Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer stalls, slow to load webpages, applications


  • This topic is locked This topic is locked

#16
94jewels

94jewels

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I also have a huge amount of spam in my email. Much of it is filtered to the spam folder, but alot is delivered to my inbox. Each day I receive close to 30 spam messages and my filter is set at a high level.
  • 0

Advertisements


#17
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi 94jewels,

OK. Very strange case. We need to dig deeper.

Step 1

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the "Scan All User" checkbox
  • Change "Extra Registry" option to "SafeList"
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows OTL.txt and Extra.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this files, and post it with your next reply.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#18
94jewels

94jewels

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ok. Here are the logs:

OTL logfile created on: 5/15/2011 1:12:15 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Julie\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 112.07 Gb Free Space | 75.19% Space Free | Partition Type: NTFS

Computer Name: BARBARA-PC | User Name: Julie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 13:07:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Julie\Desktop\OTL.exe
PRC - [2011/05/14 22:39:56 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/04/16 10:26:27 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/23 07:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/23 07:04:17 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006/11/02 05:34:44 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (SafeList) ==========

MOD - [2011/05/15 13:07:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Julie\Desktop\OTL.exe
MOD - [2011/02/23 07:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/23 07:04:17 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/12/28 18:25:40 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 06:57:38 | 000,101,976 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011/02/23 06:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 06:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 06:56:41 | 000,192,728 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011/02/23 06:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 06:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 06:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 06:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 07:24:46 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2010/07/21 17:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/02/12 13:36:35 | 000,836,384 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ae1000va.sys -- (AE1000)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\47765602.sys -- (47765602)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\40007722.sys -- (40007722)
DRV - [2009/10/09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\4776560.sys -- (setup_9.0.0.722_12.05.2011_20-04drv)
DRV - [2009/10/09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\4000772.sys -- (setup_9.0.0.722_11.05.2011_23-39drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\47765601.sys -- (47765601)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\40007721.sys -- (40007721)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2008/10/29 08:29:54 | 000,043,520 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/05/15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/05/15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-599362230-4107570816-3240340241-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKU\S-1-5-21-599362230-4107570816-3240340241-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-599362230-4107570816-3240340241-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/22 22:05:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/05/12 11:00:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-599362230-4107570816-3240340241-1001\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-599362230-4107570816-3240340241-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_11.05.2011_23-39.lnk = File not found
O4 - Startup: C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_12.05.2011_20-04.lnk = C:\Users\Julie\Desktop\Virus Removal Tool\setup_9.0.0.722_12.05.2011_20-04\startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-599362230-4107570816-3240340241-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-599362230-4107570816-3240340241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-599362230-4107570816-3240340241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-599362230-4107570816-3240340241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-599362230-4107570816-3240340241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 13:07:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Julie\Desktop\OTL.exe
[2011/05/13 06:51:54 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Julie\Desktop\aswMBR.exe
[2011/05/12 11:44:25 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\4776560.sys
[2011/05/12 11:44:25 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\47765601.sys
[2011/05/12 11:44:25 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\47765602.sys
[2011/05/12 11:44:24 | 000,000,000 | ---D | C] -- C:\Users\Julie\Desktop\Virus Removal Tool
[2011/05/12 11:19:00 | 115,806,408 | ---- | C] ( ) -- C:\Users\Julie\Desktop\setup_9.0.0.722_12.05.2011_20-04.exe
[2011/05/12 11:07:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/12 11:07:29 | 000,000,000 | ---D | C] -- C:\Users\Julie\AppData\Local\temp
[2011/05/12 10:41:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/12 10:41:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/12 10:41:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/12 10:38:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/12 10:29:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/12 07:40:54 | 000,000,000 | ---D | C] -- C:\Users\Julie\Desktop\tdsskiller
[2011/05/11 13:48:35 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\4000772.sys
[2011/05/11 13:48:35 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\40007721.sys
[2011/05/11 13:48:35 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\40007722.sys
[2011/05/11 11:03:37 | 115,335,096 | ---- | C] ( ) -- C:\Users\Julie\Documents\setup_9.0.0.722_11.05.2011_19-40.exe
[2011/05/11 10:27:10 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Julie\Documents\OTL.exe
[2011/04/28 19:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/28 19:56:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/28 19:56:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/28 19:56:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/28 19:01:50 | 000,000,000 | ---D | C] -- C:\Users\Julie\AppData\Roaming\U3
[2011/04/26 15:23:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/26 15:23:07 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/26 15:02:00 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/23 13:00:25 | 000,000,000 | ---D | C] -- C:\Users\Julie\Documents\gmer
[2011/04/23 12:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2011/04/23 12:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/04/19 20:46:12 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/19 20:46:12 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/19 20:46:12 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/19 20:46:12 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/19 20:46:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/19 20:46:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/19 20:46:11 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/19 20:46:11 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/19 20:46:11 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/19 20:46:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/19 20:46:11 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/19 20:46:10 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/19 20:46:10 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/19 20:46:10 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/19 20:46:10 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/19 20:46:10 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/19 20:46:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/19 20:46:10 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/19 20:46:10 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/19 20:46:10 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/19 20:46:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/19 20:46:10 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/19 20:46:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/19 20:46:10 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/19 20:46:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/19 20:46:09 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/19 20:46:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/19 20:46:09 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/19 20:46:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/19 20:46:08 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/19 20:46:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/19 20:46:08 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/19 20:46:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/19 20:46:08 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/19 20:46:08 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/19 20:46:08 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/19 20:46:08 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/19 20:46:08 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/04/19 20:46:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/16 10:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

========== Files - Modified Within 30 Days ==========

[2011/05/15 13:15:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/15 13:10:34 | 000,302,080 | ---- | M] () -- C:\Users\Julie\6w5yzuj4.exe
[2011/05/15 13:07:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Julie\Desktop\OTL.exe
[2011/05/15 12:52:49 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/15 12:52:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 12:43:28 | 000,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 12:43:28 | 000,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/14 22:39:56 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/13 06:51:56 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Julie\Desktop\aswMBR.exe
[2011/05/12 11:47:49 | 000,002,193 | ---- | M] () -- C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_12.05.2011_20-04.lnk
[2011/05/12 11:43:24 | 115,806,408 | ---- | M] ( ) -- C:\Users\Julie\Desktop\setup_9.0.0.722_12.05.2011_20-04.exe
[2011/05/12 11:00:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/12 10:35:39 | 004,346,086 | R--- | M] () -- C:\Users\Julie\Desktop\ComboFix.exe
[2011/05/12 07:40:22 | 001,280,815 | ---- | M] () -- C:\Users\Julie\Desktop\tdsskiller.zip
[2011/05/11 13:50:59 | 000,002,193 | ---- | M] () -- C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_11.05.2011_23-39.lnk
[2011/05/11 11:55:00 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/11 11:55:00 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/11 11:16:01 | 115,335,096 | ---- | M] ( ) -- C:\Users\Julie\Documents\setup_9.0.0.722_11.05.2011_19-40.exe
[2011/05/11 10:27:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Julie\Documents\OTL.exe
[2011/05/10 19:49:06 | 000,002,627 | ---- | M] () -- C:\Users\Julie\Desktop\Microsoft Office Word 2007.lnk
[2011/05/01 08:44:02 | 000,433,231 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110511-090655.backup
[2011/04/28 19:56:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/28 19:56:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/28 19:56:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/28 19:56:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/04/28 19:46:11 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/23 12:33:33 | 000,000,862 | ---- | M] () -- C:\Users\Julie\Desktop\Puran Defrag.lnk
[2011/04/23 12:27:37 | 000,000,017 | ---- | M] () -- C:\Windows\System32\npd6.d
[2011/04/19 20:58:26 | 000,000,943 | ---- | M] () -- C:\Users\Julie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/19 20:46:29 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/19 20:46:29 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/19 20:46:12 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/19 20:46:12 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/19 20:46:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/19 20:46:12 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/19 20:46:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/19 20:46:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/19 20:46:11 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/19 20:46:11 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/19 20:46:11 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/19 20:46:11 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/19 20:46:11 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/19 20:46:11 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/19 20:46:10 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/19 20:46:10 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/19 20:46:10 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/19 20:46:10 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/19 20:46:10 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/19 20:46:10 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/19 20:46:10 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/19 20:46:10 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/19 20:46:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/19 20:46:10 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/19 20:46:10 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/19 20:46:10 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/19 20:46:10 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/19 20:46:09 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/19 20:46:09 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/19 20:46:09 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/19 20:46:09 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/19 20:46:09 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/19 20:46:08 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/19 20:46:08 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/19 20:46:08 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/19 20:46:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/19 20:46:08 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/19 20:46:08 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/19 20:46:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/19 20:46:08 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/19 20:46:08 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/04/19 20:46:08 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/16 10:27:24 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/04/16 10:26:46 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/04/16 10:26:46 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/04/16 10:26:35 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2011/05/15 13:10:33 | 000,302,080 | ---- | C] () -- C:\Users\Julie\6w5yzuj4.exe
[2011/05/12 11:47:49 | 000,002,193 | ---- | C] () -- C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_12.05.2011_20-04.lnk
[2011/05/12 10:41:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/12 10:41:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/12 10:41:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/12 10:34:37 | 004,346,086 | R--- | C] () -- C:\Users\Julie\Desktop\ComboFix.exe
[2011/05/12 07:40:10 | 001,280,815 | ---- | C] () -- C:\Users\Julie\Desktop\tdsskiller.zip
[2011/05/11 13:50:59 | 000,002,193 | ---- | C] () -- C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_11.05.2011_23-39.lnk
[2011/04/23 12:33:33 | 000,000,862 | ---- | C] () -- C:\Users\Julie\Desktop\Puran Defrag.lnk
[2011/04/19 20:46:10 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/09/20 15:41:45 | 000,003,584 | ---- | C] () -- C:\Users\Julie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/01 20:37:42 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe
[2010/06/01 20:37:41 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2010/03/22 22:04:50 | 000,023,087 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/13 17:53:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/13 17:53:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/22 21:26:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/22 21:26:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/22 00:01:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/12 20:33:37 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/09/12 20:33:37 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/24 18:34:44 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2008/06/01 16:25:50 | 000,137,476 | ---- | C] () -- C:\Windows\HPHins15.dat
[2008/06/01 16:25:50 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2008/04/16 08:35:22 | 000,000,359 | ---- | C] () -- C:\Windows\lgfwup.ini
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:44:53 | 000,379,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 03:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#19
94jewels

94jewels

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL Extras logfile created on: 5/15/2011 1:12:15 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Julie\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 112.07 Gb Free Space | 75.19% Space Free | Partition Type: NTFS

Computer Name: BARBARA-PC | User Name: Julie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D7AF3F3-F4E5-4957-8DEB-2CE288017DED}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2BAFF0DE-7356-4F22-8631-AEC5F27EFF7D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2E67EC7A-78BA-4D71-B2DE-B43448012AA6}" = rport=138 | protocol=17 | dir=out | app=system |
"{3BEDC232-16D9-4B3D-A78A-C3BE1715E77B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{466816C9-6FB2-4D42-B03E-84CC99B1E7FA}" = lport=138 | protocol=17 | dir=in | app=system |
"{62B7E33C-93F7-4994-807F-641075FCE79F}" = lport=445 | protocol=6 | dir=in | app=system |
"{665F032E-B1DF-412D-A114-2C62E4747909}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{668E78A9-E750-459B-9472-7F1185990E80}" = lport=139 | protocol=6 | dir=in | app=system |
"{7D8C84C0-2660-4A79-8676-EBB8AF799759}" = rport=445 | protocol=6 | dir=out | app=system |
"{88874E67-5109-4FBA-8428-7ABB159C8261}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9532CF93-DFF8-490A-A3CD-584E6C3D7799}" = rport=137 | protocol=17 | dir=out | app=system |
"{9B8B7F21-F015-4694-9B10-99A5096B7EB8}" = lport=137 | protocol=17 | dir=in | app=system |
"{BBFF17F3-818E-4601-A012-4CDA1939B3F1}" = rport=139 | protocol=6 | dir=out | app=system |
"{C961CA32-70AE-40AE-9388-52D1BF67E073}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D68E2942-F9D2-42A8-BD4B-886FF5623158}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{105B43EE-A5E2-4A03-BEA5-F07B34BA24E8}" = protocol=1 | dir=in | [email protected],-28543 |
"{39926300-A70E-4AA4-ACE8-306BA5671E76}" = protocol=58 | dir=out | [email protected],-28546 |
"{3D2290CD-0B95-4C99-BC26-E5CB7495A944}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{47C67273-DC6B-4B47-8041-C528B8ADB74B}" = protocol=58 | dir=in | [email protected],-28545 |
"{5EA425AF-17A6-4A6A-B3FB-C4B0553E529B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{5EB8597E-78B4-4112-A2C3-229DDC1A7657}" = protocol=1 | dir=out | [email protected],-28544 |
"{6362FBAF-472D-4EFA-B679-B1047A733A65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{8989FFF7-001F-44E5-B81E-169D4B6D7711}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8C01BE97-49E6-4F1A-B32B-13B157B532C0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{9FBD00F3-8128-48C2-B219-2B74ABCBD752}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{AEAE6FC3-E0C5-4528-B081-4F8956E895D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{B47E806A-E103-4BA6-AAA3-168942077D3D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{C51EDBB5-87D3-4F9D-AFA2-12FFBAAE3A14}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CE07CC2D-E1CF-4B93-99FB-B3E523220783}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{D091B4F2-481E-419B-917A-47A7104A8327}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E0998560-F8F7-4C82-A19D-56FA09333657}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{F6942FE3-C42D-4C14-9452-9F94AE97E279}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{1346897D-F43B-4322-80F9-B080F99344C0}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{19DEC79D-3C16-44EF-94DE-C2C0B333E46D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{822C6593-6C30-4BC0-9983-87A639B2C911}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F0FAC510-D47C-4C2D-9E6F-74112E522672}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{08831328-7E18-4D5C-B7F1-CED830F7DD09}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4AB3A007-E9E7-45CA-9279-5B430C1AD48D}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{6011722F-8451-4B90-B136-123DB4D8B7B8}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{EEE6BF0E-C880-4388-B197-3A691511313A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F467E6E-F7D2-43cc-91B9-4FCC105AE30D}" = D2400
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{8046A32C-88A7-45DA-B6D7-B6191E261033}" = Nero 7 Essentials
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9521B818-19CE-4d28-8200-DD26133E19E6}" = D2400_Help
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{b1db5a0d-4cfc-4502-ad01-3eb134d1aa08}" = Nero 9 Lite
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"avast" = avast! Internet Security
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FileHippo.com" = FileHippo.com Update Checker
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Indeo® software" = Indeo® software
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROHYBRIDR" = 2007 Microsoft Office system
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"RealPlayer 12.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Super Collapse! 3" = Super Collapse! 3
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = AT&T Yahoo! Internet Mail
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-599362230-4107570816-3240340241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/4/2011 3:38:39 PM | Computer Name = Barbara-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/7/2011 11:54:59 PM | Computer Name = Barbara-PC | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 11.0.0.1751, time
stamp 0x4cd38198, faulting module MSVCR80.dll, version 8.0.50727.4053, time stamp
0x4a594c79, exception code 0xc000000d, fault offset 0x00008aa0, process id 0x125c,
application start time 0x01cbaee7835470fe.

Error - 1/9/2011 3:35:36 PM | Computer Name = Barbara-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2011 4:46:04 PM | Computer Name = Barbara-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/10/2011 4:49:26 PM | Computer Name = Barbara-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/16/2011 2:51:04 PM | Computer Name = Barbara-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 1/16/2011 7:49:24 PM | Computer Name = Barbara-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 1/17/2011 4:12:48 PM | Computer Name = Barbara-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2011 6:15:46 PM | Computer Name = Barbara-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/18/2011 6:16:19 PM | Computer Name = Barbara-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ OSession Events ]
Error - 2/24/2010 6:02:17 PM | Computer Name = Barbara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8303
seconds with 240 seconds of active time. This session ended with a crash.

Error - 10/9/2010 7:02:23 PM | Computer Name = Barbara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11535
seconds with 4860 seconds of active time. This session ended with a crash.

Error - 10/17/2010 8:48:40 PM | Computer Name = Barbara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/13/2010 4:45:09 PM | Computer Name = Barbara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/15/2011 1:30:31 AM | Computer Name = Barbara-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/15/2011 2:18:19 AM | Computer Name = Barbara-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/15/2011 2:18:25 AM | Computer Name = Barbara-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/15/2011 2:19:33 AM | Computer Name = Barbara-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 5/15/2011 2:19:33 AM | Computer Name = Barbara-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/15/2011 2:19:36 AM | Computer Name = Barbara-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 5/15/2011 1:42:59 PM | Computer Name = Barbara-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/15/2011 1:43:04 PM | Computer Name = Barbara-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/15/2011 1:44:43 PM | Computer Name = Barbara-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 5/15/2011 1:44:43 PM | Computer Name = Barbara-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#20
94jewels

94jewels

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-15 14:32:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 ST3160815AS rev.3.AAD
Running: 6w5yzuj4.exe; Driver: C:\Users\Julie\AppData\Local\Temp\ufliyfog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8AE509CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8AE52EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8AE52F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8AE5301A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8AE52E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8AE52F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8AE52E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8AE52FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8AE509EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8AE507B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8AE50A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8AE53412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8AE514AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8AE52EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8AE52F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8AE53044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8AE52E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8AE52F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8AE52E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8AE52FF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8AE51370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8AE50A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8AE50A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8AE50812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8AE5094E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8AE5092A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8AE50972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8AE50A7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8B2A88DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 826C2890 4 Bytes [CA, 09, E5, 8A]
.text ntkrnlpa.exe!KeSetEvent + 1D1 826C2954 8 Bytes [AC, 2E, E5, 8A, 04, 2F, E5, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 826C2960 4 Bytes [1A, 30, E5, 8A] {SBB DH, [EAX]; IN EAX, 0x8a}
.text ntkrnlpa.exe!KeSetEvent + 1F5 826C2978 4 Bytes [02, 2E, E5, 8A] {ADD CH, [ESI]; IN EAX, 0x8a}
.text ntkrnlpa.exe!KeSetEvent + 215 826C2998 8 Bytes [54, 2F, E5, 8A, 56, 2E, E5, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 827ED5C7 5 Bytes JMP 8B2A429E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 828464F3 5 Bytes JMP 8B2A5D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8284FE18 4 Bytes CALL 8AE51E3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82853A8C 4 Bytes CALL 8AE51E51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 828A7DAE 7 Bytes JMP 8B2A88E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Nero\Update\NASvc.exe[248] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00060030
.text C:\Program Files\Nero\Update\NASvc.exe[248] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0006006C
.text C:\Program Files\Nero\Update\NASvc.exe[248] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000800A8
.text C:\Program Files\Nero\Update\NASvc.exe[248] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000800E4
.text C:\Program Files\Nero\Update\NASvc.exe[248] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00080120
.text C:\Program Files\Nero\Update\NASvc.exe[248] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00080030
.text C:\Program Files\Nero\Update\NASvc.exe[248] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Nero\Update\NASvc.exe[248] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0009006C
.text C:\Program Files\Nero\Update\NASvc.exe[248] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000900A8
.text C:\Program Files\Nero\Update\NASvc.exe[248] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000901D4
.text C:\Program Files\Nero\Update\NASvc.exe[248] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000900E4
.text C:\Program Files\Nero\Update\NASvc.exe[248] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00090120
.text C:\Program Files\Nero\Update\NASvc.exe[248] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0009015C
.text C:\Program Files\Nero\Update\NASvc.exe[248] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00090198
.text C:\Program Files\Nero\Update\NASvc.exe[248] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00090030
.text C:\Windows\system32\wininit.exe[568] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00030030
.text C:\Windows\system32\wininit.exe[568] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0003006C
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00050120
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0005015C
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00050198
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00050030
.text C:\Windows\system32\wininit.exe[568] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000600A8
.text C:\Windows\system32\wininit.exe[568] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\wininit.exe[568] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00060120
.text C:\Windows\system32\wininit.exe[568] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\wininit.exe[568] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0006006C
.text C:\Windows\system32\services.exe[652] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\services.exe[652] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\services.exe[652] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\services.exe[652] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\services.exe[652] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\services.exe[652] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\services.exe[652] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\services.exe[652] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0008006C
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000800A8
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000801D4
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000800E4
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00080120
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0008015C
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00080198
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00080030
.text C:\Windows\system32\lsass.exe[664] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000900A8
.text C:\Windows\system32\lsass.exe[664] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000900E4
.text C:\Windows\system32\lsass.exe[664] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00090120
.text C:\Windows\system32\lsass.exe[664] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00090030
.text C:\Windows\system32\lsass.exe[664] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0009006C
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsm.exe[672] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\lsm.exe[672] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\lsm.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\lsm.exe[672] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\lsm.exe[672] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\lsm.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\lsm.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\lsm.exe[672] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00080030
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0008006C
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000A00A8
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000A00E4
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 000A0120
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 000A0030
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 000A006C
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 000C006C
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000C00A8
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000C01D4
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000C00E4
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 000C0120
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 000C015C
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 000C0198
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[728] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 000C0030
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00170120
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0017015C
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00170198
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00170030
.text C:\Windows\system32\svchost.exe[788] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 001C00A8
.text C:\Windows\system32\svchost.exe[788] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 001C00E4
.text C:\Windows\system32\svchost.exe[788] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 001C0120
.text C:\Windows\system32\svchost.exe[788] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 001C0030
.text C:\Windows\system32\svchost.exe[788] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 001C006C
.text C:\Windows\system32\svchost.exe[844] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[844] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[844] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 001E00A8
.text C:\Windows\system32\svchost.exe[844] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 001E00E4
.text C:\Windows\system32\svchost.exe[844] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 001E0120
.text C:\Windows\system32\svchost.exe[844] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 001E0030
.text C:\Windows\system32\svchost.exe[844] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 001E006C
.text C:\Windows\system32\svchost.exe[912] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[912] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[912] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[912] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[912] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[912] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 000B0030
.text C:\Windows\system32\svchost.exe[912] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[944] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[944] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[944] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[944] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[944] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[944] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[944] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[944] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[944] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[944] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 00A700A8
.text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 00A700E4
.text C:\Windows\System32\svchost.exe[944] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00A70120
.text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00A70030
.text C:\Windows\System32\svchost.exe[944] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 00A7006C
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000900A8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000900E4
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00090120
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00090030
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[992] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0009006C
.text C:\Windows\System32\svchost.exe[1032] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000B00A8
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000B01D4
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000B00E4
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 000B0120
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 000B015C
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 000B0198
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 000B0030
.text C:\Windows\System32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 001200A8
.text C:\Windows\System32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 001200E4
.text C:\Windows\System32\svchost.exe[1032] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00120120
.text C:\Windows\System32\svchost.exe[1032] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00120030
.text C:\Windows\System32\svchost.exe[1032] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0012006C
.text C:\Windows\System32\svchost.exe[1108] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1108] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0008006C
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000800A8
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000801D4
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000800E4
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00080120
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0008015C
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00080198
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00080030
.text C:\Windows\System32\svchost.exe[1108] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 00DF00A8
.text C:\Windows\System32\svchost.exe[1108] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 00DF00E4
.text C:\Windows\System32\svchost.exe[1108] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00DF0120
.text C:\Windows\System32\svchost.exe[1108] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00DF0030
.text C:\Windows\System32\svchost.exe[1108] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 00DF006C
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 001500A8
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 001500E4
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00150120
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00150030
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0015006C
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 001F00A8
.text C:\Windows\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 001F00E4
.text C:\Windows\system32\svchost.exe[1272] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 001F0120
.text C:\Windows\system32\svchost.exe[1272] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 001F0030
.text C:\Windows\system32\svchost.exe[1272] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 001F006C
.text C:\Windows\system32\Dwm.exe[1332] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00090030
.text C:\Windows\system32\Dwm.exe[1332] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0009006C
.text C:\Windows\system32\Dwm.exe[1332] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\Dwm.exe[1332] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\Dwm.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\Dwm.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\Dwm.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\Dwm.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 000B015C
.text C:\Windows\system32\Dwm.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\Dwm.exe[1332] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\Dwm.exe[1332] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000C00A8
.text C:\Windows\system32\Dwm.exe[1332] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000C00E4
.text C:\Windows\system32\Dwm.exe[1332] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 000C0120
.text C:\Windows\system32\Dwm.exe[1332] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 000C0030
.text C:\Windows\system32\Dwm.exe[1332] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 000C006C
.text C:\Windows\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 001900A8
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 001900E4
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00190120
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00190030
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0019006C
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1584] kernel32.dll!SetUnhandledExceptionFilter 76ACA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\system32\svchost.exe[1684] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1684] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\winlogon.exe[1776] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00030030
.text C:\Windows\system32\winlogon.exe[1776] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0003006C
.text C:\Windows\system32\winlogon.exe[1776] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\winlogon.exe[1776] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\winlogon.exe[1776] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\winlogon.exe[1776] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\winlogon.exe[1776] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00050120
.text C:\Windows\system32\winlogon.exe[1776] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0005015C
.text C:\Windows\system32\winlogon.exe[1776] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00050198
.text C:\Windows\system32\winlogon.exe[1776] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00050030
.text C:\Windows\system32\winlogon.exe[1776] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000600A8
.text C:\Windows\system32\winlogon.exe[1776] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\winlogon.exe[1776] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00060120
.text C:\Windows\system32\winlogon.exe[1776] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\winlogon.exe[1776] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0006006C
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[1996] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[1996] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[1996] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[1996] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[1996] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[1996] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[1996] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[1996] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[1996] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\taskeng.exe[1996] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[1996] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[1996] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[1996] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0008006C
.text C:\Windows\System32\spoolsv.exe[2000] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\spoolsv.exe[2000] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 001100A8
.text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 001100E4
.text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00110120
.text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00110030
.text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0011006C
.text C:\Windows\system32\svchost.exe[2032] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2032] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000E00A8
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000E00E4
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 000E0120
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 000E0030
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 000E006C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00140030
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0014006C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 001600A8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 001600E4
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00160120
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00160030
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0016006C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0017006C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 001700A8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 001701D4
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 001700E4
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00170120
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0017015C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00170198
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2068] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00170030
.text C:\Windows\Explorer.EXE[2092] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00090030
.text C:\Windows\Explorer.EXE[2092] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0009006C
.text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 000B006C
.text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000B00A8
.text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000B01D4
.text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000B00E4
.text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 000B0120
.text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 000B015C
.text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 000B0198
.text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 000B0030
.text C:\Windows\Explorer.EXE[2092] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000C00A8
.text C:\Windows\Explorer.EXE[2092] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000C00E4
.text C:\Windows\Explorer.EXE[2092] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 000C0120
.text C:\Windows\Explorer.EXE[2092] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 000C0030
.text C:\Windows\Explorer.EXE[2092] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 000C006C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000800A8
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000800E4
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00080120
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00080030
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2148] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\svchost.exe[2344] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2344] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2344] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[2384] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[2384] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[2520] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[2520] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[2520] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[2520] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[2520] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[2520] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[2520] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[2520] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[2520] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[2520] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[2520] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\taskeng.exe[2520] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[2520] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[2520] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[2520] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00160030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0016006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 001700A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00170120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0017015C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00170198
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 001800A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 001800E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00180120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00180030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2584] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0018006C
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000C00A8
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000C00E4
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 000C0120
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 000C0030
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[2620] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 000C006C
.text C:\Users\Julie\6w5yzuj4.exe[2852] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00150030
.text C:\Users\Julie\6w5yzuj4.exe[2852] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0015006C
.text C:\Users\Julie\6w5yzuj4.exe[2852] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0019006C
.text C:\Users\Julie\6w5yzuj4.exe[2852] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 001900A8
.text C:\Users\Julie\6w5yzuj4.exe[2852] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 3 Bytes JMP 001901D4
.text C:\Users\Julie\6w5yzuj4.exe[2852] ADVAPI32.dll!SetServiceObjectSecurity + 4 75606CDD 1 Byte [8A]
.text C:\Users\Julie\6w5yzuj4.exe[2852] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 001900E4
.text C:\Users\Julie\6w5yzuj4.exe[2852] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00190120
.text C:\Users\Julie\6w5yzuj4.exe[2852] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0019015C
.text C:\Users\Julie\6w5yzuj4.exe[2852] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00190198
.text C:\Users\Julie\6w5yzuj4.exe[2852] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00190030
.text C:\Users\Julie\6w5yzuj4.exe[2852] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 001A00A8
.text C:\Users\Julie\6w5yzuj4.exe[2852] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 001A00E4
.text C:\Users\Julie\6w5yzuj4.exe[2852] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 001A0120
.text C:\Users\Julie\6w5yzuj4.exe[2852] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 001A0030
.text C:\Users\Julie\6w5yzuj4.exe[2852] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 001A006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\wmiprvse.exe[3048] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000800A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000801D4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000800E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00080120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0008015C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00080198
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00080030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000900A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000900E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00090120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00090030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0009006C
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00140030
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0014006C
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] kernel32.dll!SetUnhandledExceptionFilter 76ACA84F 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 001600A8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 001600E4
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00160120
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00160030
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0016006C
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 001700A8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00170120
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0017015C
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00170198
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3080] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00170030
.text C:\Windows\system32\SearchIndexer.exe[3208] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\SearchIndexer.exe[3208] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\SearchIndexer.exe[3208] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\SearchIndexer.exe[3208] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\SearchIndexer.exe[3208] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\SearchIndexer.exe[3208] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\SearchIndexer.exe[3208] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\SearchIndexer.exe[3208] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\SearchIndexer.exe[3208] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\SearchIndexer.exe[3208] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\SearchIndexer.exe[3208] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\SearchIndexer.exe[3208] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\SearchIndexer.exe[3208] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\SearchIndexer.exe[3208] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\SearchIndexer.exe[3208] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00090030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0009006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 000B006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000B00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000B01D4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000B00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 000B0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 000B015C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 000B0198
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 000B0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000D00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000D00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 000D0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 000D0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3352] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 000D006C
.text C:\Windows\system32\WUDFHost.exe[3380] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\WUDFHost.exe[3380] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\WUDFHost.exe[3380] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\WUDFHost.exe[3380] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\WUDFHost.exe[3380] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\WUDFHost.exe[3380] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\WUDFHost.exe[3380] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\WUDFHost.exe[3380] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\WUDFHost.exe[3380] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\WUDFHost.exe[3380] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\WUDFHost.exe[3380] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\WUDFHost.exe[3380] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\WUDFHost.exe[3380] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\WUDFHost.exe[3380] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\WUDFHost.exe[3380] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3512] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00160030
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3512] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0016006C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3512] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 002700A8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3512] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 002700E4
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3512] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00270120
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3512] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00270030
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3512] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0027006C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3512] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 002800A8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3512] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 002801D4
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3512] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 002800E4
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3512] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00280120
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3512] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0028015C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3512] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00280198
.text C:\Windows\System32\wpcumi.exe[3564] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\wpcumi.exe[3564] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\System32\wpcumi.exe[3564] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\wpcumi.exe[3564] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\wpcumi.exe[3564] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\wpcumi.exe[3564] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\wpcumi.exe[3564] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\System32\wpcumi.exe[3564] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\System32\wpcumi.exe[3564] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\System32\wpcumi.exe[3564] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\System32\wpcumi.exe[3564] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000800A8
.text C:\Windows\System32\wpcumi.exe[3564] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000800E4
.text C:\Windows\System32\wpcumi.exe[3564] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00080120
.text C:\Windows\System32\wpcumi.exe[3564] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00080030
.text C:\Windows\System32\wpcumi.exe[3564] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\wbem\unsecapp.exe[3656] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\unsecapp.exe[3656] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\unsecapp.exe[3656] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\unsecapp.exe[3656] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\unsecapp.exe[3656] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\unsecapp.exe[3656] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\unsecapp.exe[3656] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\unsecapp.exe[3656] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\unsecapp.exe[3656] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\unsecapp.exe[3656] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\unsecapp.exe[3656] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\unsecapp.exe[3656] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\unsecapp.exe[3656] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\unsecapp.exe[3656] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\unsecapp.exe[3656] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00150030
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0015006C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 001700A8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00170120
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0017006C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 001800A8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00180120
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0018015C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00180198
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3704] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00180030
.text C:\Windows\System32\mobsync.exe[4000] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\mobsync.exe[4000] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Windows\System32\mobsync.exe[4000] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\mobsync.exe[4000] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\mobsync.exe[4000] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\mobsync.exe[4000] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\mobsync.exe[4000] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Windows\System32\mobsync.exe[4000] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Windows\System32\mobsync.exe[4000] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Windows\System32\mobsync.exe[4000] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Windows\System32\mobsync.exe[4000] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000800A8
.text C:\Windows\System32\mobsync.exe[4000] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000800E4
.text C:\Windows\System32\mobsync.exe[4000] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00080120
.text C:\Windows\System32\mobsync.exe[4000] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00080030
.text C:\Windows\System32\mobsync.exe[4000] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] ntdll.dll!LdrLoadDll 76ED93A8 5 Bytes JMP 00050030
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] ntdll.dll!LdrUnloadDll 76EEB740 5 Bytes JMP 0005006C
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] ADVAPI32.dll!CreateServiceW 755C9EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] ADVAPI32.dll!DeleteService 755CA07E 5 Bytes JMP 000700A8
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] ADVAPI32.dll!SetServiceObjectSecurity 75606CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] ADVAPI32.dll!ChangeServiceConfigA 75606DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] ADVAPI32.dll!ChangeServiceConfigW 75606F81 5 Bytes JMP 00070120
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] ADVAPI32.dll!ChangeServiceConfig2A 75607099 5 Bytes JMP 0007015C
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] ADVAPI32.dll!ChangeServiceConfig2W 756071E1 5 Bytes JMP 00070198
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] ADVAPI32.dll!CreateServiceA 756072A1 5 Bytes JMP 00070030
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] USER32.dll!SetWindowsHookExA 766B6322 5 Bytes JMP 000800A8
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] USER32.dll!SetWindowsHookExW 766B87AD 5 Bytes JMP 000800E4
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] USER32.dll!UnhookWindowsHookEx 766B98DB 5 Bytes JMP 00080120
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] USER32.dll!SetWinEventHook 766B9F3A 5 Bytes JMP 00080030
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[4056] USER32.dll!UnhookWinEvent 766BC06F 5 Bytes JMP 0008006C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73CCA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73CA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73C7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73CFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73C9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device InCDFs.sys (InCD File System Driver/Nero AG)

---- EOF - GMER 1.0.15 ----
  • 0

#21
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi 94jewels,

Please do step by step and test your system after each of them.

Also, do you have Windows Vista Home Basic Edition Service Pack 2 instalation disk?

Step 1

For temporary, please uninstall:

  • RealPlayer
  • Spybot - Search & Destroy

Step 2

Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you. If the scan hangs that may indicate a hardware problem.

Step 3

Lets see what you have in your startup

Please click on Start and then to Run
Type in msconfig and press Enter
Now click on Startups
Then uncheck everything and press Apply button.
Restart your system now
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

If system boots correctly and is running smoothly and faster then we have a startup problem
Try going back into msconfig and check one item and reboot
Keep doing that till you have found the problem or all are finally checked.
Post back with the results

Step 4

Please click on Start and then to Run
Type in msconfig and press Enter
Now click on Services
Click on the Hide All Microsoft Services
Then uncheck everything and press Apply button.
Restart your system now

If system boots correctly and is running smoothly and faster then we have a startup problem
Try going back into msconfig and check one item and reboot
Keep doing that till you have found the problem or all are finally checked.
Post back with the results
  • 0

#22
94jewels

94jewels

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi maliprog,

Well, the ran the boottime scan and it said it found inf:autorun-gen2 (wrm). I placed it in the virus chest, wasn't sure what else to do with it. I will report back with steps three and four shortly after completing them.

Thank you
  • 0

#23
94jewels

94jewels

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi maliprog,

I followed the steps for disabling and reenabling the programs and services and the computer is still very slow. It constantly hangs during internet use. I did not notice any improvement after disabling all programs and then all services.
  • 0

#24
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi 94jewels,

I don't see any traces of malware on your system. Let's try something new:

  • Right-clicking the My Computer icon
  • Click the Advanced System Settings link then click the Settings button under Performance
  • Click the Advanced tab
  • "Check" Automatically manage paging file size for all drives option
  • COnfirm it with Apply/OK button(s)

Restart your system and test it.
  • 0

#25
94jewels

94jewels

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi maliprog,

I'm glad to know there is no virus on the computer. Thank you for helping me run all those scans.

The settings were already set on my computer by your last posting instructions. So, I went ahead and defragmented and it has helped some, but I wonder if you know of anything else I can do to help speed it up and avoid the lag time while browsing?

Thank you again for all of your time with this.
  • 0

Advertisements


#26
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I'm glad that helped. You can speed things by disabling Add-ons and toolbars you don't use. I see there is a bit of them... Please read This article.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#27
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP