [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winusb [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\WinUSB.SYS (Microsoft Corporation)
DRV - (szkg5 [Boot | Running]) -- C:\Windows\system32\DRIVERS\szkg.sys (iS3 Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.co.uk...B...m37&guest=1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.co.uk...B...m37&guest=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 10:59:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/21 17:16:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/01 14:29:29 | 00,000,000 | ---D | M]

[2009/08/26 00:57:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/11/29 18:14:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2009/06/21 17:16:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/29 21:29:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/06/21 17:55:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/23 23:22:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 21:28:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/06/03 05:24:27 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/03 05:24:27 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/02/24 03:08:32 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/05/01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/12/05 23:52:44 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/01/25 11:09:10 | 00,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 19:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 23:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/03/12 15:16:54 | 00,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2009/06/03 05:24:27 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/03 02:31:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/03 02:31:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/03 02:31:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/03 02:31:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/03 02:31:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/03 02:31:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/03 02:31:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 20:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (792 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (agcore.AGUtils) - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O2 - BHO: (no name) - {2FCC71E0-2C91-48D4-828D-0BA7DBFA04BE} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (no name) - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {72C9A221-FCFD-4E21-8C9F-E954A4F5C92F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [controlskype] C:\Program Files\controlskype\CSKYPE.EXE ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SPAMfighter Agent] C:\Program Files\SPAMfighter\SFAgent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [ScreenShot.exe] C:\ProgramData\Skype\Plugins\Plugins\A2F36B1829EB4E69AC53989EB936C018\ScreenShot.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [Top Margin] C:\Program Files\Hawkeye Shellinit\top margin.hss ()
O4 - Startup: C:\Users\k47rina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\k47rina\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCpl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\microsoft office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\microsoft office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\microsoft office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\microsoft office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000069 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} http://components.me...MetaStream3.cab (MetaStreamCtl Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} http://www.solidwork...dimdownload.cab (SolidWorks Installation Manager Contol)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zon...ss.cab57176.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/x-mrml - C:\Program Files\Common Files\A&W\MidRadio.ocx (YAMAHA CORPORATION)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\Windows\system32\rqRLbcAP) - File not found
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/02/08 23:07:55 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0df9be50-6d33-11de-9160-fcc13dc6b1d3}\Shell - "" = AutoRun
O33 - MountPoints2\{0df9be50-6d33-11de-9160-fcc13dc6b1d3}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{3c9da9cf-3565-11de-a966-c295ef5dab55}\Shell - "" = AutoRun
O33 - MountPoints2\{3c9da9cf-3565-11de-a966-c295ef5dab55}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3c9da9d0-3565-11de-a966-c295ef5dab55}\Shell - "" = AutoRun
O33 - MountPoints2\{3c9da9d0-3565-11de-a966-c295ef5dab55}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3c9da9d2-3565-11de-a966-c295ef5dab55}\Shell - "" = AutoRun
O33 - MountPoints2\{3c9da9d2-3565-11de-a966-c295ef5dab55}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3fe36318-312f-11de-a590-e2a5dcd05ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{3fe36318-312f-11de-a590-e2a5dcd05ca4}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{3fe36346-312f-11de-a590-b5769a1b5e84}\Shell - "" = AutoRun
O33 - MountPoints2\{3fe36346-312f-11de-a590-b5769a1b5e84}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{4065f632-306a-11de-be30-ab44ceaa1aa1}\Shell - "" = AutoRun
O33 - MountPoints2\{4065f632-306a-11de-be30-ab44ceaa1aa1}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4065f637-306a-11de-be30-ab44ceaa1aa1}\Shell - "" = AutoRun
O33 - MountPoints2\{4065f637-306a-11de-be30-ab44ceaa1aa1}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{4065f662-306a-11de-be30-ab44ceaa1aa1}\Shell - "" = AutoRun
O33 - MountPoints2\{4065f662-306a-11de-be30-ab44ceaa1aa1}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{43534a61-3c3c-11dc-9a47-001636d27fdd}\Shell\AutoRun\command - "" = F:\DVD43_TRAY.EXE -- File not found
O33 - MountPoints2\{4df79349-3ae2-11de-b0a0-e145bc1959d5}\Shell - "" = AutoRun
O33 - MountPoints2\{4df79349-3ae2-11de-b0a0-e145bc1959d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{70dec5c5-1855-11de-a756-ef5cf07943ab}\Shell - "" = AutoRun
O33 - MountPoints2\{70dec5c5-1855-11de-a756-ef5cf07943ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{70dec5f5-1855-11de-a756-ef5cf07943ab}\Shell - "" = AutoRun
O33 - MountPoints2\{70dec5f5-1855-11de-a756-ef5cf07943ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{9d11371f-2fc4-11de-9820-b23a693c7edb}\Shell - "" = AutoRun
O33 - MountPoints2\{9d11371f-2fc4-11de-9820-b23a693c7edb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a17e6a9c-4791-11de-871c-8b67f5e85351}\Shell\AutoRun\command - "" = C:\Windows\System32\Shell32.DLL -- [2009/04/11 07:28:24 | 11,584,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{a17e6a9c-4791-11de-871c-8b67f5e85351}\Shell\open\command - "" = J:\Driver.bat -- File not found
O33 - MountPoints2\{b047940c-be0d-11dd-b9a2-946c2ad33115}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{b31e58b7-26d7-11de-a9eb-98c8f605d2dc}\Shell - "" = AutoRun
O33 - MountPoints2\{b31e58b7-26d7-11de-a9eb-98c8f605d2dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ba97ce0f-2fcf-11de-83dd-b073a141fc70}\Shell - "" = AutoRun
O33 - MountPoints2\{ba97ce0f-2fcf-11de-83dd-b073a141fc70}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ba97ce10-2fcf-11de-83dd-b073a141fc70}\Shell - "" = AutoRun
O33 - MountPoints2\{ba97ce10-2fcf-11de-83dd-b073a141fc70}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ba97ce3d-2fcf-11de-83dd-b073a141fc70}\Shell - "" = AutoRun
O33 - MountPoints2\{ba97ce3d-2fcf-11de-83dd-b073a141fc70}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{bc8efeaf-1a16-11de-a5ed-da39f8f260b0}\Shell - "" = AutoRun
O33 - MountPoints2\{bc8efeaf-1a16-11de-a5ed-da39f8f260b0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{c2ad38d8-2fe2-11de-83c5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c2ad38d8-2fe2-11de-83c5-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{d46e42f4-9b9d-11de-b21e-84bad678b7b1}\Shell\AutoRun\command - "" = F:\DVD43_TRAY.EXE -- File not found
O33 - MountPoints2\{d46e42fe-9b9d-11de-b21e-84bad678b7b1}\Shell - "" = AutoRun
O33 - MountPoints2\{d46e42fe-9b9d-11de-b21e-84bad678b7b1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d571dc2d-2fe3-11de-9417-bb07a8a02da8}\Shell - "" = AutoRun
O33 - MountPoints2\{d571dc2d-2fe3-11de-9417-bb07a8a02da8}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\wubi.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/07 18:27:05 | 00,536,576 | ---- | C] (OldTimer Tools) -- C:\Users\k47rina\Desktop\OTL.exe
[2009/09/07 18:23:55 | 00,000,240 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2009/09/07 17:32:57 | 00,000,600 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2009/09/07 17:30:16 | 00,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2009/09/07 17:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009/09/07 17:28:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/09/07 17:28:23 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2009/09/07 17:26:56 | 00,390,656 | ---- | C] (iS3, Inc.) -- C:\Users\k47rina\Desktop\STOPzilla_Setup.exe
[2009/09/07 17:09:28 | 00,000,000 | ---D | C] -- C:\Users\k47rina\AppData\Local\Apple Computer
[2009/09/07 16:56:30 | 00,000,000 | ---D | C] -- C:\Users\k47rina\AppData\Local\Adobe
[2009/09/07 16:42:23 | 00,500,120 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\k47rina\Desktop\SpyHunter-Installer.exe
[2009/09/07 16:39:50 | 02,986,872 | ---- | C] () -- C:\Users\k47rina\Desktop\FixVirut.com
[2009/09/07 16:07:13 | 00,000,000 | ---D | C] -- C:\Users\k47rina\Desktop\hijackthis
[2009/09/07 15:16:15 | 00,000,000 | ---D | C] -- C:\Users\k47rina\Desktop\OTL log
[2009/09/07 15:08:56 | 00,000,000 | ---D | C] -- C:\Users\k47rina\Desktop\mbam log
[2009/09/07 14:54:18 | 00,000,000 | ---D | C] -- C:\Users\k47rina\Desktop\root repeal reports
[2009/09/07 14:18:11 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2009/09/07 14:15:45 | 00,400,152 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2009/09/07 14:15:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2009/09/07 14:03:43 | 32,109,28128 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/07 01:34:45 | 06,291,456 | -H-- | C] () -- C:\Users\k47rina\AppData\Local\IconCache.db
[2009/09/06 23:08:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/09/06 23:08:06 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/09/06 22:36:43 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/05 19:26:55 | 00,000,000 | ---D | C] -- C:\Program Files\Ares
[2009/09/05 19:17:54 | 00,028,011 | ---- | C] () -- C:\Users\k47rina\Desktop\n714352095_2067531_6555314.jpg
[2009/09/05 10:56:17 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/09/05 10:29:05 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2009/09/05 09:36:31 | 00,000,000 | ---D | C] -- C:\Program Files\Reg Tool
[2009/09/05 04:28:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/05 02:21:42 | 00,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2009/09/05 00:24:06 | 00,023,040 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/09/04 23:53:25 | 00,000,029 | ---- | C] () -- C:\Windows\.wb4
[2009/09/04 23:39:02 | 00,000,000 | ---- | C] () -- C:\Windows\WB.ini
[2009/09/04 22:42:45 | 00,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2009/09/04 22:42:44 | 00,042,672 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbsys.dll
[2009/09/04 19:28:54 | 00,000,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\top margin.hss.lnk
[2009/09/04 18:52:16 | 00,000,000 | ---D | C] -- C:\Program Files\Hawkeye Shellinit
[2009/09/04 15:44:02 | 00,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_desktopcoral_InstallInfo.dat
[2009/09/04 15:44:02 | 00,000,046 | ---- | C] () -- C:\Users\k47rina\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
[2009/09/04 15:43:58 | 00,000,000 | ---D | C] -- C:\Program Files\DesktopCoral
[2009/09/04 14:25:38 | 00,000,000 | ---D | C] -- C:\Users\k47rina\AppData\Local\Deployment
[2009/09/03 23:37:19 | 00,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2009/09/02 10:56:09 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/09/02 10:56:08 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/09/01 17:21:36 | 00,000,000 | ---D | C] -- C:\Users\k47rina\AppData\Local\DassaultSystemes
[2009/09/01 17:21:36 | 00,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes
[2009/09/01 15:05:50 | 00,000,000 | ---D | C] -- C:\Users\k47rina\AppData\Local\Dassault_Systèmes_SolidWo
[2009/09/01 14:30:00 | 00,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009/09/01 14:27:24 | 00,000,023 | -H-- | C] () -- C:\Windows\yacht.xws
[2009/09/01 14:14:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidWorks Shared
[2009/09/01 14:14:29 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2009/09/01 14:14:27 | 00,000,000 | ---D | C] -- C:\ProgramData\SolidWorks
[2009/09/01 14:14:27 | 00,000,000 | ---D | C] -- C:\Program Files\SolidWorks Corp
[2009/09/01 13:20:08 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2009/09/01 13:08:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidWorks Installation Manager
[2009/09/01 12:58:39 | 00,000,000 | ---D | C] -- C:\Windows\SolidWorks
[2009/08/29 00:30:24 | 00,000,000 | ---D | C] -- C:\ProgramData\License
[2009/08/26 15:31:27 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\Windows\System32\actskn45.ocx
[2009/08/26 13:40:13 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/08/26 02:42:32 | 00,005,248 | ---- | C] () -- C:\Windows\giveio.sys
[2009/08/23 23:22:13 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/08/23 23:22:13 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/08/23 23:22:13 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/08/22 00:48:11 | 00,025,214 | ---- | C] () -- C:\Windows\elefun_web.ico
[2009/08/22 00:24:07 | 00,000,068 | ---- | C] () -- C:\Windows\ZMatrixSS.ini
[2009/08/22 00:24:06 | 00,000,000 | ---D | C] -- C:\Program Files\ZMatrix
[2009/08/18 10:43:36 | 02,619,016 | ---- | C] () -- C:\Users\k47rina\Documents\statementretrieval-1.jpg
[2009/08/17 16:23:07 | 00,000,000 | ---D | C] -- C:\Users\k47rina\AppData\Local\Microsoft Corporation
[2009/08/16 20:09:33 | 00,000,000 | R--D | C] -- C:\Users\k47rina\Documents\Podslurp
[2009/08/15 00:03:42 | 00,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2009/08/14 23:44:11 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2009/08/14 17:18:18 | 00,000,165 | ---- | C] () -- C:\Windows\startUp manager.INI
[2009/08/14 17:16:48 | 00,000,000 | ---D | C] -- C:\Windows\Repair
[2009/08/14 17:09:47 | 00,015,867 | ---- | C] () -- C:\Windows\System32\empty.ico
[2009/08/12 12:08:16 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/12 12:08:13 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/12 12:08:11 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/12 12:07:52 | 10,628,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/12 12:07:49 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/12 12:07:49 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/12 12:07:49 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/12 12:07:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/12 12:07:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/12 12:07:48 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/12 12:07:48 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/12 12:07:45 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/12 12:07:42 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/12 12:07:42 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/12 12:07:42 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/12 12:07:41 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/12 12:07:40 | 01,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/12 12:07:40 | 00,439,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/12 12:07:40 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/12 12:07:40 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/02 22:33:48 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/07/18 03:02:29 | 00,000,080 | RHS- | C] () -- C:\Windows\System32\5DDCB54CEE.dll
[2009/06/06 14:30:41 | 00,000,068 | ---- | C] () -- C:\Windows\MyProg.ini
[2009/05/28 15:26:36 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/06 14:58:12 | 00,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI
[2009/01/12 01:14:22 | 00,348,160 | ---- | C] () -- C:\Windows\System32\cdga.dll
[2008/11/26 15:42:21 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/11/26 15:42:21 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/24 05:03:42 | 00,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/09/16 11:27:54 | 01,070,440 | -HS- | C] () -- C:\Windows\System32\giapcnqg.ini
[2008/09/16 02:31:41 | 01,070,606 | -HS- | C] () -- C:\Windows\System32\dvrrjcom.ini
[2008/09/08 21:17:46 | 01,159,168 | ---- | C] () -- C:\Windows\System32\op20pt32.dll
[2008/06/18 14:51:06 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/05/26 13:52:08 | 00,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll
[2008/05/26 13:52:07 | 04,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll
[2008/05/26 13:52:07 | 00,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2008/04/07 00:37:37 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/03/20 01:34:57 | 00,013,312 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/12 13:41:46 | 00,065,024 | ---- | C] () -- C:\Windows\System32\USB_IO.dll
[2008/01/12 13:41:46 | 00,000,071 | ---- | C] () -- C:\Windows\System32\FTD2XXUN.ini
[2007/12/03 20:16:52 | 00,118,784 | ---- | C] () -- C:\Windows\System32\mp3dec.dll
[2007/11/08 14:30:38 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/10/18 10:12:20 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/09/06 12:42:21 | 00,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2007/09/06 12:42:20 | 00,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2007/08/24 20:46:48 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/07 20:25:35 | 00,000,046 | ---- | C] () -- C:\Windows\adiras.ini
[2007/08/02 22:26:46 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/07/31 19:22:56 | 00,000,478 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/07/27 09:28:04 | 00,000,027 | ---- | C] () -- C:\Windows\System32\VideoGenieSetup.ini
[2007/07/26 23:02:19 | 00,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/07/26 23:02:19 | 00,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/07/26 23:02:19 | 00,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/07/26 22:49:34 | 00,765,952 | ---- | C] () -- C:\Windows\System32\tvqenc.dll
[2007/07/26 22:49:32 | 00,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/07/23 19:15:31 | 00,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2006/11/21 08:48:20 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:23:31 | 00,000,675 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/02/06 03:11:52 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2005/02/06 03:11:45 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/02/05 19:31:11 | 00,002,127 | ---- | C] () -- C:\Windows\System32\drivers\MyPort.sys
[2005/02/05 19:28:47 | 00,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2004/09/28 06:38:30 | 00,114,688 | ---- | C] () -- C:\Windows\System32\wmatimer.dll
[2004/01/14 00:46:34 | 00,172,032 | ---- | C] () -- C:\Windows\System32\tifmicon.dll
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/01/22 19:46:58 | 00,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/09/07 18:35:00 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{354F657E-013B-44AC-AD46-7493B2DC90C2}.job
[2009/09/07 18:27:07 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\k47rina\Desktop\OTL.exe
[2009/09/07 18:23:55 | 00,000,240 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2009/09/07 18:23:37 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/09/07 17:59:55 | 00,004,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/07 17:59:55 | 00,004,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/07 17:56:18 | 00,751,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/07 17:56:18 | 00,641,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/07 17:56:18 | 00,122,590 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/07 17:54:01 | 00,000,600 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2009/09/07 17:53:30 | 00,120,832 | ---- | M] () -- C:\Users\k47rina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/07 17:50:00 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/07 17:27:00 | 00,390,656 | ---- | M] (iS3, Inc.) -- C:\Users\k47rina\Desktop\STOPzilla_Setup.exe
[2009/09/07 16:42:32 | 00,500,120 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\k47rina\Desktop\SpyHunter-Installer.exe
[2009/09/07 16:39:56 | 02,986,872 | ---- | M] () -- C:\Users\k47rina\Desktop\FixVirut.com
[2009/09/07 15:57:47 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/09/07 15:55:39 | 00,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/09/07 15:54:53 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/07 15:54:47 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/07 15:54:04 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/07 15:53:51 | 32,109,28128 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/07 15:52:07 | 00,004,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/09/07 15:51:54 | 06,291,456 | -H-- | M] () -- C:\Users\k47rina\AppData\Local\IconCache.db
[2009/09/07 13:58:27 | 00,001,356 | ---- | M] () -- C:\Users\k47rina\AppData\Local\d3d9caps.dat
[2009/09/07 12:00:37 | 00,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/09/07 12:00:35 | 00,524,288 | -HS- | M] () -- C:\ntuser.dat{4a64b673-ee1c-11dd-98e0-a47e4eed307d}.TMContainer00000000000000000001.regtrans-ms
[2009/09/07 12:00:35 | 00,065,536 | -HS- | M] () -- C:\ntuser.dat{4a64b673-ee1c-11dd-98e0-a47e4eed307d}.TM.blf
[2009/09/07 11:37:42 | 00,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{81B20728-999B-432E-9B4D-28D13C98C032}.job
[2009/09/06 18:54:20 | 00,000,792 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2009/09/05 19:16:47 | 00,028,011 | ---- | M] () -- C:\Users\k47rina\Desktop\n714352095_2067531_6555314.jpg
[2009/09/05 02:10:55 | 00,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2009/09/05 00:56:24 | 00,023,040 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2009/09/04 23:57:09 | 00,000,675 | ---- | M] () -- C:\Windows\win.ini
[2009/09/04 23:53:25 | 00,000,029 | ---- | M] () -- C:\Windows\.wb4
[2009/09/04 23:39:02 | 00,000,000 | ---- | M] () -- C:\Windows\WB.ini
[2009/09/04 19:28:54 | 00,000,970 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\top margin.hss.lnk
[2009/09/04 15:44:02 | 00,000,046 | ---- | M] () -- C:\Windows\System32\DonationCoder_desktopcoral_InstallInfo.dat
[2009/09/04 15:44:02 | 00,000,046 | ---- | M] () -- C:\Users\k47rina\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
[2009/09/03 21:59:36 | 00,183,056 | ---- | M] () -- C:\Users\k47rina\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/03 21:19:09 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/09/02 10:48:44 | 04,910,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/09/01 15:06:58 | 00,183,056 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2009/09/01 14:30:00 | 00,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009/09/01 14:27:24 | 00,000,023 | -H-- | M] () -- C:\Windows\yacht.xws
[2009/08/29 01:27:49 | 04,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/08/29 01:14:38 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/08/28 11:44:44 | 00,000,948 | ---- | M] () -- C:\Users\k47rina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2009/08/27 19:40:30 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2009/08/27 19:40:29 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2009/08/25 12:06:49 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/08/22 02:23:20 | 00,000,068 | ---- | M] () -- C:\Windows\ZMatrixSS.ini
[2009/08/18 10:43:41 | 02,619,016 | ---- | M] () -- C:\Users\k47rina\Documents\statementretrieval-1.jpg
[2009/08/17 17:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/08/17 17:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/08/17 17:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/08/17 17:05:24 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/08/17 17:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/08/17 17:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/08/17 17:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/08/14 17:18:18 | 00,000,165 | ---- | M] () -- C:\Windows\startUp manager.INI

========== LOP Check ==========

[2009/09/07 15:57:47 | 00,000,868 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job
[2009/09/07 15:54:53 | 00,000,880 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/09/07 17:50:00 | 00,000,884 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/09/07 15:54:47 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/07 15:52:03 | 00,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/09/07 18:35:00 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{354F657E-013B-44AC-AD46-7493B2DC90C2}.job
[2009/09/07 11:37:42 | 00,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{81B20728-999B-432E-9B4D-28D13C98C032}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:408F95E5
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Windows\System32\mnkpakee.exe:changelist
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C980DA7D
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:97FD1923
@Alternate Data Stream - 1053 bytes -> C:\Windows\System32\Fw_ Fw_ Giant Caterpillar found in Australia.eml:OECustomProperty
< End of report >
  • 0

#4
j60dys

j60dys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL Extras logfile created on: 07/09/2009 15:13:20 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\k47rina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 71.86% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229.45 Gb Total Space | 119.13 Gb Free Space | 51.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: J60DYS-PC
Current User Name: k47rina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1339687452-4108048202-1689069209-1001]
"EnableNotificationsRef" = 3
"EnableNotifications" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025087C2-0969-4029-BC5D-AB5FEBDFEA20}" = lport=5358 | protocol=6 | dir=in | app=system |
"{14CD190E-D60E-45CA-BD48-B67654BA9B21}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{25D85A89-FC6C-4481-8634-20B0AB4F788D}" = rport=137 | protocol=17 | dir=out | app=system |
"{38B2FF5F-03B7-4A59-87D4-35A68C74A48F}" = rport=5358 | protocol=6 | dir=out | app=system |
"{3AC27BF6-A247-452A-AC48-6320C62205CC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{4035D702-B466-4D64-A9EE-0A19A3D78FCD}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4943D857-0161-49BB-87CD-4AEAF2CE01D6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4A1A8C3F-1654-4C18-B26A-15378DA8DE44}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{514AE740-3097-4BC8-8C1E-05A820947785}" = lport=138 | protocol=17 | dir=in | app=system |
"{5B1D9903-C08B-45E7-88B9-3659609EE8AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{69A0C31F-0385-4E03-83A8-3166F96A3AF7}" = lport=137 | protocol=17 | dir=in | app=system |
"{6CF5E501-F090-4EF5-ACE8-443BFB3465FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{835F06D9-0832-49BC-8814-E74D0B51E32B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{86C2C3EB-09E8-4D4D-9C88-F9BA1823F82D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{879955BC-3B03-406F-A1FD-19E52E02D6E9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{894738D1-3382-42F9-9AF7-4AD7CE46BF79}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8EA6E0C9-DF4F-4203-8A29-2F41ABB640D0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{942E7F0E-B251-4F0D-B0C3-DFF9DF884188}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9501CBAC-DE0E-477C-B5E1-86DD164BCB03}" = rport=138 | protocol=17 | dir=out | app=system |
"{98300553-D2ED-4D52-BEE9-E40B2DEBC425}" = rport=5357 | protocol=6 | dir=out | app=system |
"{98BC9C77-9049-4B68-96F1-7B3D85F915CA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A0CADEB6-9E7B-4314-B65A-583758C81CB4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A17B9E36-3F93-48F8-8CE2-85153450F525}" = rport=445 | protocol=6 | dir=out | app=system |
"{A9AD3010-B0EA-47BA-93A5-0E496C46CD8A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AF296830-9C08-4A1B-8F22-0B574EFF09A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B19B4DE2-49ED-433A-9C64-FA11616002AA}" = rport=139 | protocol=6 | dir=out | app=system |
"{B95EBE14-91EE-4341-B279-1B227EE84066}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BAA9723B-84DB-4586-9800-B6D82CB3A098}" = lport=139 | protocol=6 | dir=in | app=system |
"{C7E710E9-0262-463B-AB87-EA3E33B2817D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE128511-4015-4398-A555-ABED4B3A3DD6}" = lport=5357 | protocol=6 | dir=in | app=system |
"{D3D7EAB4-77E4-4E99-8C97-C629337940EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7E38EC7-EF43-4D26-92C5-9706F42B6921}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ED9F5733-0B5D-4E48-9981-A0ED0E3902EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5BC0604-81B1-4787-8F4A-4712A8E8385B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F87C2495-F76F-4445-833C-D821682F20D3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042FEE52-7B4B-4EF3-A736-1F69C5E1C7B0}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{056D3DCF-E0F2-487E-A954-93944B00D32A}" = protocol=58 | dir=out | [email protected],-28546 |
"{131DE960-282D-4FBE-A77C-A34652229461}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{15546A71-8259-4A59-9986-556807836992}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16746ACF-521E-4AA6-A9FE-BD14E6A0C6E9}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E505295-F6E6-4EBC-BC91-00D3B17EE0C0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{22D77501-5CD2-4671-BE6F-DEAF2B320E6A}" = protocol=1 | dir=out | [email protected],-28544 |
"{27F8492F-BDA7-49B7-A418-A0543337DD1B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2DD06DF7-BA04-45DC-A5C8-0736ACCD8723}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{2F83CDB4-CB7C-4B49-9B6B-05625FE0D846}" = protocol=6 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
"{34E883E0-4395-4711-A0BA-D9DA2C8CDFAD}" = dir=in | app=support inrosettastoneltdservices.exe |
"{384AA862-A1D1-4302-A02E-91EC40FF9EB0}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{3F3BA54B-6CD2-444B-B9C3-BA7A58AB4104}" = protocol=6 | dir=out | app=support inrosettastoneltdservices.exe |
"{40D2AF29-A056-4CBE-9827-E532715B941E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4127E1A5-080F-4429-8084-30481B6589CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{436F9B46-8659-4A44-82B3-BAEB40EF3983}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{4629C32B-A6A3-4E99-90A1-FFC0D3F4C104}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{555965BD-985E-4E59-BD0B-EBD2C7950F2D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{56BF995E-16A1-4DDA-B0E1-6D2CD0AA42E1}" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{56E4BA59-2E5C-4718-8D83-5D050DCB8B80}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{58B2AAB3-7A40-4A0D-8E8F-1180E69B77A3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{5A00A184-BB39-451F-BBA0-EE2576919357}" = protocol=58 | dir=in | [email protected],-148 |
"{5C544DCC-37D9-4D0A-8ABF-423C5C231B5C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5F6280FC-D08B-4F2F-B239-53577BA92F5E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{636CEC63-5BF6-4109-8379-7F70E0D4D84C}" = protocol=17 | dir=in | app=c:\program files\ipsharkk\ipsharkk.exe |
"{64467C8A-36CB-4DEB-A111-54714079043B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6C53158F-B167-47E7-8BA3-541955EE84D7}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{6CE28698-2B37-4F06-9E66-B1CD38C1F092}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{6E307848-5B12-43C2-A270-32EAFB2CFFE5}" = protocol=17 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
"{6F0E0FF9-C0C4-4941-A3BA-083330E649B1}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{73AF2CF4-8D08-4ABD-9021-306300C9A2A5}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{73F4C04C-9844-4043-9234-D75F11BDC52A}" = protocol=17 | dir=in | app=c:\windows\temp\vrt32c5.tmp |
"{74A506AA-E870-4364-BFD8-F3A17E4FE7F6}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{7C3500A4-BD77-4A1B-9E6F-30C58A1CC3FF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{863BAA76-585C-4A3F-853A-A8CF139DBCED}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast4\ashavast.exe |
"{886D9831-506F-4052-99A6-21591F976B86}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{8AA91112-C9B0-453C-A506-5B12E518828D}" = dir=in | app=rosettastoneversion3.exe |
"{8CE05A95-B660-4115-83C9-420502C10EDD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8D02F42A-6311-41C7-8748-FA6C35B27C39}" = protocol=17 | dir=in | app=c:\windows\temp\vrt32c5.tmp |
"{8F0D9EEE-98C1-4217-A762-3419D516EF9F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{91580940-25E1-4522-BDA5-67F36E6B3795}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{9916412D-F54F-4E16-BF87-CD8BDB13EB77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9927F1FE-A906-4EBD-8A00-413BD5E4E215}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99FA88BB-9E51-4937-B0A8-7D5E9E5DA019}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{9A191418-32C9-47BC-B914-D021B5F6FF07}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{9D2DF832-68F3-413A-A588-8B3A6C92399F}" = protocol=58 | dir=in | [email protected],-28545 |
"{AA9B15CE-3255-4C84-96C8-F9B32D3C82EC}" = protocol=6 | dir=in | app=c:\windows\temp\vrt32c5.tmp |
"{AB9D04E5-818E-43D8-A728-A2CBE551AF17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B40D31EE-B369-41C9-B0B0-792D0F438021}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B5B42784-84D0-4162-BBDF-06D0846B7512}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B7490CEC-2B31-41D4-96CC-FDA44AD01C73}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{BFA21654-1A36-404C-B4BA-1F4599E8F5A6}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{C55F4115-6B69-46CB-8EBC-B36EB081E2B8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C58D1BCA-F964-40E0-B869-48B3BDC589C0}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{C7BD0249-F55B-4EA8-8419-316719590E9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8DC8FD2-5188-4598-88C4-62F43F7818D3}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{C9C3F2BA-9741-40F3-ABA9-8297A776D723}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{CE640BBD-253E-4ECF-8DF6-83E4A9F810A0}" = protocol=6 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{D35F3B0C-48EB-4EA9-AE42-94808045D495}" = protocol=6 | dir=out | app=rosettastoneversion3.exe |
"{D5D3063A-9E6C-45C9-92C6-F13FFC6EE1BA}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{D6ACBA60-9B9D-4918-AFFA-414A97102436}" = protocol=6 | dir=in | app=c:\windows\temp\vrt32c5.tmp |
"{D81A7C46-1E8C-49BC-9685-7C864F0A9F47}" = protocol=6 | dir=in | app=c:\program files\ipsharkk\ipsharkk.exe |
"{D821117E-A608-4893-9E8F-BCA594876712}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DA9BDF05-22F6-41F7-8474-AC1BA5F2E9A1}" = protocol=17 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{DB4BFE95-3DA8-4CC0-853E-9A91ACAA8A58}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast4\ashavast.exe |
"{E3377816-4C6D-464D-85EA-F911D45E3E83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8E63462-E111-4478-ACC3-56BBC9DF5045}" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{EBB17534-F3EE-4B5D-8D3C-6E6F5E348886}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ECCD862E-F31D-4E05-AE25-B14184EE1FD7}" = protocol=1 | dir=in | [email protected],-28543 |
"{ECEE01A8-5636-45DE-B00E-8E26D26841FE}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED3B3B8B-2281-48AA-B976-31E93923C694}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EEB5CFE1-1ADE-4E7B-A3EB-D046DC946093}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{EFEBC40F-7934-4C0D-BC28-DFF1248552D7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F4516A78-B0B7-445A-B691-05EBE82004BC}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{F7EF1675-90D6-4F0A-898B-E7E8F7B424B0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FCCD673D-0D9C-4CB7-8000-15C6B4216526}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{FFB3D9E7-861F-41AD-9214-B41323F45FD6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0797572D-C8BA-4575-8EE0-4940B175A1ED}C:\program files\invisible browsing\invisiblebrowsing.exe" = protocol=6 | dir=in | app=c:\program files\invisible browsing\invisiblebrowsing.exe |
"TCP Query User{0E8BDDD1-DD45-48AF-B7EA-72D55DDA5EBE}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{0F1FE9A4-1E52-40CA-9BE7-12E9AB2BDFAB}C:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe" = protocol=6 | dir=in | app=c:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe |
"TCP Query User{29A1B772-7288-4EF2-AEF8-6015999BFCB1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3D40F0CE-FC8F-47CF-996A-5E6B9F67C892}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=6 | dir=in | app=c:\program files\globalscape\cuteftp 8 professional\ftpte.exe |
"TCP Query User{4079EE4F-6BBF-49FB-B39E-D2B987B2023C}C:\users\k47rina\documents\downloads\programs\myspacemp3gopher\myspacemp3gopher.exe" = protocol=6 | dir=in | app=c:\users\k47rina\documents\downloads\programs\myspacemp3gopher\myspacemp3gopher.exe |
"TCP Query User{44A716A5-CA55-4F7E-BC47-5DB4CE54079D}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{4BE22DF3-68C1-47E6-9A3F-666F693F2F88}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{5CE15118-211E-4786-89C0-D7D8274A3A15}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{6B06A7B6-C051-45F5-BD71-CAE52412A03E}C:\program files\crossloop\crossloopconnect.exe" = protocol=6 | dir=in | app=c:\program files\crossloop\crossloopconnect.exe |
"TCP Query User{7B6E83C9-DF65-46E3-AD7A-DABF5FF088E4}C:\users\k47rina\appdata\local\temp\wzse0.tmp\symnrt.exe" = protocol=6 | dir=in | app=c:\users\k47rina\appdata\local\temp\wzse0.tmp\symnrt.exe |
"TCP Query User{942FA416-5D17-4251-9546-16A0605D6EA6}C:\program files\cain\cain.exe" = protocol=6 | dir=in | app=c:\program files\cain\cain.exe |
"TCP Query User{9E6E19A0-D871-464D-B24E-A8431CFAC7EE}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A384D732-78A3-4018-923D-38D657A38BAE}C:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe |
"TCP Query User{A61734DC-BBAD-4B9B-9D55-167AF370AF83}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"TCP Query User{A866A15E-78AC-4384-91A6-69FBCDB2825C}C:\program files\mini-stream\mini-stream rm-mp3 converter\rm2mp3converter.exe" = protocol=6 | dir=in | app=c:\program files\mini-stream\mini-stream rm-mp3 converter\rm2mp3converter.exe |
"TCP Query User{B25156F8-19EF-42B5-A2E8-FB802846C7DF}C:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe" = protocol=6 | dir=in | app=c:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe |
"TCP Query User{B3400781-2F68-4E97-907E-5CAA81F9B68E}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=6 | dir=in | app=c:\program files\globalscape\cuteftp 8 professional\ftpte.exe |
"TCP Query User{B7DEEC10-A7A6-4CBF-B3D4-D81ED9C8867A}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{BB188520-A81B-4988-8F4B-B4627D36808C}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{BFED832D-0426-4423-8DAC-62B8ABDE5E20}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{D9336477-CF65-4768-85F8-2E0BDB56AABD}C:\program files\adobe\adobe flash cs3\flash.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash cs3\flash.exe |
"TCP Query User{D9E2F020-4C62-47A5-9000-AC0D70981A2D}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{DC7F23A3-AC01-43E9-A8A2-677E94652040}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{E4A58149-EEE1-43A8-ABD8-64938E877E8E}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"UDP Query User{11ECB9B2-1853-4A6E-A3AA-E493F9957E10}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{1AEF52B3-1CED-49D8-B74B-189BFF7F0DAD}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=17 | dir=in | app=c:\program files\globalscape\cuteftp 8 professional\ftpte.exe |
"UDP Query User{213BF1F9-3731-40C1-91A5-49E2B6285E33}C:\program files\cain\cain.exe" = protocol=17 | dir=in | app=c:\program files\cain\cain.exe |
"UDP Query User{239C678A-9D79-4848-9B83-E92842A93107}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"UDP Query User{2805212F-F35D-4FAF-87C1-CBB526B97B94}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=17 | dir=in | app=c:\program files\globalscape\cuteftp 8 professional\ftpte.exe |
"UDP Query User{34F7FBBF-5AE9-4716-ABD3-2E8CFC52E839}C:\users\k47rina\appdata\local\temp\wzse0.tmp\symnrt.exe" = protocol=17 | dir=in | app=c:\users\k47rina\appdata\local\temp\wzse0.tmp\symnrt.exe |
"UDP Query User{36FD1472-6FA7-4112-B8B4-4A4841315843}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{4DABC473-494E-4A03-A53E-5C2ABF96D5BF}C:\program files\crossloop\crossloopconnect.exe" = protocol=17 | dir=in | app=c:\program files\crossloop\crossloopconnect.exe |
"UDP Query User{57E99F2A-57BC-48E6-9B59-BC183506BD4E}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{64026518-363F-4439-8677-E937D5BE7339}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{7838D16D-113E-4607-BB4E-BE84D73494F9}C:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe |
"UDP Query User{7A6B99E6-D661-411C-B14D-39E3A97C71F2}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"UDP Query User{8BA4EE38-9BC4-4DA5-93C8-8456870E7E8C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{95F7BF46-9B9D-4683-AB01-68090AA0FE36}C:\program files\adobe\adobe flash cs3\flash.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash cs3\flash.exe |
"UDP Query User{960B9530-819B-47BA-9876-B68FB9ABBD0B}C:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe" = protocol=17 | dir=in | app=c:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe |
"UDP Query User{97066D64-272B-448E-A73A-A8D78593D7FD}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"UDP Query User{A3A431AC-4B85-46BC-8F9C-B4E36DB4FFED}C:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe" = protocol=17 | dir=in | app=c:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe |
"UDP Query User{AC30C9E2-9625-40A5-8520-3D28F31FB72D}C:\users\k47rina\documents\downloads\programs\myspacemp3gopher\myspacemp3gopher.exe" = protocol=17 | dir=in | app=c:\users\k47rina\documents\downloads\programs\myspacemp3gopher\myspacemp3gopher.exe |
"UDP Query User{B56EC786-C880-4CD9-B6A7-0EC8E5C0F0B2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{E36D902E-DB2B-4CDE-A10E-25E97DFBC2FA}C:\program files\invisible browsing\invisiblebrowsing.exe" = protocol=17 | dir=in | app=c:\program files\invisible browsing\invisiblebrowsing.exe |
"UDP Query User{E3ECFFC0-40E7-4819-B6AF-E87678029C76}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{E61DEEA6-804B-4661-89D9-FE42D9B80F42}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E85DCA08-A040-4465-86FF-90CB2B5485B2}C:\program files\mini-stream\mini-stream rm-mp3 converter\rm2mp3converter.exe" = protocol=17 | dir=in | app=c:\program files\mini-stream\mini-stream rm-mp3 converter\rm2mp3converter.exe |
"UDP Query User{EFD1396F-FCAE-4921-A5E8-4F6377FC9527}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{F36CC803-1155-486A-8ED9-BF9134468C1A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08A4C07B-204D-11D6-AF25-00B0D0797201}" = Nokia Multimedia Converter Pro v2.0
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16C9924C-C42A-4790-BD18-27BDCA4B23C1}" = SPAMfighter
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1805BD6D-C441-4A1C-802D-AFF0232DAACD}" = A-Men Technologies USB-to-Serial
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18C9716F-C906-441F-BA66-CABAA5CB2DCE}" = Adobe XMP Panels CS4
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B140425-1EA0-4AB8-BB31-1830C4A0A1F2}" = DWGeditor
"{2023D8DE-CD8E-4958-B831-9DB3166D1B07}" = Swift 3D v5.00
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{26A24AE4-039D-4CA4-87B4-2F83216014F0}" = Java™ 6 Update 14
"{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{35727E31-5D78-478A-B418-7E9A82729DB2}" = SolidWorks 2009 SP03
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = 3 Mobile Broadband
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.8.2
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{4b43eaa8-ea98-4652-81ff-d24b041b994a}" = Nero 9 Trial
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{5260B91C-28E1-4fe9-B2EE-BE1B6C82621A}_is1" = PhotoRescue Pro
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-4001-0409-0002-0060B0CE6BBA}" = AutoCAD 2006 - English
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FD9FEEB-AED1-47B0-86B8-DCB5DE9156A3}" = IEEE802.11g USB Wireless LAN Adapter
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CBD8A89-45F4-4203-9923-673F72603747}" = Adobe Photoshop Lightroom 2.3
"{80BA07B3-537F-4189-92F7-26E2BA76095A}" = SolidWorks eDrawings 2009
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9811A185-3D3D-11D6-9E14-00036D172B00}" = Adobe MPEG Encoder
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB7032FF-AFED-4C58-AA5C-8473B273793A}" = HDReg
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{c83b53b8-8da0-32ba-8ccc-6573e8a75a82}" = Webshots Desktop
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}" = Paragon Partition Manager 9.0 Professional
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DDD04533-8F0C-496F-A7D4-067510745DE4}" = SolidWorks viewer
"{DE787736-66F0-4BD9-884B-E4BCA3661646}" = Adobe ExtendScript Toolkit CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 4.0.4.0
"1CLICK DVD Movie_is1" = 1CLICK DVD Movie 3.1.0.0
"AC3ACM" = AC-3 ACM Codec
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Premiere 6.5" = Adobe Premiere 6.5
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
"AdobeReader" = Adobe Reader 8
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amara - Flash Slide Show Builder" = Amara - Flash Slide Show Builder
"Ares" = Ares 2.1.1
"Audacity_is1" = Audacity 1.2.6
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"CD to MP3 Ripper" = CD to MP3 Ripper
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"controlskype_is1" = ControlSkype
"CrossLoop_is1" = CrossLoop 2.44
"Cucusoft Ultimate DVD + Video Converter Suite_is1" = Cucusoft Ultimate DVD + Video Converter Suite 7.19.7.12
"Defraggler" = Defraggler (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD43_is1" = DVD43 v4.4.1
"Easy GIF Animator_is1" = Easy GIF Animator 4.61
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Flashplayer" = Flash Player plugins 9
"FTD2XX" = FTDI FTD2XX USB Drivers
"Google Updater" = Google Updater
"GoogleBAE" = Google BAE
"HangARoo_is1" = HangARoo v2.05a
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ImTOO DVD Ripper Platinum 5" = ImTOO DVD Ripper Platinum 5
"Infocentre" = Infocentre Rev. 2.0
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"iPod Access for Windows_is1" = iPod Access for Windows v4.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"PC Wizard 2008_is1" = PC Wizard 2008.1.871
"PoiEdit" = PoiEdit
"PowerISO" = PowerISO
"Recuva" = Recuva (remove only)
"Registry Mechanic_is1" = Registry Mechanic 8.0
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"RocketDock_is1" = RocketDock 1.3.5
"SETUPMYPC_GB" = SetUp My PC
"SKYPE" = Skype 2.5.2.151
"SmartUndelete_is1" = SmartUndelete
"SolidWorks Installation Manager 20090-40300-1100-200" = SolidWorks 2009 SP03
"SPAMfighter" = SPAMfighter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.7.2.1825
"Updator" = Packard Bell Updator
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZMatrix_is1" = ZMatrix 1.5.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/07/2009 09:39:10 | Computer Name = J60DYS-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 07/08/2009 05:21:46 | Computer Name = J60DYS-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 09/08/2009 09:24:33 | Computer Name = J60DYS-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 14/08/2009 21:15:27 | Computer Name = J60DYS-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 16/08/2009 13:50:39 | Computer Name = J60DYS-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://heanet.dl.sou...ivecd-2.3.1.iso
failed, 00000084.

Error - 16/08/2009 13:51:47 | Computer Name = J60DYS-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://heanet.dl.sou...ivecd-2.3.1.iso
failed, 00000084.

Error - 20/08/2009 18:18:22 | Computer Name = J60DYS-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://heanet.dl.sou...ivecd-2.3.1.iso
failed, 00000084.

Error - 04/09/2009 22:02:56 | Computer Name = J60DYS-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 06/09/2009 14:06:44 | Computer Name = J60DYS-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 07/09/2009 09:27:06 | Computer Name = J60DYS-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS failed,
00000005.

[ Application Events ]
Error - 07/09/2009 06:58:45 | Computer Name = J60DYS-PC | Source = Application Error | ID = 1000
Description = Faulting application TFC.exe, version 1.0.3.5, time stamp 0x2a425e19,
faulting module RPCRT4.dll, version 6.0.6002.18024, time stamp 0x49f05bcc, exception
code 0xc0000005, fault offset 0x000b0af5, process id 0x408, application start time
0x01ca2faa0afbc380.

Error - 07/09/2009 07:04:53 | Computer Name = J60DYS-PC | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: J60DYS-PC\k47rina Checkpoint ID: 1 Error Code: 0x80070005 Error
description: Access is denied.

Error - 07/09/2009 08:52:53 | Computer Name = J60DYS-PC | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: J60DYS-PC\k47rina Checkpoint ID: 1 Error Code: 0x80070005 Error
description: Access is denied.

Error - 07/09/2009 08:59:49 | Computer Name = J60DYS-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 8a8 Start Time: 01ca2fb9eb8e1917 Termination Time: 62

Error - 07/09/2009 09:05:25 | Computer Name = J60DYS-PC | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: J60DYS-PC\k47rina Checkpoint ID: 1 Error Code: 0x80070005 Error
description: Access is denied.

Error - 07/09/2009 09:25:57 | Computer Name = J60DYS-PC | Source = Application Hang | ID = 1002
Description = The program TFC.exe version 1.0.3.5 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 113c Start Time: 01ca2fbe3af8c4f8 Termination Time: 46

Error - 07/09/2009 09:26:46 | Computer Name = J60DYS-PC | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: J60DYS-PC\k47rina Checkpoint ID: 1 Error Code: 0x80070005 Error
description: Access is denied.

Error - 07/09/2009 09:36:05 | Computer Name = J60DYS-PC | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: J60DYS-PC\k47rina Checkpoint ID: 1 Error Code: 0x80070005 Error
description: Access is denied.

Error - 07/09/2009 09:38:11 | Computer Name = J60DYS-PC | Source = Application Error | ID = 1000
Description = Faulting application SysRestorePoint.exe, version 1.3.0.0, time stamp
0x6977903e, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc000007b, fault offset 0x00009eed, process id 0x1664, application
start time 0x01ca2fc06ef5c28c.

Error - 07/09/2009 10:08:06 | Computer Name = J60DYS-PC | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: J60DYS-PC\k47rina Checkpoint ID: 1 Error Code: 0x80070005 Error
description: Access is denied.

[ Media Center Events ]
Error - 18/04/2008 09:59:15 | Computer Name = J60DYS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ OSession Events ]
Error - 29/05/2009 03:25:39 | Computer Name = J60DYS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 80
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 07/09/2009 09:35:15 | Computer Name = J60DYS-PC | Source = LSM | ID = 1048
Description =

Error - 07/09/2009 09:35:15 | Computer Name = J60DYS-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 07/09/2009 10:06:03 | Computer Name = J60DYS-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume \\?\Volume{85455370-2466-11dd-83b1-806e6f6e6963}
encountered a non-retryable error and could not start. The data contains the error
code.

Error - 07/09/2009 10:06:22 | Computer Name = J60DYS-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 07/09/2009 10:06:33 | Computer Name = J60DYS-PC | Source = LSM | ID = 1048
Description =

Error - 07/09/2009 10:06:33 | Computer Name = J60DYS-PC | Source = LSM | ID = 1048
Description =

Error - 07/09/2009 10:07:00 | Computer Name = J60DYS-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 07/09/2009 10:07:00 | Computer Name = J60DYS-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07/09/2009 10:07:00 | Computer Name = J60DYS-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 07/09/2009 10:07:56 | Computer Name = J60DYS-PC | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >
  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi do you have the other program's log file? (Gmer)
  • 0

#6
j60dys

j60dys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi its scanning now
  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok.
  • 0

#8
j60dys

j60dys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
that scan took like 7 hrs

GMER 1.0.15.15077 [e4cygz4o.exe] - http://www.gmer.net
Rootkit scan 2009-09-08 04:33:46
Windows 6.0.6002 Service Pack 2


---- Kernel code sections - GMER 1.0.15 ----

PAGE spsys.sys![email protected]@3PADA + 1ABF AD25203F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys![email protected]@3PADA + 1B2F AD2520AF 1 Byte [16]
PAGE spsys.sys![email protected]@3PADA + 1B2F AD2520AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE spsys.sys![email protected]@3PADA + 1BB0 AD252130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys![email protected]@3PADA + 1BB7 AD252137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\e4cygz4o.exe[488] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\e4cygz4o.exe[488] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\e4cygz4o.exe[488] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\e4cygz4o.exe[488] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\e4cygz4o.exe[488] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\e4cygz4o.exe[488] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\e4cygz4o.exe[488] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\wininit.exe[572] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\wininit.exe[572] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\wininit.exe[572] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\wininit.exe[572] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\wininit.exe[572] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\wininit.exe[572] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\wininit.exe[572] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\java\jre6\bin\jusched.exe[636] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\java\jre6\bin\jusched.exe[636] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\java\jre6\bin\jusched.exe[636] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\java\jre6\bin\jusched.exe[636] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\java\jre6\bin\jusched.exe[636] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\java\jre6\bin\jusched.exe[636] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\java\jre6\bin\jusched.exe[636] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\services.exe[644] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\services.exe[644] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\services.exe[644] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\services.exe[644] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\services.exe[644] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\services.exe[644] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\services.exe[644] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FF94885
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FF94914
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FF94921
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FF94BA5
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FF9490A
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FF94962
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FF9492E
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[772] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[772] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[772] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[772] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[772] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[772] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[772] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\taskeng.exe[808] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\taskeng.exe[808] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\taskeng.exe[808] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\taskeng.exe[808] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\taskeng.exe[808] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\taskeng.exe[808] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\taskeng.exe[808] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\dvd43\DVD43_Tray.exe[988] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\dvd43\DVD43_Tray.exe[988] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\dvd43\DVD43_Tray.exe[988] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\dvd43\DVD43_Tray.exe[988] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\dvd43\DVD43_Tray.exe[988] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\dvd43\DVD43_Tray.exe[988] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\dvd43\DVD43_Tray.exe[988] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[996] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[996] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[996] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[996] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[996] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[996] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[996] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\PowerISO\PWRISOVM.EXE[1152] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\PowerISO\PWRISOVM.EXE[1152] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\PowerISO\PWRISOVM.EXE[1152] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\PowerISO\PWRISOVM.EXE[1152] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\PowerISO\PWRISOVM.EXE[1152] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\PowerISO\PWRISOVM.EXE[1152] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\PowerISO\PWRISOVM.EXE[1152] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\AUDIODG.EXE[1220] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\AUDIODG.EXE[1220] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\AUDIODG.EXE[1220] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\AUDIODG.EXE[1220] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\AUDIODG.EXE[1220] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\AUDIODG.EXE[1220] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\AUDIODG.EXE[1220] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\iTunes\iTunesHelper.exe[1244] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\iTunes\iTunesHelper.exe[1244] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\iTunes\iTunesHelper.exe[1244] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\iTunes\iTunesHelper.exe[1244] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\iTunes\iTunesHelper.exe[1244] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\iTunes\iTunesHelper.exe[1244] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\iTunes\iTunesHelper.exe[1244] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\SLsvc.exe[1268] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\SLsvc.exe[1268] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\SLsvc.exe[1268] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\SLsvc.exe[1268] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\SLsvc.exe[1268] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\SLsvc.exe[1268] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\SLsvc.exe[1268] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\svchost.exe[1368] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\svchost.exe[1368] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\svchost.exe[1368] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\svchost.exe[1368] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\svchost.exe[1368] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\svchost.exe[1368] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\svchost.exe[1368] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\System32\spoolsv.exe[1376] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\System32\spoolsv.exe[1376] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\System32\spoolsv.exe[1376] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\System32\spoolsv.exe[1376] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\System32\spoolsv.exe[1376] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\System32\spoolsv.exe[1376] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\System32\spoolsv.exe[1376] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\taskeng.exe[1448] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\taskeng.exe[1448] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\taskeng.exe[1448] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\taskeng.exe[1448] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\taskeng.exe[1448] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\taskeng.exe[1448] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\taskeng.exe[1448] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\svchost.exe[1492] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\svchost.exe[1492] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\svchost.exe[1492] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\svchost.exe[1492] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\svchost.exe[1492] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\svchost.exe[1492] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\svchost.exe[1492] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Windows Defender\MSASCui.exe[1624] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Windows Defender\MSASCui.exe[1624] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Windows Defender\MSASCui.exe[1624] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Windows Defender\MSASCui.exe[1624] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Windows Defender\MSASCui.exe[1624] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Windows Defender\MSASCui.exe[1624] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Windows Defender\MSASCui.exe[1624] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1700] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1700] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1700] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1700] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1700] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1700] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1700] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1760] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1760] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1760] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1760] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1760] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1760] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1760] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Windows Sidebar\sidebar.exe[1784] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Windows Sidebar\sidebar.exe[1784] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Windows Sidebar\sidebar.exe[1784] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Windows Sidebar\sidebar.exe[1784] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Windows Sidebar\sidebar.exe[1784] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Windows Sidebar\sidebar.exe[1784] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Windows Sidebar\sidebar.exe[1784] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\Dwm.exe[1860] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\Dwm.exe[1860] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\Dwm.exe[1860] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\Dwm.exe[1860] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\Dwm.exe[1860] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\Dwm.exe[1860] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\Dwm.exe[1860] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\Explorer.EXE[1880] Explorer.EXE 01025E50 4 Bytes [FF, 15, 14, 12]
.text C:\Windows\Explorer.EXE[1880] C:\Windows\Explorer.EXE section is writeable [0x01001000, 0x6BD15, 0xE0000020]
.reloc C:\Windows\Explorer.EXE[1880] C:\Windows\Explorer.EXE section is executable [0x012C7000, 0xAC00, 0xE0000040]
.text C:\Windows\Explorer.EXE[1880] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\Explorer.EXE[1880] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\Explorer.EXE[1880] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\Explorer.EXE[1880] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\Explorer.EXE[1880] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\Explorer.EXE[1880] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\Explorer.EXE[1880] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\SPAMfighter\SFAgent.exe[1964] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\SPAMfighter\SFAgent.exe[1964] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\SPAMfighter\SFAgent.exe[1964] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\SPAMfighter\SFAgent.exe[1964] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\SPAMfighter\SFAgent.exe[1964] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\SPAMfighter\SFAgent.exe[1964] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\SPAMfighter\SFAgent.exe[1964] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\System32\igfxtray.exe[1968] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\System32\igfxtray.exe[1968] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\System32\igfxtray.exe[1968] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\System32\igfxtray.exe[1968] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\System32\igfxtray.exe[1968] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\System32\igfxtray.exe[1968] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\System32\igfxtray.exe[1968] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\System32\hkcmd.exe[2068] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\System32\hkcmd.exe[2068] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\System32\hkcmd.exe[2068] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\System32\hkcmd.exe[2068] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\System32\hkcmd.exe[2068] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\System32\hkcmd.exe[2068] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\System32\hkcmd.exe[2068] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\System32\igfxpers.exe[2080] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\System32\igfxpers.exe[2080] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\System32\igfxpers.exe[2080] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\System32\igfxpers.exe[2080] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\System32\igfxpers.exe[2080] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\System32\igfxpers.exe[2080] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\System32\igfxpers.exe[2080] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Windows Sidebar\sidebar.exe[2092] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Windows Sidebar\sidebar.exe[2092] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Windows Sidebar\sidebar.exe[2092] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Windows Sidebar\sidebar.exe[2092] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Windows Sidebar\sidebar.exe[2092] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2092] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Windows Sidebar\sidebar.exe[2092] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\ehome\ehtray.exe[2100] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\ehome\ehtray.exe[2100] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\ehome\ehtray.exe[2100] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\ehome\ehtray.exe[2100] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\ehome\ehtray.exe[2100] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\ehome\ehtray.exe[2100] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\ehome\ehtray.exe[2100] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\ProgramData\Skype\Plugins\Plugins\A2F36B1829EB4E69AC53989EB936C018\ScreenShot.exe[2108] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\ProgramData\Skype\Plugins\Plugins\A2F36B1829EB4E69AC53989EB936C018\ScreenShot.exe[2108] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\ProgramData\Skype\Plugins\Plugins\A2F36B1829EB4E69AC53989EB936C018\ScreenShot.exe[2108] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\ProgramData\Skype\Plugins\Plugins\A2F36B1829EB4E69AC53989EB936C018\ScreenShot.exe[2108] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\ProgramData\Skype\Plugins\Plugins\A2F36B1829EB4E69AC53989EB936C018\ScreenShot.exe[2108] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\ProgramData\Skype\Plugins\Plugins\A2F36B1829EB4E69AC53989EB936C018\ScreenShot.exe[2108] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\ProgramData\Skype\Plugins\Plugins\A2F36B1829EB4E69AC53989EB936C018\ScreenShot.exe[2108] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Skype\Phone\Skype.exe[2116] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Skype\Phone\Skype.exe[2116] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Skype\Phone\Skype.exe[2116] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Skype\Phone\Skype.exe[2116] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Skype\Phone\Skype.exe[2116] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Skype\Phone\Skype.exe[2116] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Skype\Phone\Skype.exe[2116] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2124] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2124] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2124] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2124] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2124] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2124] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2124] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\RocketDock\RocketDock.exe[2132] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\RocketDock\RocketDock.exe[2132] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\RocketDock\RocketDock.exe[2132] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\RocketDock\RocketDock.exe[2132] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\RocketDock\RocketDock.exe[2132] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\RocketDock\RocketDock.exe[2132] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\RocketDock\RocketDock.exe[2132] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2168] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2168] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2168] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2168] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2168] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2168] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2168] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\winzip\WZQKPICK.EXE[2204] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\winzip\WZQKPICK.EXE[2204] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\winzip\WZQKPICK.EXE[2204] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\winzip\WZQKPICK.EXE[2204] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\winzip\WZQKPICK.EXE[2204] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\winzip\WZQKPICK.EXE[2204] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\winzip\WZQKPICK.EXE[2204] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Users\k47rina\AppData\Roaming\Dropbox\bin\Dropbox.exe[2212] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Users\k47rina\AppData\Roaming\Dropbox\bin\Dropbox.exe[2212] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Users\k47rina\AppData\Roaming\Dropbox\bin\Dropbox.exe[2212] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Users\k47rina\AppData\Roaming\Dropbox\bin\Dropbox.exe[2212] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Users\k47rina\AppData\Roaming\Dropbox\bin\Dropbox.exe[2212] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Users\k47rina\AppData\Roaming\Dropbox\bin\Dropbox.exe[2212] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Users\k47rina\AppData\Roaming\Dropbox\bin\Dropbox.exe[2212] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\iPod\bin\iPodService.exe[2220] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\iPod\bin\iPodService.exe[2220] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\iPod\bin\iPodService.exe[2220] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\iPod\bin\iPodService.exe[2220] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\iPod\bin\iPodService.exe[2220] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\iPod\bin\iPodService.exe[2220] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\iPod\bin\iPodService.exe[2220] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\igfxsrvc.exe[2248] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\igfxsrvc.exe[2248] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\igfxsrvc.exe[2248] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\igfxsrvc.exe[2248] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\igfxsrvc.exe[2248] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\igfxsrvc.exe[2248] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\igfxsrvc.exe[2248] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\agrsmsvc.exe[2588] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\agrsmsvc.exe[2588] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\agrsmsvc.exe[2588] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\agrsmsvc.exe[2588] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\agrsmsvc.exe[2588] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\agrsmsvc.exe[2588] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\agrsmsvc.exe[2588] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2608] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2608] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2608] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2608] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2608] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2608] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2608] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Bonjour\mDNSResponder.exe[2620] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Bonjour\mDNSResponder.exe[2620] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Bonjour\mDNSResponder.exe[2620] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Bonjour\mDNSResponder.exe[2620] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Bonjour\mDNSResponder.exe[2620] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2620] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Bonjour\mDNSResponder.exe[2620] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\svchost.exe[2640] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\svchost.exe[2640] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\svchost.exe[2640] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\svchost.exe[2640] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\svchost.exe[2640] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\svchost.exe[2640] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\svchost.exe[2640] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\iPod Access for Windows\iPAHelper.exe[2728] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\iPod Access for Windows\iPAHelper.exe[2728] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\iPod Access for Windows\iPAHelper.exe[2728] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\iPod Access for Windows\iPAHelper.exe[2728] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\iPod Access for Windows\iPAHelper.exe[2728] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\iPod Access for Windows\iPAHelper.exe[2728] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\iPod Access for Windows\iPAHelper.exe[2728] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2932] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2932] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2932] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2932] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2932] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2932] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2932] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2976] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2976] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2976] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2976] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2976] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2976] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2976] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3252] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3252] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3252] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3252] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3252] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3252] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3252] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\SPAMfighter\sfus.exe[3272] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\SPAMfighter\sfus.exe[3272] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\SPAMfighter\sfus.exe[3272] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\SPAMfighter\sfus.exe[3272] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\SPAMfighter\sfus.exe[3272] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\SPAMfighter\sfus.exe[3272] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\SPAMfighter\sfus.exe[3272] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\ehome\ehmsas.exe[3284] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\ehome\ehmsas.exe[3284] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\ehome\ehmsas.exe[3284] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\ehome\ehmsas.exe[3284] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\ehome\ehmsas.exe[3284] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\ehome\ehmsas.exe[3284] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\ehome\ehmsas.exe[3284] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\svchost.exe[3308] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\svchost.exe[3308] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\svchost.exe[3308] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\svchost.exe[3308] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\svchost.exe[3308] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\svchost.exe[3308] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\svchost.exe[3308] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3332] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3332] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3332] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3332] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3332] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3332] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3332] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\System32\svchost.exe[3356] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\System32\svchost.exe[3356] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\System32\svchost.exe[3356] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\System32\svchost.exe[3356] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\System32\svchost.exe[3356] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\System32\svchost.exe[3356] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\System32\svchost.exe[3356] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3948] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3948] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3948] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3948] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3948] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3948] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3948] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3972] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3972] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3972] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3972] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3972] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3972] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3972] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4004] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4004] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4004] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4004] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4004] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4004] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4004] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\System32\alg.exe[4072] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\System32\alg.exe[4072] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\System32\alg.exe[4072] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\System32\alg.exe[4072] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\System32\alg.exe[4072] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\System32\alg.exe[4072] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\System32\alg.exe[4072] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4256] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4256] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4256] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4256] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4256] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4256] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4256] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!SetWindowsHookExW 770387AD 5 Bytes JMP 70F29521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!CallNextHookEx 77038E3B 5 Bytes JMP 70F1CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!UnhookWindowsHookEx 770398DB 5 Bytes JMP 70E943F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!CreateWindowExA 7703DC2A 5 Bytes JMP 06D98C47 C:\Program Files\STOPzilla!\SZIEBHO.dll (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!CreateWindowExW 77041305 5 Bytes JMP 06D98C8D C:\Program Files\STOPzilla!\SZIEBHO.dll (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!DialogBoxParamW 770610B0 5 Bytes JMP 70E551FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!DialogBoxIndirectParamW 77062EF5 5 Bytes JMP 71023C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!DialogBoxParamA 77078152 5 Bytes JMP 71023BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!DialogBoxIndirectParamA 7707847D 5 Bytes JMP 71023C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!MessageBoxIndirectA 7708D4D9 5 Bytes JMP 71023B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!MessageBoxIndirectW 7708D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!MessageBoxIndirectW 7708D5D3 5 Bytes JMP 71023AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!MessageBoxExA 7708D639 5 Bytes JMP 71023A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!MessageBoxExW 7708D65D 5 Bytes JMP 71023A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] ole32.dll!OleLoadFromStream 777E1E12 5 Bytes JMP 71023F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] ole32.dll!CoCreateInstance 77819EA6 5 Bytes JMP 70F2D408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Windows\system32\wbem\unsecapp.exe[4700] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\wbem\unsecapp.exe[4700] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\wbem\unsecapp.exe[4700] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\wbem\unsecapp.exe[4700] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\wbem\unsecapp.exe[4700] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\wbem\unsecapp.exe[4700] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\wbem\unsecapp.exe[4700] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\wbem\wmiprvse.exe[4728] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\wbem\wmiprvse.exe[4728] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\wbem\wmiprvse.exe[4728] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\wbem\wmiprvse.exe[4728] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\wbem\wmiprvse.exe[4728] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\wbem\wmiprvse.exe[4728] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\wbem\wmiprvse.exe[4728] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4784] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4784] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4784] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4784] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4784] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4784] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4784] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Windows\system32\SearchProtocolHost.exe[5368] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Windows\system32\SearchProtocolHost.exe[5368] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Windows\system32\SearchProtocolHost.exe[5368] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Windows\system32\SearchProtocolHost.exe[5368] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Windows\system32\SearchProtocolHost.exe[5368] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Windows\system32\SearchProtocolHost.exe[5368] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Windows\system32\SearchProtocolHost.exe[5368] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] USER32.dll!SetWindowsHookExW 770387AD 5 Bytes JMP 70F29521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] USER32.dll!CallNextHookEx 77038E3B 5 Bytes JMP 70F1CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] USER32.dll!UnhookWindowsHookEx 770398DB 5 Bytes JMP 70E943F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] USER32.dll!CreateWindowExA 7703DC2A 5 Bytes JMP 043E8C47 C:\Program Files\STOPzilla!\SZIEBHO.dll (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] USER32.dll!CreateWindowExW 77041305 5 Bytes JMP 043E8C8D C:\Program Files\STOPzilla!\SZIEBHO.dll (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] USER32.dll!DialogBoxParamW 770610B0 5 Bytes JMP 70E551FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] USER32.dll!DialogBoxIndirectParamW 77062EF5 5 Bytes JMP 71023C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] USER32.dll!DialogBoxParamA 77078152 5 Bytes JMP 71023BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] USER32.dll!DialogBoxIndirectParamA 7707847D 5 Bytes JMP 71023C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] USER32.dll!MessageBoxIndirectA 7708D4D9 5 Bytes JMP 71023B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] USER32.dll!MessageBoxIndirectW 7708D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] USER32.dll!MessageBoxIndirectW 7708D5D3 5 Bytes JMP 71023AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] USER32.dll!MessageBoxExA 7708D639 5 Bytes JMP 71023A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] USER32.dll!MessageBoxExW 7708D65D 5 Bytes JMP 71023A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] ole32.dll!OleLoadFromStream 777E1E12 5 Bytes JMP 71023F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5424] ole32.dll!CoCreateInstance 77819EA6 5 Bytes JMP 70F2D408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[5564] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[5564] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[5564] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[5564] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[5564] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[5564] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[5564] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] ntdll.dll!NtCreateFile 77AB43D4 5 Bytes CALL 7FFA4885
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] ntdll.dll!NtCreateProcess 77AB4494 5 Bytes CALL 7FFA4914
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] ntdll.dll!NtCreateProcessEx 77AB44A4 5 Bytes CALL 7FFA4921
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] ntdll.dll!NtDeviceIoControlFile 77AB4804 5 Bytes CALL 7FFA4BA5
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] ntdll.dll!NtOpenFile 77AB4BB4 5 Bytes CALL 7FFA490A
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] ntdll.dll!NtQueryInformationProcess 77AB4E54 5 Bytes CALL 7FFA4962
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] ntdll.dll!NtCreateUserProcess 77AB5804 5 Bytes CALL 7FFA492E
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!CreateWindowExW 77041305 5 Bytes JMP 70F2D3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!DialogBoxParamW 770610B0 5 Bytes JMP 70E551FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!DialogBoxIndirectParamW 77062EF5 5 Bytes JMP 71023C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!DialogBoxParamA 77078152 5 Bytes JMP 71023BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!DialogBoxIndirectParamA 7707847D 5 Bytes JMP 71023C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!MessageBoxIndirectA 7708D4D9 5 Bytes JMP 71023B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!MessageBoxIndirectW 7708D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!MessageBoxIndirectW 7708D5D3 5 Bytes JMP 71023AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!MessageBoxExA 7708D639 5 Bytes JMP 71023A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!MessageBoxExW 7708D65D 5 Bytes JMP 71023A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[644] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00060002
IAT C:\Windows\system32\services.exe[644] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00060000

---- Devices - GMER 1.0.15 ----

Device \Driver\BTHUSB \Device\0000009c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\BTHUSB \Device\0000009e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000a3a83fd28 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0[email protected] 0x2F 0x5D 0xA9 0x51 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0[email protected] 0x25 0xB6 0x94 0x88 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0[email protected] 0x8E 0x91 0x47 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a83fd28 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0[email protected] 0x2F 0x5D 0xA9 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0[email protected] 0x25 0xB6 0x94 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0[email protected] 0x8E 0x91 0x47 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a83fd28
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0[email protected] 0x2F 0x5D 0xA9 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0[email protected] 0x25 0xB6 0x94 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0[email protected] 0x8E 0x91 0x47 0x1B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{027CEAA7-8155-6BB0-8974-DAE8A3A964AB}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97597FE0-C01C-B5CB-9D47-A4E0030AF80B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97597FE0-C01C-B5CB-9D47-A4E0030AF80B}@eabcjnpnja 0x66 0x61 0x6C 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97597FE0-C01C-B5CB-9D47-A4E0030AF80B}@dambodcg 0x64 0x62 0x6E 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97597FE0-C01C-B5CB-9D47-A4E0030AF80B}@iajgfobfkieihmpaig 0x69 0x61 0x67 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97597FE0-C01C-B5CB-9D47-A4E0030AF80B}@hadedlhnplpljhbd 0x69 0x61 0x67 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{991A8F18-EE62-DA57-A9A4-2163C1FA0A5D}

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS02429.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0242A.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0242B.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0242C.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0242D.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0242E.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0242F.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS02430.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS02431.log 131072 bytes

---- EOF - GMER 1.0.15 ----
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

  • 0

#10
j60dys

j60dys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
GooredFix by jpshortstuff (12.07.09)
Log created at 10:27 on 08/09/2009 (k47rina)
Firefox version 3.0.11 (en-GB)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{62760FD6-B943-48C9-AB09-F99C6FE96088} [17:14 29/11/2007]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:14 29/11/2007]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [20:29 29/11/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [16:55 21/06/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [22:22 23/08/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [20:28 04/08/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [16:36 06/02/2009]

-=E.O.F=-
  • 0

#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#12
j60dys

j60dys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
i am getting this error

!!ALERT!! It is not safe to continue!

the contents of the combofix package has been comprimised.
please download a fresh copy from:

h**p://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note you may be infected with a file pattching virus 'Virut'

i have tryed downloading again but keep geting the same msg

Edited by j60dys, 08 September 2009 - 06:58 AM.

  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Unfortunately we cannot safely continue.

:) VIRUT :)

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
https://forums2.syma...age/ba-p/388834
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.c...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)

What this means is we cannot proceed with any sort of fix as your legitimate files have already been corrupted and this action is, unfortunately, irreversible. I apologize but there is nothing else I can do or advise to completely clear your machine. You must reformat your pc to rid yourself of this deadly virus.
  • 0

#14
j60dys

j60dys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
i ran the fix virut tool and this is the log

Symantec W32.Virut Removal Tool 1.1.2

W32.Virut has not been found on your computer.
  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
It is because it is not the variant that that tool covers trust me if Virut is on the system there is no recovery.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP