[Lovltn848]

My computer seems to be working extra hard lately. I noticed that the fan seems to go on overdrive more often and Google Chrome has been much slower, and the address bar for google search only works about half the time. Thinking I would free up some space so that my computer wouldn't be as bogged down, I went to uninstall some programs. I noticed I had leftover HP All-in-One software that I don't use, so I tried to uninstall it, and that wouldn't work at all. I rebooted and when I logged into Windows, it stayed on a black screen with a mouse on it for a few minutes, this isn't normal.

After my desktop finally loaded, I was getting Windows Installer constantly popping up asking to insert the disk for the TrayApp file. I did some searches and found Revo Uninstaller (from another thread on this forum) to uninstall all of the HP things so that I would stop getting the continuous Windows Installer prompt. I fixed that, but now I'm having problems with hpswp_bho.dll and hpswp_printenhancer. I don't have a printer for this laptop and I don't have any other HP products. I need ALL of this HP crap off of my computer before I go insane! I would also like help figuring out what's wrong with Chrome. I don't know if I have a virus or a trojan or other malware. I ran MalwareBytes and nothing came up. Usually it's blatantly obvious if my computer's infected but now I'm not sure what is going on. Please help.

[Advertisements]

Hi, Lovltn848! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

Please follow the steps below:

Step 1

OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Under the Extra Registry section, check Use SafeList
• Check the boxes beside LOP Check and Purity Check.
• Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the textbox.
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 2

GMER Rootkit Scanner

• Download GMER from HERE.
• Extract the contents of zipped file to your desktop.
• Double click GMER.exe.
  
  
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
  
• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)

NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.
• Please copy and paste the report into your Post.

Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

When completed the above, please post back the following in the order asked for:

• OTL log
• Extras log
• GMER log
  

[Render]

Hi, Lovltn848! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

Please follow the steps below:

Step 1

OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Under the Extra Registry section, check Use SafeList
• Check the boxes beside LOP Check and Purity Check.
• Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the textbox.
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 2

GMER Rootkit Scanner

• Download GMER from HERE.
• Extract the contents of zipped file to your desktop.
• Double click GMER.exe.
  
  
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
  
• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)

NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.
• Please copy and paste the report into your Post.

Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

When completed the above, please post back the following in the order asked for:

• OTL log
• Extras log
• GMER log
  

[Lovltn848]

OTL logfile created on: 5/16/2011 9:55:26 PM - Run 7
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Lauren\Desktop\Computer Maintainence
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 20.16 Gb Free Space | 18.07% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 15.32 Gb Free Space | 13.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAUREN-PC
Current User Name: Lauren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2011/04/30 21:02:23 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2011/02/23 09:16:28 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/02/15 01:00:00 | 002,068,832 | ---- | M] (Cerulean Studios) -- C:\Program Files\TrillianAstra\Trillian\trillian.exe
PRC - [2011/02/13 14:20:14 | 000,325,000 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010/09/21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010/09/18 17:13:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Desktop\Computer Maintainence\OTL.exe
PRC - [2010/08/25 20:45:38 | 000,179,224 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2010/07/20 09:34:11 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/05/06 20:09:06 | 000,415,638 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2010/05/06 19:59:36 | 000,516,216 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2009/10/26 01:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 21:35:06 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/18 10:43:20 | 000,173,352 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/10 16:02:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/29 21:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008/06/13 15:52:52 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/11 12:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/14 19:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/14 19:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/05/12 17:28:04 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008/04/25 19:44:06 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/04/06 23:42:36 | 000,034,040 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/04/06 23:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/04 04:03:14 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 13:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007/12/06 18:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/09/26 18:05:58 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe


========== Modules (SafeList) ==========

MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/09/18 17:13:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Desktop\Computer Maintainence\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/01/20 20:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/22 07:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011/02/18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/08/16 18:00:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/20 09:34:11 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/03/17 22:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/17 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/05/14 19:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/04/06 23:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/04 04:03:14 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 13:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/20 20:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007/12/06 18:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lauren\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/08/25 20:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/11/30 21:54:33 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/01 15:16:38 | 000,388,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2008/06/13 19:10:08 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/14 19:05:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/05/14 19:05:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/05/14 19:05:42 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/05/02 17:27:48 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/04/25 12:08:42 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/21 11:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/11 21:02:32 | 000,061,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/02/29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/21 03:55:00 | 000,299,008 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/01/30 19:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 19:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/20 20:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:32:49 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/01/20 20:32:48 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/20 20:32:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/20 20:32:48 | 000,521,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2008/01/20 20:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:32:48 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 20:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/20 20:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007/02/26 18:15:22 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/02/10 23:02:26 | 000,014,720 | ---- | M] (Redcl0ud) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xbcd.sys -- (XBCD+)
DRV - [2006/11/02 23:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...9&m=aspire_5335


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Lauren-PC_Guest\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...9&m=aspire_5335
IE - HKU\Lauren-PC_Guest\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Lauren-PC_Guest\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...9&m=aspire_5335
IE - HKU\Lauren-PC_Guest\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {89c9e067-2605-4f75-a608-f6ea31c9d085}:2.0.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\PROGRAM FILES\Mozilla Firefox\components [2010/12/07 23:33:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\PROGRAM FILES\Mozilla Firefox\plugins [2011/04/23 11:26:20 | 000,000,000 | ---D | M]

[2009/07/11 01:53:33 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions
[2009/07/11 01:53:33 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/04/23 00:22:59 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/10 00:01:03 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions
[2011/02/27 10:01:35 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/05/08 20:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/07 22:22:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(68)
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/02/27 10:01:35 | 000,000,000 | ---D | M] (FFXI Helper) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{89c9e067-2605-4f75-a608-f6ea31c9d085}
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{89c9e067-2605-4f75-a608-f6ea31c9d087}
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/05/08 20:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/07 22:58:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(69)
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\eastasian@eunheui
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]\__MACOSX
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]\chrome
[2011/02/15 21:56:34 | 000,002,556 | ---- | M] () -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\searchplugins\askcom.xml
[2011/03/23 23:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/27 09:47:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/23 23:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/02/23 00:06:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File not found
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\Lauren-PC_Guest\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKU\Lauren-PC_Guest..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Lauren-PC_Guest..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Lauren-PC_Guest\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\Lauren-PC_Guest\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\Lauren-PC_Guest\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: D:\Pictures\Avatars\Victorian_Grunge_Wallpaper_by_Taboon1.jpg
O24 - Desktop BackupWallPaper: D:\Pictures\Avatars\Victorian_Grunge_Wallpaper_by_Taboon1.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 22:59:34 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\Acer Arcade Deluxe
[2011/05/08 21:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/05/06 09:13:08 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\Apple
[2011/05/05 15:02:09 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\Apple Computer
[2011/05/05 12:00:53 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\Adobe
[2011/04/26 22:07:57 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/26 22:07:55 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/26 22:06:52 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/24 21:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/04/22 14:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/22 14:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/22 14:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/01/06 19:43:08 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[5 C:\Users\Lauren\Desktop\*.tmp files -> C:\Users\Lauren\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 22:01:14 | 005,505,024 | -HS- | M] () -- C:\Users\Lauren\ntuser.dat
[2011/05/16 21:12:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 21:10:14 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 21:10:14 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 21:07:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3761143489-4144888808-3294341120-1000Core.job
[2011/05/16 21:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3761143489-4144888808-3294341120-1000UA.job
[2011/05/16 12:58:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/16 02:12:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/15 23:19:42 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011/05/15 23:19:42 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/15 23:19:42 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/15 23:10:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/05/15 23:10:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/05/15 23:09:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 23:09:53 | 2070,843,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/15 23:08:51 | 000,524,288 | -HS- | M] () -- C:\Users\Lauren\ntuser.dat{c9cb21ae-7928-11e0-98d0-001d72f0e0e1}.TMContainer00000000000000000001.regtrans-ms
[2011/05/15 23:08:51 | 000,065,536 | -HS- | M] () -- C:\Users\Lauren\ntuser.dat{c9cb21ae-7928-11e0-98d0-001d72f0e0e1}.TM.blf
[2011/05/13 17:02:43 | 003,639,225 | -H-- | M] () -- C:\Users\Lauren\AppData\Local\IconCache.db
[2011/05/13 00:03:18 | 000,002,051 | ---- | M] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/05/12 15:54:49 | 000,002,051 | ---- | M] () -- C:\Users\Lauren\Desktop\Google Chrome.lnk
[2011/05/12 15:54:49 | 000,002,013 | ---- | M] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/12 15:49:51 | 000,001,752 | ---- | M] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/08 20:46:09 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/08 20:45:24 | 000,524,288 | -HS- | M] () -- C:\Users\Lauren\ntuser.dat{c9cb21ae-7928-11e0-98d0-001d72f0e0e1}.TMContainer00000000000000000002.regtrans-ms
[2011/05/08 20:33:20 | 000,524,288 | -HS- | M] () -- C:\Users\Lauren\ntuser.dat{f8c7c0bf-3c30-11e0-afb4-c0e961b0486b}.TMContainer00000000000000000001.regtrans-ms
[2011/05/08 20:33:20 | 000,065,536 | -HS- | M] () -- C:\Users\Lauren\ntuser.dat{f8c7c0bf-3c30-11e0-afb4-c0e961b0486b}.TM.blf
[2011/05/02 19:24:25 | 000,079,360 | -H-- | M] () -- C:\Users\Lauren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/28 21:40:14 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2011/04/27 19:04:13 | 003,089,913 | ---- | M] () -- C:\Users\Lauren\Documents\LoaderBackup-(2011-04-27).ipd
[2011/04/23 11:27:27 | 000,001,668 | ---- | M] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/22 14:43:16 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[5 C:\Users\Lauren\Desktop\*.tmp files -> C:\Users\Lauren\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/13 00:03:18 | 000,002,051 | ---- | C] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/05/12 15:54:49 | 000,002,051 | ---- | C] () -- C:\Users\Lauren\Desktop\Google Chrome.lnk
[2011/05/12 15:54:49 | 000,002,013 | ---- | C] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/12 15:49:51 | 000,001,752 | ---- | C] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/08 20:40:41 | 000,524,288 | -HS- | C] () -- C:\Users\Lauren\ntuser.dat{c9cb21ae-7928-11e0-98d0-001d72f0e0e1}.TMContainer00000000000000000002.regtrans-ms
[2011/05/08 20:40:41 | 000,524,288 | -HS- | C] () -- C:\Users\Lauren\ntuser.dat{c9cb21ae-7928-11e0-98d0-001d72f0e0e1}.TMContainer00000000000000000001.regtrans-ms
[2011/05/08 20:40:41 | 000,065,536 | -HS- | C] () -- C:\Users\Lauren\ntuser.dat{c9cb21ae-7928-11e0-98d0-001d72f0e0e1}.TM.blf
[2011/04/27 19:04:13 | 003,089,913 | ---- | C] () -- C:\Users\Lauren\Documents\LoaderBackup-(2011-04-27).ipd
[2011/04/23 11:27:27 | 000,001,668 | ---- | C] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/22 14:43:16 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/04 22:24:17 | 000,000,231 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\Rim.Desktop.Exception.log
[2011/01/04 22:22:30 | 000,003,343 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/07/27 09:24:54 | 000,323,584 | ---- | C] () -- C:\Windows\System32\FoxImager.dll
[2009/10/15 23:58:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/07 19:21:12 | 000,015,235 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\UserTile.png
[2009/09/11 02:18:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/22 21:17:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/10 15:41:55 | 000,003,534 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/02 18:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/17 17:16:21 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/07 02:58:50 | 000,007,052 | ---- | C] () -- C:\Users\Lauren\AppData\Local\d3d9caps.dat
[2009/03/31 19:39:07 | 000,002,990 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/03/31 19:02:45 | 000,079,360 | -H-- | C] () -- C:\Users\Lauren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/30 20:15:48 | 000,000,031 | ---- | C] () -- C:\Windows\wininit.ini
[2009/01/06 19:28:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2009/01/06 19:02:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2009/01/06 18:59:59 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/01/06 18:59:59 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/01/06 18:58:24 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/09/12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/05/14 23:50:47 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/05/14 23:47:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/05/14 23:47:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/05/14 06:48:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/14 06:48:14 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/05/14 06:48:14 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/05/14 06:48:13 | 000,000,045 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2008/05/14 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/05/14 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009/07/15 15:54:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Acer
[2008/05/14 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Acer GameZone Console
[2009/07/15 15:54:40 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Leadertech
[2009/10/25 10:29:46 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PowerCinema
[2009/10/25 10:42:09 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Trillian
[2009/03/30 21:36:50 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Acer
[2008/05/14 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Acer GameZone Console
[2010/03/07 11:24:01 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Auslogics
[2011/05/05 11:59:03 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\BitTorrent
[2009/11/13 22:29:35 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Canneverbe_Limited
[2009/04/19 14:11:12 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\FloodLightGames
[2009/04/17 18:32:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\IObit
[2009/03/30 21:36:44 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Leadertech
[2009/12/18 23:21:32 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\LimeWire
[2010/10/17 16:16:10 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\NCH Swift Sound
[2009/09/01 01:50:13 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Opera
[2009/10/07 19:21:11 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\PeerNetworking
[2009/08/10 16:37:50 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\PowerCinema
[2009/07/01 22:10:30 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Red Rune Software
[2011/01/04 22:24:31 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Research In Motion
[2009/07/15 21:12:20 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\SecondLife
[2009/10/07 18:27:01 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Trillian
[2009/08/11 00:39:55 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\VistaCodecs
[2011/01/24 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\WeatherBug
[2011/02/27 09:53:36 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\WinPatrol
[2009/10/25 10:49:04 | 000,000,000 | ---D | M] -- C:\Users\Lauren2\AppData\Roaming\Acer
[2008/05/14 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Lauren2\AppData\Roaming\Acer GameZone Console
[2009/10/25 10:48:45 | 000,000,000 | ---D | M] -- C:\Users\Lauren2\AppData\Roaming\Leadertech
[2009/10/25 10:48:46 | 000,000,000 | ---D | M] -- C:\Users\Lauren2\AppData\Roaming\PowerCinema
[2011/05/13 17:03:48 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 20:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 20:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 20:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 20:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 20:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 20:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 20:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 20:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/11/30 11:40:32 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/11/30 11:40:32 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/11/30 11:40:32 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES\Mozilla Firefox\firefox.exe [2009/11/30 11:40:21 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES\Mozilla Firefox\firefox.exe" -preferences [2009/11/30 11:40:21 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES\Mozilla Firefox\firefox.exe" -safe-mode [2009/11/30 11:40:21 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/14 07:09:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/14 07:09:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/14 07:09:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/14 07:09:36 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/04/14 07:09:36 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/11/30 11:40:32 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/11/30 11:40:32 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/11/30 11:40:32 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES\Mozilla Firefox\firefox.exe [2009/11/30 11:40:21 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES\Mozilla Firefox\firefox.exe" -preferences [2009/11/30 11:40:21 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES\Mozilla Firefox\firefox.exe" -safe-mode [2009/11/30 11:40:21 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/14 07:09:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/14 07:09:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/14 07:09:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/14 07:09:36 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/04/14 07:09:36 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:193426B4
< End of report >





OTL Extras logfile created on: 5/16/2011 9:55:26 PM - Run 7
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Lauren\Desktop\Computer Maintainence
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 20.16 Gb Free Space | 18.07% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 15.32 Gb Free Space | 13.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAUREN-PC
Current User Name: Lauren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\PROGRAM FILES\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3761143489-4144888808-3294341120-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\PROGRAM FILES\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\PROGRAM FILES\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078766F6-3D68-4F9B-934D-941B1DD0F2AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{166FD88E-808B-49CD-A67B-ACF804E6348B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{17C2957C-87B9-4C30-A228-DCEC96626C62}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18B89CA5-DC61-4100-BF36-219542DF3547}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1E7C7BE3-7ECE-4961-93B1-14E0CCDA2480}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1F99B413-0035-44F0-905F-9983C50D1344}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{22526858-EBAA-46A5-A60C-2A2613359FC0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{254843B6-EC10-4623-88A1-21D969060736}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{3F5D5CFD-1503-443E-847A-7C15F34B990F}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{4135F265-A81C-4046-859F-A1ED1BB5E7D2}" = lport=138 | protocol=17 | dir=in | app=system |
"{4B94E159-740E-4320-B9A1-74C2F5DF6D6C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4CD44403-02B6-46FC-B655-1BE1302FCE85}" = rport=137 | protocol=17 | dir=out | app=system |
"{4DFEE1C8-8F91-4E1C-9BD5-2D77D2FBC1E0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4E2D98B1-E130-4A2A-8353-A9B8BC4C9BC5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F77BC55-8C14-4053-A133-D25EF28B5DC3}" = rport=445 | protocol=6 | dir=out | app=system |
"{53A468E6-D1AB-4BE1-BC72-1C2BE8E9AE78}" = lport=445 | protocol=6 | dir=in | app=system |
"{5814E543-B9E3-4709-8A65-DADEA3DBBC87}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{5FB6D2C2-9F92-47EB-A071-3C6A4E7A45CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69F72B2F-1D66-4BAF-AA15-2477309FFA3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{74F6A1C9-E0F5-459C-B651-D030E073A487}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C993E7E-BCD3-4B01-96EE-CE99F94148B7}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{7D5F880D-0B46-4D05-9579-99DBAEEE5DFC}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{7E3BA4D9-1B7B-4DB9-AC11-EF45F5BEFD2F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{88118C52-7C61-4335-860C-B2CD5A129EF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{88882644-1908-491C-847E-7CDC2DA5FC6E}" = lport=139 | protocol=6 | dir=in | app=system |
"{8CE8E16B-EED8-44F7-AD88-DB62D8699A21}" = rport=139 | protocol=6 | dir=out | app=system |
"{9E7E6C01-BB54-48BA-9DD4-F25819955275}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0A579FD-9B4C-45F7-A053-4005F3B06B73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF17FE27-0F92-42D7-BB9C-9017CFCE5778}" = lport=137 | protocol=17 | dir=in | app=system |
"{B9CE07FB-2908-4316-9B4E-03DB5D38615A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CCA50B31-C243-4AD9-8FB4-9BDF52C0A478}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{CEFE3890-DA2D-4347-9D1F-644DEAAAAB72}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D23F3183-8299-476A-9BC0-848291EFAC62}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E10E8B5E-A7FA-48F5-944A-7F1E50C75615}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E796B7E9-16ED-4B83-8C97-5A6EDBF08EAB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EF97EB82-BAD5-407D-B82C-81A4E7A8CA07}" = rport=138 | protocol=17 | dir=out | app=system |
"{F02A1405-4A80-45D1-B44B-FEA367F31305}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F04C55-6B4C-43AB-A6D6-302F09A2EC80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{061EB00E-465F-4C2A-8602-0989A9EB942D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{08869828-FBB1-4BA9-B648-47B053F9F774}" = protocol=58 | dir=in | [email protected],-28545 |
"{0C5F0186-D665-4F21-BD90-574522A58528}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10DA1F60-F0D9-47A0-83CF-35B844A648FB}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{11EC6CBF-AF90-435F-9039-A25C3BC7B0FA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{14A8BFAE-32A0-4FF3-A2F5-8E36C145A138}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{1794FF55-8334-4B75-AA9A-3932D6A778D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{18E5142B-260D-4EFA-8050-08DF9FB7844A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{18F84A0D-2545-49B5-84E8-E8B782DFE06A}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1954D06A-70BE-4083-A72D-81F91AFC7029}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{19D9964B-FA4F-4A67-A0B7-9BD330EBB1D1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1D206656-E269-4C3E-A26E-D94A117BB71E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{1DCFC2B7-2823-43F3-A1E6-FC9B7A68EF40}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{2346DB84-4DC5-4346-86C4-0B0DFA48234D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{238AC526-EA37-4C5E-BD21-C40007D9DF0F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{249E180A-4120-4E60-BDA5-EBDC6E7BCBDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{27480808-AC70-4095-8647-9F9FE9589456}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{2B60A6D4-D3F1-4A3B-8425-37931FDC1004}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{2B96FE96-251A-4DAB-904E-9BFAF0F46EB3}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{30FDCCDD-ED59-4293-AC2D-BE8225307FA2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{31698DBD-5CB6-46AD-9542-70BB526FE25A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{38ADA3D8-7DF2-44D6-A375-21ACC214140E}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{390A861B-F0DA-4C2E-B034-5AD19FDBEADB}" = protocol=1 | dir=out | [email protected],-28544 |
"{3E14A432-0D12-40F1-A325-D652791133CC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{46CF3DE6-7CED-455F-BF34-3CB090160DC7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{490FB9C0-88F6-4D47-9D5F-61A16D848147}" = protocol=1 | dir=in | [email protected],-28543 |
"{49F5BEA9-E966-442A-8017-C41A82ADCAF8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{50AC5A95-6595-4047-9032-2AF19D70E8C7}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{51E45692-7BBD-42EE-9B79-F161D2580145}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{547CCB09-6FFD-46C9-9298-4083E5018D18}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{55E33D24-517D-4B4A-872E-45AEE8001FCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66B6E957-A9CB-4F9D-BDA2-F3BF8BED2709}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{76DC0B3F-C13D-4577-AB56-0A1067E99BBD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{79C06551-1479-487B-BDC7-D6B50ED46F5A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{7D46DBAE-3F8A-4FED-A156-CC8102105AA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7EDAF3CA-96AA-4548-8910-931651F07191}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{83872E3B-59D8-4D5E-A010-3268E920390C}" = protocol=58 | dir=out | [email protected],-28546 |
"{843A2515-75E5-43B9-A121-37CA3A716265}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{9757E8EB-4726-419A-840D-8142ABA407DC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{9AAC521E-278C-470D-9755-3E2B45AEE29F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9F920AB7-375E-4BA6-9C46-3C5709FEF058}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{A3A1C6E2-E91B-45A0-AB1E-DCBB48F66140}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A3C023BB-5F18-494D-AF9E-91B4DF434B39}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{A6357773-5F57-4B6A-8110-50F8DD0FE46C}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{A65026D8-2076-414D-9DDA-DFB9BE439339}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6B503EE-00DA-41D8-81F9-0F6C7C0CAB5C}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{AA7C73A0-EA34-421C-9A02-C4D8F518A848}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC3D0DC5-728C-41FE-9016-067D2DC68F64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACD9D790-55F4-42E0-9C4A-334295A00575}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{B39A49E9-AADB-4276-A93B-4A234B3D69D2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B6263C90-B011-42AE-A4CD-A7E338C8A773}" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"{B756C795-CA0A-478E-8AC2-9C0520C20DD9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{BA88D14D-BE54-4F48-B3F1-31DB3E3D3CBC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C363C8E6-2BB3-4A59-B221-7640DD2F6609}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C440B538-21A8-4860-9EA7-0FF7F6CC79F2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D0B41EFB-A7DC-4AB3-B75D-C35DC3859AF9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{D75970BD-036C-491C-99FD-1448D406D178}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{DAB94F21-6694-4F69-BBE3-DDD91C785EF6}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E1B27889-CAF0-445F-9F99-495A25E31047}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E33F187D-7E96-438E-B3FA-4620C8176E37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E655CDA7-308B-42D5-B913-72B7B42A086D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E6D5280C-2544-450D-A880-50DA828A30BF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{E7311DF9-1D8B-4369-A57E-82D249C73560}" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"{EABE284A-E223-4CF9-B0D4-1FB93A4E76BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EC4DFE77-4D0B-4D54-B42E-4CD171FDC5FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EFBA1C45-C917-4198-A96E-5F736F4402C3}" = protocol=6 | dir=out | app=system |
"{EFD8CCF8-A889-4C3F-AE64-2876A3905134}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F158F2D0-605A-4BD0-A632-7B1567DE160F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FEB73B1A-1A2C-4AAE-8618-67D5B4800700}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{FEE3C7B0-8A3C-4E7C-8F61-00303F837710}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"TCP Query User{12322479-A9E6-4C81-9DC0-6A0223DC0F96}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{20C1D4FA-8349-4D7F-B90F-15840E0EEF6B}C:\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\ffxi\squareenix\playonlineviewer\pol.exe |
"TCP Query User{2F851189-43CE-4940-95E2-72D0D3DE5C6D}D:\secondlife\slvoice.exe" = protocol=6 | dir=in | app=d:\secondlife\slvoice.exe |
"TCP Query User{3111CE0F-72DC-427C-B053-62ECDE8F39EF}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{31A48128-0B3A-476C-B15F-2A55FE843745}C:\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\ffxi\squareenix\playonlineviewer\pol.exe |
"TCP Query User{376CADA5-52BF-43B2-8F3C-0F4CD4581A2C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{583B76FB-AB2B-4A91-BE3B-C77DEAAAB2D3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{65EEDAB4-F5B2-45EC-A6ED-AEEA79BA41CE}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{81B0FDDF-95B5-48FA-A14A-3FCDEC8A0911}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{C8E71681-12B3-4645-8A82-3B9F23C40A14}C:\program files\trillianastra\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillianastra\trillian\trillian.exe |
"TCP Query User{CA267B40-C7B2-453A-BE00-649C8848C445}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{CC70C5CD-8333-4E80-806E-75B542ADC160}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{CF52282F-59B3-454B-8999-620529398325}C:\program files\trillianastra\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillianastra\trillian\trillian.exe |
"TCP Query User{DEB46F0D-0ACF-4DFB-9C92-B4C35F48C150}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{FD38AB49-107F-4478-BC5B-1300E8F895B1}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{0AD9D2F8-389F-4D03-9034-E0347A90A504}C:\program files\trillianastra\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillianastra\trillian\trillian.exe |
"UDP Query User{2659ACA7-0A43-42F9-9F16-32B86C4E0EC9}C:\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\ffxi\squareenix\playonlineviewer\pol.exe |
"UDP Query User{273BC786-1E40-44DA-8365-CBD5B1EB40A0}D:\secondlife\slvoice.exe" = protocol=17 | dir=in | app=d:\secondlife\slvoice.exe |
"UDP Query User{3079C929-9517-49EA-BCBF-C83274DBCC4D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3D3C6EE5-72E1-40CF-AD22-A7F6F46B1D64}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{454973D3-EBA7-4720-8E17-A9C1B776DE8F}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{56B6CECF-FAD2-44F8-BE95-E49D6711A0F7}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{7098100E-F943-4F19-A9AC-F0C5776F9D7D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{77BB2F05-1F19-48DA-803F-FD73D2910BCF}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{787CEC5D-6C1D-4CF5-9479-0D3F05A46DD9}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{7A34DADD-D152-482E-B125-9EF8FAB06DFB}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{85A62BDD-81AE-4D4F-AA0C-6B824853518D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B29BC020-94FB-4866-8390-FBB1E671BDC0}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{E55EB170-4A16-492F-BB87-C460FE037B04}C:\program files\trillianastra\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillianastra\trillian\trillian.exe |
"UDP Query User{FD13E9AD-397D-451F-A514-8D054DDFCC2B}C:\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\ffxi\squareenix\playonlineviewer\pol.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{2F672CD1-E546-49FB-AB44-A6340F79E216}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9800 smartphone
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5C47953E-BE36-482C-B77B-55E7E6A8581A}" = Exotic Keeper's Record
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.9.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5874895-A35A-4EF9-8720-8FA946AF842F}_is1" = 1.28
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDE773CD-9201-4655-87F3-4E051860D47D}" = Ralink Wireless LAN Installation Program for VISTA v2.0.8.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Autorun Eater_is1" = Autorun Eater v2.5
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD43_is1" = DVD43 v4.6.0
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"Guild Wars" = Guild Wars
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Revo Uninstaller" = Revo Uninstaller 1.92
"SignGATE EWS" = SignGATE EWS v3.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"Unlocker" = Unlocker 1.8.8
"VobSub" = VobSub v2.23 (Remove Only)
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"XBCD+" = XBCD+
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
"Zoo Tycoon 2" = Zoo Tycoon 2 Endangered Species

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3761143489-4144888808-3294341120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/30/2009 1:09:12 AM | Computer Name = Lauren-PC | Source = avast! | ID = 33554522
Description =

Error - 7/30/2009 1:33:09 AM | Computer Name = Lauren-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 5/9/2011 12:17:47 AM | Computer Name = Lauren-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 5/9/2011 12:22:03 AM | Computer Name = Lauren-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 5/10/2011 1:47:53 AM | Computer Name = Lauren-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 14b0 Start Time: 01cc0ea4c09cf351 Termination Time: 64

Error - 5/12/2011 5:46:50 PM | Computer Name = Lauren-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 17b0 Start Time: 01cc10a451baa2a1 Termination Time: 71

Error - 5/13/2011 3:49:10 AM | Computer Name = Lauren-PC | Source = VSS | ID = 12297
Description =

Error - 5/13/2011 7:03:11 PM | Computer Name = Lauren-PC | Source = MsiInstaller | ID = 11719
Description =

Error - 5/13/2011 11:48:23 PM | Computer Name = Lauren-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/14/2011 12:40:00 AM | Computer Name = Lauren-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: dcc Start Time: 01cc11f08137f8a8 Termination Time: 39

Error - 5/14/2011 12:59:35 AM | Computer Name = Lauren-PC | Source = Application Error | ID = 1000
Description = Faulting application WinPatrol.exe, version 20.0.2011.0, time stamp
0x4d583cc5, faulting module RPCRT4.dll, version 6.0.6002.18024, time stamp 0x49f05bcc,
exception code 0xc0000005, fault offset 0x0005895d, process id 0xf7c, application
start time 0x01cc11e9caac85c8.

Error - 5/16/2011 1:10:30 AM | Computer Name = Lauren-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/15/2011 1:24:54 AM | Computer Name = Lauren-PC | Source = DCOM | ID = 10010
Description =

Error - 5/15/2011 7:46:38 PM | Computer Name = Lauren-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.4 for the Network Card with network
address 00242B33B5CD has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/15/2011 7:46:37 PM | Computer Name = Lauren-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.4
with the system having network hardware address 1C-65-9D-3C-52-24. Network operations
on this system may be disrupted as a result.

Error - 5/16/2011 1:09:44 AM | Computer Name = Lauren-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/16/2011 1:10:09 AM | Computer Name = Lauren-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:08:33 PM on 5/15/2011 was unexpected.

Error - 5/16/2011 1:09:51 AM | Computer Name = Lauren-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/16/2011 1:10:11 AM | Computer Name = Lauren-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 5/16/2011 1:10:32 AM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/16/2011 1:10:32 AM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 5/16/2011 1:10:40 AM | Computer Name = Lauren-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.3. The computer with the IP address 192.168.0.6 did not
allow the name to be claimed by this computer.


< End of report >




GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-17 07:23:39
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-22ZCT0 rev.11.01A11
Running: gmer.exe; Driver: C:\Users\Lauren\AppData\Local\Temp\kgdirpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DFA39CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DFA5EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DFA5F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DFA601A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DFA5E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8DFA5F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DFA5E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DFA5FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DFA39EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DFA37B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DFA3A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DFA6412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DFA44AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DFA5EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DFA5F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DFA6044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DFA5E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DFA5F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DFA5E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DFA5FF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DFA4370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DFA3A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DFA3A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DFA3812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DFA394E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DFA392A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DFA3972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DFA3A7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E4F08DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 832C9890 4 Bytes [CA, 39, FA, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1D1 832C9954 8 Bytes [AC, 5E, FA, 8D, 04, 5F, FA, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 832C9960 4 Bytes [1A, 60, FA, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1F5 832C9978 4 Bytes [02, 5E, FA, 8D]
.text ntkrnlpa.exe!KeSetEvent + 215 832C9998 8 Bytes [54, 5F, FA, 8D, 56, 5E, FA, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 833F45C7 5 Bytes JMP 8E4EC29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 8344D4F3 5 Bytes JMP 8E4EDD38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 83456E18 4 Bytes CALL 8DFA4E3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8345AA8C 4 Bytes CALL 8DFA4E51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 834AEDAE 7 Bytes JMP 8E4F08E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xAE72E41C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xAE72F000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000700A8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000700E4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00070120
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00070030
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0007006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0008006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000800A8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000801D4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000800E4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00080120
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0008015C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00080198
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00080030
.text C:\Windows\system32\agrsmsvc.exe[464] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00080030
.text C:\Windows\system32\agrsmsvc.exe[464] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0008006C
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000A006C
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000A00A8
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000A01D4
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000A00E4
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000A0120
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000A015C
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000A0198
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000A0030
.text C:\Windows\system32\agrsmsvc.exe[464] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000C00A8
.text C:\Windows\system32\agrsmsvc.exe[464] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000C00E4
.text C:\Windows\system32\agrsmsvc.exe[464] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000C0120
.text C:\Windows\system32\agrsmsvc.exe[464] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000C0030
.text C:\Windows\system32\agrsmsvc.exe[464] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000C006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00140030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0014006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0016006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001600A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001601D4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001600E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00160120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0016015C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00160198
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00160030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Windows\system32\wininit.exe[592] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00030030
.text C:\Windows\system32\wininit.exe[592] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0003006C
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00050120
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0005015C
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00050198
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00050030
.text C:\Windows\system32\wininit.exe[592] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000600A8
.text C:\Windows\system32\wininit.exe[592] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\wininit.exe[592] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00060120
.text C:\Windows\system32\wininit.exe[592] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\wininit.exe[592] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0006006C
.text C:\Windows\system32\winlogon.exe[632] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00030030
.text C:\Windows\system32\winlogon.exe[632] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0003006C
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00050120
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0005015C
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00050198
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00050030
.text C:\Windows\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000600A8
.text C:\Windows\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\winlogon.exe[632] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00060120
.text C:\Windows\system32\winlogon.exe[632] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\winlogon.exe[632] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0006006C
.text C:\Windows\system32\services.exe[680] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\services.exe[680] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\services.exe[680] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\services.exe[680] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\services.exe[680] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\services.exe[680] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\services.exe[680] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\lsass.exe[692] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\lsass.exe[692] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\lsass.exe[692] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\lsass.exe[692] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\lsass.exe[692] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\lsass.exe[692] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\lsass.exe[692] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00140030
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0014006C
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0016006C
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001600A8
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001601D4
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001600E4
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00160120
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0016015C
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00160198
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00160030
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Windows\system32\lsm.exe[700] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00090030
.text C:\Windows\system32\lsm.exe[700] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0009006C
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\igfxext.exe[828] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Windows\system32\igfxext.exe[828] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\igfxext.exe[828] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Windows\system32\igfxext.exe[828] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Windows\system32\igfxext.exe[828] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Windows\system32\igfxext.exe[828] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Windows\system32\igfxext.exe[828] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[864] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 003100A8
.text C:\Windows\system32\svchost.exe[864] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 003100E4
.text C:\Windows\system32\svchost.exe[864] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00310120
.text C:\Windows\system32\svchost.exe[864] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00310030
.text C:\Windows\system32\svchost.exe[864] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0031006C
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00090030
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0009006C
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\svchost.exe[968] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001900A8
.text C:\Windows\system32\svchost.exe[968] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001900E4
.text C:\Windows\system32\svchost.exe[968] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00190120
.text C:\Windows\system32\svchost.exe[968] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00190030
.text C:\Windows\system32\svchost.exe[968] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0019006C
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00090030
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0009006C
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 009A00A8
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 009A00E4
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 009A0120
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 009A0030
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 009A006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Windows\System32\svchost.exe[1092] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00090030
.text C:\Windows\System32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0009006C
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00A400A8
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00A400E4
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00A40120
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00A40030
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 00A4006C
.text C:\Program Files\Autorun Eater\billy.exe[1124] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Autorun Eater\billy.exe[1124] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 003F006C
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 003F00A8
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 003F01D4
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 003F00E4
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 003F0120
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 003F015C
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 003F0198
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 003F0030
.text C:\Program Files\Autorun Eater\billy.exe[1124] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 008C00A8
.text C:\Program Files\Autorun Eater\billy.exe[1124] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 008C00E4
.text C:\Program Files\Autorun Eater\billy.exe[1124] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 008C0120
.text C:\Program Files\Autorun Eater\billy.exe[1124] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 008C0030
.text C:\Program Files\Autorun Eater\billy.exe[1124] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 008C006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00040030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0004006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0006006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000600A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000601D4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000600E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00060120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0006015C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00060198
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00060030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000700A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000700E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00070120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00070030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1164] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1164] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWindowsHookExA 760A6322 3 Bytes JMP 009600A8
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWindowsHookExA + 4 760A6326 1 Byte [8A]
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWindowsHookExW 760A87AD 3 Bytes JMP 009600E4
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWindowsHookExW + 4 760A87B1 1 Byte [8A]
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00960120
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWinEventHook 760A9F3A 3 Bytes JMP 00960030
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWinEventHook + 4 760A9F3E 1 Byte [8A]
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0096006C
.text C:\Windows\system32\svchost.exe[1176] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 003C00A8
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 003C00E4
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 003C0120
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 003C0030
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 003C006C
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1312] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1312] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002400A8
.text C:\Windows\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002400E4
.text C:\Windows\system32\svchost.exe[1312] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00240120
.text C:\Windows\system32\svchost.exe[1312] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00240030
.text C:\Windows\system32\svchost.exe[1312] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0024006C
.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0008006C
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000800A8
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000801D4
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000800E4
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00080120
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0008015C
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00080198
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00080030
.text C:\Windows\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000E00A8
.text C:\Windows\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000E00E4
.text C:\Windows\system32\svchost.exe[1416] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000E0120
.text C:\Windows\system32\svchost.exe[1416] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000E0030
.text C:\Windows\system32\svchost.exe[1416] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000E006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001900A8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001900E4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00190120
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00190030
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0019006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 001A006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001A00A8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001A01D4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001A00E4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 001A0120
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 001A015C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 001A0198
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 001A0030
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1588] kernel32.dll!SetUnhandledExceptionFilter 7561A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\spoolsv.exe[1980] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Windows\System32\spoolsv.exe[1980] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Windows\System32\spoolsv.exe[1980] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Windows\System32\spoolsv.exe[1980] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Windows\System32\spoolsv.exe[1980] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Windows\system32\svchost.exe[2004] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2004] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002400A8
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002400E4
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00240120
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00240030
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0024006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Windows\System32\svchost.exe[2092] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[2092] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[2092] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00BC00A8
.text C:\Windows\System32\svchost.exe[2092] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00BC00E4
.text C:\Windows\System32\svchost.exe[2092] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00BC0120
.text C:\Windows\System32\svchost.exe[2092] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00BC0030
.text C:\Windows\System32\svchost.exe[2092] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 00BC006C
.text C:\Windows\System32\igfxpers.exe[2108] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Windows\System32\igfxpers.exe[2108] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Windows\System32\igfxpers.exe[2108] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Windows\System32\igfxpers.exe[2108] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Windows\System32\igfxpers.exe[2108] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Windows\System32\igfxpers.exe[2108] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Windows\System32\igfxpers.exe[2108] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0029006C
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002900A8
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002901D4
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002900E4
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00290120
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0029015C
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00290198
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00290030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0028006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002800A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002801D4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002800E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00280120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0028015C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00280198
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00280030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002900A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002900E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00290120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00290030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0029006C
.text C:\Windows\System32\hkcmd.exe[2200] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Windows\System32\hkcmd.exe[2200] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Windows\System32\hkcmd.exe[2200] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Windows\System32\hkcmd.exe[2200] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Windows\System32\hkcmd.exe[2200] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Windows\System32\hkcmd.exe[2200] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Windows\System32\hkcmd.exe[2200] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0019006C
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001900A8
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001901D4
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001900E4
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00190120
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0019015C
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00190198
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00190030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00140030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0014006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001600A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001600E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00160120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00160030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0016006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00140030
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0014006C
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0016006C
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001600A8
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001601D4
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001600E4
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00160120
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0016015C
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00160198
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00160030
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00090030
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0009006C
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000F00A8
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000F00E4
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000F0120
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000F0030
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000F006C
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002700A8
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002700E4
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00270120
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00270030
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0027006C
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0028006C
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002800A8
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002801D4
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002800E4
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00280120
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0028015C
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00280198
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00280030
.text C:\Windows\system32\svchost.exe[2352] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2352] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\igfxsrvc.exe[2368] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Windows\system32\igfxsrvc.exe[2368] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\igfxsrvc.exe[2368] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Windows\system32\igfxsrvc.exe[2368] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Windows\system32\igfxsrvc.exe[2368] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Windows\system32\igfxsrvc.exe[2368] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Windows\system32\igfxsrvc.exe[2368] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Windows\System32\svchost.exe[2384] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[2384] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0009006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000900A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000901D4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000900E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00090120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0009015C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00090198
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00090030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000A00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000A00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000A0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000A0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000A006C
.text C:\Windows\system32\SearchIndexer.exe[2528] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\SearchIndexer.exe[2528] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\SearchIndexer.exe[2528] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\SearchIndexer.exe[2528] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\SearchIndexer.exe[2528] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\SearchIndexer.exe[2528] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\SearchIndexer.exe[2528] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00090030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0009006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 001B006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001B00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001B01D4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001B00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 001B0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 001B015C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 001B0198
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 001B0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001C00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001C00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 001C0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001C0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001C006C
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0097006C
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 009700A8
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 009701D4
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 009700E4
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00970120
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0097015C
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00970198
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00970030
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 009800A8
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 009800E4
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00980120
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00980030
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0098006C
.text C:\Windows\system32\Dwm.exe[3056] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\Dwm.exe[3056] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\Dwm.exe[3056] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\Dwm.exe[3056] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\Dwm.exe[3056] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\Dwm.exe[3056] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\Dwm.exe[3056] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\igfxsrvc.exe[3076] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Windows\system32\igfxsrvc.exe[3076] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\igfxsrvc.exe[3076] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002800A8
.text C:\Windows\system32\igfxsrvc.exe[3076] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002800E4
.text C:\Windows\system32\igfxsrvc.exe[3076] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00280120
.text C:\Windows\system32\igfxsrvc.exe[3076] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00280030
.text C:\Windows\system32\igfxsrvc.exe[3076] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0028006C
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0029006C
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002900A8
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002901D4
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002900E4
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00290120
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0029015C
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00290198
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00290030
.text C:\Windows\system32\taskeng.exe[3080] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[3080] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[3080] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\taskeng.exe[3080] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[3080] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[3080] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[3080] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00060030
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0006006C
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\unsecapp.exe[3116] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\unsecapp.exe[3116] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\unsecapp.exe[3116] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\unsecapp.exe[3116] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\unsecapp.exe[3116] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Windows\Explorer.EXE[3124] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\Explorer.EXE[3124] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\Explorer.EXE[3124] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\Explorer.EXE[3124] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\Explorer.EXE[3124] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\Explorer.EXE[3124] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\Explorer.EXE[3124] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Windows\Explorer.EXE[3124] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 761FB37C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}
.text C:\Windows\Explorer.EXE[3124] SHELL32.dll!SHFileOperationW 762068E8 5 Bytes JMP 03C21102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00140030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0014006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001600A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001600E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00160120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00160030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0016006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Windows\RtHDVCpl.exe[3388] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Windows\RtHDVCpl.exe[3388] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Windows\RtHDVCpl.exe[3388] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Windows\RtHDVCpl.exe[3388] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Windows\RtHDVCpl.exe[3388] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Windows\RtHDVCpl.exe[3388] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Windows\RtHDVCpl.exe[3388] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Windows\PLFSetI.exe[3404] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00140030
.text C:\Windows\PLFSetI.exe[3404] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0014006C
.text C:\Windows\PLFSetI.exe[3404] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001600A8
.text C:\Windows\PLFSetI.exe[3404] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001600E4
.text C:\Windows\PLFSetI.exe[3404] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00160120
.text C:\Windows\PLFSetI.exe[3404] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00160030
.text C:\Windows\PLFSetI.exe[3404] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0016006C
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002B00A8
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002B00E4
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 002B0120
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 002B0030
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 002B006C
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 002C006C
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002C00A8
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002C01D4
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002C00E4
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 002C0120
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 002C015C
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 002C0198
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 002C0030
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 003F006C
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 003F00A8
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 003F01D4
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 003F00E4
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 003F0120
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 003F015C
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 003F0198
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 003F0030
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 008D00A8
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 008D00E4
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 008D0120
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 008D0030
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 008D006C
.text C:\Windows\System32\mobsync.exe[3572] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\System32\mobsync.exe[3572] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\mobsync.exe[3572] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\System32\mobsync.exe[3572] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\System32\mobsync.exe[3572] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\System32\mobsync.exe[3572] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\System32\mobsync.exe[3572] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00160030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0016006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0027006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002700A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002701D4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002700E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00270120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0027015C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00270198
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00270030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002900A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002900E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00290120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00290030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0029006C
.text C:\Program Files\Launch Manager\LManager.exe[3832] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Launch Manager\LManager.exe[3832] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Launch Manager\LManager.exe[3832] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002200A8
.text C:\Program Files\Launch Manager\LManager.exe[3832] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002200E4
.text C:\Program Files\Launch Manager\LManager.exe[3832] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00220120
.text C:\Program Files\Launch Manager\LManager.exe[3832] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00220030
.text C:\Program Files\Launch Manager\LManager.exe[3832] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0022006C
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0023006C
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002300A8
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002301D4
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002300E4
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00230120
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0023015C
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00230198
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00230030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 00C2006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 00C200A8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 00C201D4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 00C200E4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00C20120
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 00C2015C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00C20198
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00C20030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00C300A8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00C300E4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00C30120
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00C30030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 00C3006C
.text C:\Windows\system32\taskeng.exe[3904] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[3904] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[3904] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\taskeng.exe[3904] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[3904] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[3904] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[3904] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\taskeng.exe[3944] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[3944] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[3944] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\taskeng.exe[3944] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[3944] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[3944] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[3944] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002900A8
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002900E4
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00290120
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00290030
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0029006C
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 002A006C
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002A00A8
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002A01D4
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002A00E4
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 002A0120
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 002A015C
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 002A0198
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 002A0030
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0019006C
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001900A8
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001901D4
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001900E4
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00190120
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0019015C
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00190198
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00190030
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001A00A8
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001A00E4
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 001A0120
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001A0030
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001A006C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00140030
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0014006C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001600A8
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001600E4
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00160120
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00160030
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0016006C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000700A8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000700E4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00070120
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00070030
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0007006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0008006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000800A8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000801D4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000800E4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00080120
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0008015C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00080198
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00080030
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0028006C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002800A8
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002801D4
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002800E4
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00280120
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0028015C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00280198
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00280030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00070030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0007006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtCreateFile + 6 76F8422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtCreateFile + B 76F8422F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtMapViewOfSection + 6 76F8497A 1 Byte [28]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtMapViewOfSection + 6 76F8497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtMapViewOfSection + B 76F8497F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenFile + 6 76F84A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenFile + B 76F84A0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcess + 6 76F84A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcess + B 76F84A8F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcessToken + 6 76F84A9A 4 Bytes CALL 75F850A0 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcessToken + B 76F84A9F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcessTokenEx + 6 76F84AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcessTokenEx + B 76F84AAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThread + 6 76F84AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThread + B 76F84AFF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThreadToken + 6 76F84B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThreadToken + B 76F84B0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThreadTokenEx + 6 76F84B1A 4 Bytes CALL 75F85121 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThreadTokenEx + B 76F84B1F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtQueryAttributesFile + 6 76F84BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtQueryAttributesFile + B 76F84BAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtQueryFullAttributesFile + 6 76F84C5A 4 Bytes CALL 75F8525F C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtQueryFullAttributesFile + B 76F84C5F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtSetInformationFile + 6 76F8513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtSetInformationFile + B 76F8513F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtSetInformationThread + 6 76F8518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtSetInformationThread + B 76F8518F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 1 Byte [68]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtUnmapViewOfSection + B 76F8542F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000A00A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000A00E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000A0120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000A0030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000A006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00070030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0007006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtCreateFile + 6 76F8422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtCreateFile + B 76F8422F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + 6 76F8497A 1 Byte [28]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + 6 76F8497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + B 76F8497F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenFile + 6 76F84A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenFile + B 76F84A0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcess + 6 76F84A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcess + B 76F84A8F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessToken + 6 76F84A9A 4 Bytes CALL 75F850A0 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessToken + B 76F84A9F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessTokenEx + 6 76F84AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessTokenEx + B 76F84AAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThread + 6 76F84AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThread + B 76F84AFF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadToken + 6 76F84B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadToken + B 76F84B0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadTokenEx + 6 76F84B1A 4 Bytes CALL 75F85121 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadTokenEx + B 76F84B1F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryAttributesFile + 6 76F84BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryAttributesFile + B 76F84BAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryFullAttributesFile + 6 76F84C5A 4 Bytes CALL 75F8525F C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryFullAttributesFile + B 76F84C5F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationFile + 6 76F8513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationFile + B 76F8513F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationThread + 6 76F8518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationThread + B 76F8518F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 1 Byte [68]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + B 76F8542F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000F00A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000F00E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000F0120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000F0030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000F006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0010006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001000A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001001D4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001000E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00100120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0010015C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00100198
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00100030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00070030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0007006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtCreateFile + 6 76F8422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtCreateFile + B 76F8422F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtMapViewOfSection + 6 76F8497A 1 Byte [28]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtMapViewOfSection + 6 76F8497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtMapViewOfSection + B 76F8497F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenFile + 6 76F84A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenFile + B 76F84A0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenProcess + 6 76F84A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenProcess + B 76F84A8F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenProcessToken + 6 76F84A9A 4 Bytes CALL 75F850A0 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenProcessToken + B 76F84A9F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenProcessTokenEx + 6 76F84AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenProcessTokenEx + B 76F84AAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenThread + 6 76F84AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenThread + B 76F84AFF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenThreadToken + 6 76F84B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenThreadToken + B 76F84B0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenThreadTokenEx + 6 76F84B1A 4 Bytes CALL 75F85121 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenThreadTokenEx + B 76F84B1F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtQueryAttributesFile + 6 76F84BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtQueryAttributesFile + B 76F84BAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtQueryFullAttributesFile + 6 76F84C5A 4 Bytes CALL 75F8525F C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtQueryFullAttributesFile + B 76F84C5F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtSetInformationFile + 6 76F8513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtSetInformationFile + B 76F8513F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtSetInformationThread + 6 76F8518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtSetInformationThread + B 76F8518F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 1 Byte [68]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtUnmapViewOfSection + B 76F8542F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000A00A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000A00E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000A0120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000A0030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000A006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] user32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] user32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] user32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] user32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] user32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Windows\notepad.exe[4564] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\notepad.exe[4564] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Windows\notepad.exe[4564] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Windows\notepad.exe[4564] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Windows\notepad.exe[4564] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Windows\notepad.exe[4564] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Windows\notepad.exe[4564] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Windows\notepad.exe[4588] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\notepad.exe[4588] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\notepad.exe[4588] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\notepad.exe[4588] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\notepad.exe[4588] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\notepad.exe[4588] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\notepad.exe[4588] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Skype\Phone\Skype.exe[4608] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\Skype\Phone\Skype.exe[4608] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Skype\Phone\Skype.exe[4608] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\Skype\Phone\Skype.exe[4608] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Skype\Phone\Skype.exe[4608] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00060030
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0006006C
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\unsecapp.exe[4748] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\unsecapp.exe[4748] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\unsecapp.exe[4748] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\unsecapp.exe[4748] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\unsecapp.exe[4748] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00070030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0007006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtCreateFile + 6 76F8422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtCreateFile + B 76F8422F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtMapViewOfSection + 6 76F8497A 1 Byte [28]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtMapViewOfSection + 6 76F8497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtMapViewOfSection + B 76F8497F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenFile + 6 76F84A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenFile + B 76F84A0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcess + 6 76F84A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcess + B 76F84A8F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcessToken + 6 76F84A9A 4 Bytes CALL 75F850A0 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcessToken + B 76F84A9F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcessTokenEx + 6 76F84AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcessTokenEx + B 76F84AAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThread + 6 76F84AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThread + B 76F84AFF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThreadToken + 6 76F84B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThreadToken + B 76F84B0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThreadTokenEx + 6 76F84B1A 4 Bytes CALL 75F85121 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThreadTokenEx + B 76F84B1F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtQueryAttributesFile + 6 76F84BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtQueryAttributesFile + B 76F84BAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtQueryFullAttributesFile + 6 76F84C5A 4 Bytes CALL 75F8525F C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtQueryFullAttributesFile + B 76F84C5F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtSetInformationFile + 6 76F8513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtSetInformationFile + B 76F8513F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtSetInformationThread + 6 76F8518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtSetInformationThread + B 76F8518F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 1 Byte [68]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtUnmapViewOfSection + B 76F8542F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000A00A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000A00E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000A0120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000A0030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000A006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\rundll32.exe[5216] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00060030
.text C:\Windows\system32\rundll32.exe[5216] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0006006C
.text C:\Windows\system32\rundll32.exe[5216] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000700A8
.text C:\Windows\system32\rundll32.exe[5216] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000700E4
.text C:\Windows\system32\rundll32.exe[5216] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00070120
.text C:\Windows\system32\rundll32.exe[5216] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00070030
.text C:\Windows\system32\rundll32.exe[5216] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0007006C
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0008006C
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000800A8
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000801D4
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000800E4
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00080120
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0008015C
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00080198
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00080030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000700A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000700E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00070120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00070030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0007006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0008006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000800A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000801D4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000800E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00080120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0008015C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00080198
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00080030
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Program Files\iPod\bin\iPodService.exe[5360] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001900A8
.text C:\Program Files\iPod\bin\iPodService.exe[5360] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001900E4
.text C:\Program Files\iPod\bin\iPodService.exe[5360] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00190120
.text C:\Program Files\iPod\bin\iPodService.exe[5360] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00190030
.text C:\Program Files\iPod\bin\iPodService.exe[5360] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0019006C
.text C:\Windows\system32\svchost.exe[6100] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[6100] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

[Render]

Hi,

Please follow the steps below:

Step 1

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the textbox.
  
  

  :OTL
  SRV - File not found [Auto | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
  FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
  [2011/02/19 08:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{89c9e067-2605-4f75-a608-f6ea31c9d087}
  [2011/02/19 08:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
  [2011/02/19 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]
  O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File not found
  O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
  O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
  
  :Files
  C:\Program Files\HP
  ipconfig /flushdns /c
  
  :Reg
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Click on button.
• OTL may ask to reboot the machine. Please do so if asked.
• Click on button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

• On the first tab select all elements down to Computer and then select start scan
• Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

• Select the Manual Disinfection tab
• Press the Gather System Information button
• Once done Open the last report saved folder then attach the zip file to your next post zip
• The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

How to add an attachment to a new topic or reply

When completed the above, please post back the following in the order asked for:

• OTL fix log
  
• AVP Tool report
  
• Attached file avptool_sysinfo.zip
  

[Lovltn848]

I still need to attach the file, I will do that very soon!



All processes killed
========== OTL ==========
Service hpqddsvc stopped successfully!
Service hpqddsvc deleted successfully!
File C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 not found.
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{89c9e067-2605-4f75-a608-f6ea31c9d087}\defaults\preferences folder moved successfully.
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{89c9e067-2605-4f75-a608-f6ea31c9d087}\defaults folder moved successfully.
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{89c9e067-2605-4f75-a608-f6ea31c9d087}\components folder moved successfully.
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{89c9e067-2605-4f75-a608-f6ea31c9d087} folder moved successfully.
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib folder moved successfully.
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]\searchplugin folder moved successfully.
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]\lib folder moved successfully.
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ deleted successfully.
========== FILES ==========
C:\Program Files\HP\Temp\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup folder moved successfully.
C:\Program Files\HP\Temp\{D77D43B5-ED55-426b-B67B-E21F804F6102} folder moved successfully.
C:\Program Files\HP\Temp\{0E720B4A-B82A-474c-B95E-D7778590090D}\setup folder moved successfully.
C:\Program Files\HP\Temp\{0E720B4A-B82A-474c-B95E-D7778590090D} folder moved successfully.
C:\Program Files\HP\Temp folder moved successfully.
C:\Program Files\HP\Digital Imaging\data folder moved successfully.
C:\Program Files\HP\Digital Imaging\bin folder moved successfully.
C:\Program Files\HP\Digital Imaging folder moved successfully.
C:\Program Files\HP folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lauren\Desktop\Computer Maintainence\cmd.bat deleted successfully.
C:\Users\Lauren\Desktop\Computer Maintainence\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lauren
->Temp folder emptied: 28397887 bytes
->Java cache emptied: 2443113 bytes
->FireFox cache emptied: 104088165 bytes
->Google Chrome cache emptied: 212097104 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2729659 bytes

User: Lauren2
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 141991 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 122448929 bytes

Total Files Cleaned = 450.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Lauren
->Flash cache emptied: 0 bytes

User: Lauren2
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.12.1 log created on 05172011_154220

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...





Autoscan: completed 12 minutes ago (events: 12, objects: 982465, time: 06:40:03)
5/17/2011 4:02:09 PM Task started
5/17/2011 4:32:43 PM Detected: Trojan.Win32.Qhost.mcf C:\Documents and Settings\Lauren\AppData\Local\Microsoft\Windows Defender\FileTracker\{0A7E4F29-77CE-468C-BD8C-56A259805355}
5/17/2011 4:32:43 PM Detected: Trojan.Win32.Qhost.mcf C:\Documents and Settings\Lauren\AppData\Local\Microsoft\Windows Defender\FileTracker\{5E27E284-CB3A-4054-A277-0BD002D04782}
5/17/2011 4:32:44 PM Detected: Trojan.Win32.Qhost.mcf C:\Documents and Settings\Lauren\AppData\Local\Microsoft\Windows Defender\FileTracker\{F7F72667-6DA5-483A-8D64-D4582B229999}
5/17/2011 6:00:18 PM Deleted: Trojan.Win32.Qhost.mcf C:\Documents and Settings\Lauren\AppData\Local\Microsoft\Windows Defender\FileTracker\{5E27E284-CB3A-4054-A277-0BD002D04782}
5/17/2011 6:00:18 PM Deleted: Trojan.Win32.Qhost.mcf C:\Documents and Settings\Lauren\AppData\Local\Microsoft\Windows Defender\FileTracker\{F7F72667-6DA5-483A-8D64-D4582B229999}
5/17/2011 6:00:20 PM Deleted: Trojan.Win32.Qhost.mcf C:\Documents and Settings\Lauren\AppData\Local\Microsoft\Windows Defender\FileTracker\{0A7E4F29-77CE-468C-BD8C-56A259805355}
5/17/2011 6:02:43 PM Detected: VirTool.Win32.MS04-028.bhg C:\Documents and Settings\Lauren\AppData\Roaming\NCH Software\Components\devoc\devoc.exe
5/17/2011 6:03:28 PM Deleted: VirTool.Win32.MS04-028.bhg C:\Documents and Settings\Lauren\AppData\Roaming\NCH Software\Components\devoc\devoc.exe
5/17/2011 9:14:29 PM Detected: Trojan.Win32.Qhost.mcf C:\Windows\System32\drivers\etc\hosts.20090424-165204.backup
5/17/2011 9:58:56 PM Deleted: Trojan.Win32.Qhost.mcf C:\Windows\System32\drivers\etc\hosts.20090424-165204.backup
5/17/2011 10:42:12 PM Task completed

Edited by Lovltn848, 17 May 2011 - 11:16 PM.

[Render]

Hi,

Can you please give me an update on how your computer's running. What problems are still unresolved?

[Lovltn848]

Hi! My computer is running much better, it seems that the HP software problem was resolved and the fan isn't going on overdrive anymore. Google Chrome is running perfectly and it doesn't take forever for programs to start up anymore. Did you still want the zip file?

[Render]

Please post it. I want to see something.

[Lovltn848]

Here you go, sorry for the wait.

Attached Files

•  avptool_sysinfo.zip   24.34KB   118 downloads

[Render]

Congratulations, your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Reset System Restore points:

• Please reopen on your desktop.
• Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the textbox.
  
  

  :Commands
  [ClearAllRestorePoints]
  

• Click on button.
• OTL may ask to reboot the machine. Please do so if asked.
• Click on button.

NEXT...

OTL Clean-Up:

• Reopen on your desktop.
• Click on
• You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

• Windows Vista

Java and Adobe Reader updates

There are certain programs that are security vulnerabilities, it is recommended that you keep everything updated. Two of the main vulnerabilities are Java and Adobe Reader.

Java Updates - Java needs to be regularly updated to fix security vulnerabilities. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uninstall older versions of Java:

• Click Start
• Select Control Panel
• Select Add or Remove Programs
• Remove all Java updates except the latest one you have just installed.

Note:
If the normal uninstallation process (as mentioned above) fails, then please try Microsoft Windows Installer Cleanup Utility. This tool will ensure that all irrelevant Java Runtime Environment Microsoft Installer (msi) registries are removed. Detailed information and download is available at: Description of the Windows Installer CleanUp Utility

Removal instructions:

• Download the Microsoft Installer Clean Up utility file and save it on your desktop
• Double click on executable file. The installation process will start. Follow the instructions accordingly
• Once installation process is over, go to Start -> All Programs -> Run Windows Install Clean Up utility
• This will launch the Windows Installer Clean Up utility dialog box
• Under the Installed products list, select Java 2 Runtime Environment v1.5.0_03
• Click Remove and Exit

Update Adobe Acrobat Reader to latest version. You can download it HERE.

Suggestion:

Foxit is a great free PDF alternative. It uses fewer system resources and is not vulnerable to the exploits affecting Adobe Reader. Providing full PDF functionality, Foxit is rapidly becoming the PDF reader of choice for many. Get it here.

Other Software Updates - Go HERE to scan your computer for any out of date software at least once per week. The vast majority of virus, worm and spyware infections could have been prevented, if the user had kept their software up-to-date. You should do everything you can to keep your software up-to-date. Doing so will help you prevent infections and the headaches that follow them.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

• Mozilla Firefox
• Opera
• Chrome

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
• Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

• Simple and easy ways to keep your computer safe.
• Hardening Windows Security - Part 1 & Part 2.
• Your Guide To Staying Safe Online.
• Use Task Manager to close pop-up messages to safely exit malware attacks.
• How to Secure Your Web Browser.

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.

[Render]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.