Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google/yahoo redirects on Windows XP

Started by satyap , Jun 19 2011 12:03 PM

  • This topic is locked This topic is locked

#1
satyap
Posted 19 June 2011 - 12:03 PM

satyap

    Member

  • Member
  • PipPip
  • 21 posts
Hi,

I seem to have this problem of google/yahoo searches getting redirectd. I have followed the steps in the instructions here (ran OTL, OTM, GooredFix and TDSSkiller), but that did not fix the problem. Would appreciate any help in getting this virus cleaned up.

The OTL log is pasted below.

Thanks,
srao

--------

OTL logfile created on: 6/19/2011 2:22:26 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Sharmila\resume
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.36 Mb Total Physical Memory | 318.07 Mb Available Physical Memory | 33.15% Memory free
2.26 Gb Paging File | 1.73 Gb Available in Paging File | 76.40% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.79 Gb Total Space | 87.48 Gb Free Space | 49.20% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.19% Space Free | Partition Type: FAT32

Computer Name: HOMEPC | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/19 14:20:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Sharmila\resume\OTL.exe
PRC - [2011/06/09 21:56:17 | 000,785,920 | ---- | M] () -- C:\WINDOWS\system32\capicom32.exe
PRC - [2011/06/09 21:56:16 | 000,785,920 | ---- | M] () -- C:\WINDOWS\system32\ncxpnt32.exe
PRC - [2011/06/09 21:56:16 | 000,785,920 | ---- | M] () -- C:\WINDOWS\system32\ipv6mon32.exe
PRC - [2011/06/09 21:56:16 | 000,785,920 | ---- | M] () -- C:\WINDOWS\system32\ipsecsnp32.exe
PRC - [2011/06/09 21:56:16 | 000,785,920 | ---- | M] () -- C:\WINDOWS\system32\ativvaxx32.exe
PRC - [2011/06/06 11:27:25 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/28 07:24:21 | 003,261,952 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/04/15 15:50:00 | 000,610,120 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/10/26 14:42:14 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010/10/26 14:42:14 | 002,953,584 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010/10/26 14:42:14 | 001,153,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2010/10/26 14:42:14 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/10/24 04:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/29 19:19:00 | 000,057,344 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
PRC - [2005/02/01 20:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIADA.EXE
PRC - [1996/12/09 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (SafeList) ==========

MOD - [2011/06/19 14:20:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Sharmila\resume\OTL.exe
MOD - [2011/05/10 05:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 05:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\security.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (Apache2)
SRV - [2011/06/09 21:56:17 | 000,785,920 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\capicom32.exe -- (RasAuto32)
SRV - [2011/06/09 21:56:16 | 000,785,920 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ncxpnt32.exe -- (W32Time32)
SRV - [2011/06/09 21:56:16 | 000,785,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\WMNetMgr32.exe -- (RemoteRegistry32)
SRV - [2011/06/09 21:56:16 | 000,785,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\lpk32.exe -- (Nla32) Network Location Awareness (NLA)
SRV - [2011/06/09 21:56:16 | 000,785,920 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ativvaxx32.exe -- (NetDDE32)
SRV - [2011/06/09 21:56:16 | 000,785,920 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ipsecsnp32.exe -- (mnmsrvc32)
SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/10/26 14:42:14 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010/10/26 14:42:14 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010/07/15 17:45:44 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/08/03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) [On_Demand | Stopped] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/09/29 20:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 05:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 04:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/11 12:19:26 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010/09/11 08:30:22 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TuneConvertAudio.sys -- (TuneConvertAudio)
DRV - [2010/07/15 17:45:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/05/13 11:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/01/30 14:29:50 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2007/06/08 13:15:20 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/02/16 12:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/10/20 08:23:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/10/18 13:15:42 | 004,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/09/23 13:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/08/22 00:53:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2005/08/13 22:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/04 00:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 01:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/10 05:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/10 10:42:36 | 000,002,944 | ---- | M] ([email protected]) [Kernel | System | Running] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/11/05 15:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 23 05 C2 01 06 1F 0E 4D 9C 07 BD 42 9F 8F 7E 9F [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "about:myworld|http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=nshome&bd=pavilion&locale=EN_US&c=Q106&pf=desktop|http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=nshome2&bd=pavilion&locale=EN_US&c=Q106&pf=desktop"

FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Flock\flock\plugins [2008/05/18 12:56:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Flock\flock\components [2008/05/18 12:56:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/06 11:27:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/06 11:27:36 | 000,000,000 | ---D | M]

[2008/11/26 01:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2011/06/19 10:56:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions
[2010/07/27 07:55:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/19 10:54:29 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{2dd51bb8-e35f-44b9-a536-eb5b984e13d9}
[2010/07/27 07:55:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/30 09:53:03 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/07/27 07:55:11 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/02/16 22:48:54 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2010/07/27 07:55:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/27 07:55:14 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\[email protected]
[2011/06/19 10:56:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/21 08:49:08 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/05/07 14:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/05/18 12:56:16 | 000,000,000 | ---D | M] (afcE93FC2E44C41 Branding) -- C:\PROGRAM FILES\FLOCK\FLOCK\EXTENSIONS\[email protected]
[2008/05/18 12:56:16 | 000,000,000 | ---D | M] (nse Branding) -- C:\PROGRAM FILES\FLOCK\FLOCK\EXTENSIONS\[email protected]
[2010/06/09 22:03:02 | 000,101,760 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/06/09 22:02:05 | 000,064,384 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/07/13 15:54:03 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2011/06/19 10:03:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {01C20523-1F06-4D0E-9C07-BD429F8F7E9f} - C:\WINDOWS\system32\ativvaxx32.dll (Dmitry Streblechenko)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (c0a02fd7) - {4F8A1E4C-07D1-CEA2-412D-0B3E31E39EA5} - C:\WINDOWS\system32\lprhelp32.dll ()
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - File not found
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [Search Protection] File not found
O4 - HKCU..\Run: [Wqiyukakadikujik] File not found
O4 - HKCU..\Run: [X-Lite 4] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\sat\registry-backup\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.bitstream...er/tdserver.cab (TDServer Control)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\lprhelp32.dll) - C:\WINDOWS\system32\lprhelp32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/27 15:29:28 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/19 10:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/06/19 10:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/06/19 10:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\GooredFix Backups
[2011/06/19 10:03:31 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/19 09:28:44 | 000,761,344 | ---- | C] (CrypKey Inc.) -- C:\Documents and Settings\HP_Administrator\0.17894932057704727.exe
[2011/06/19 09:28:43 | 000,761,344 | ---- | C] (CrypKey Inc.) -- C:\Documents and Settings\HP_Administrator\0.6843297656739168.exe
[2011/06/17 20:17:01 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/06/17 20:16:57 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/06/17 20:16:25 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/06/17 20:16:21 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/06/17 20:15:53 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/06/17 20:15:49 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/06/17 20:15:40 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/06/17 20:15:19 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/06/17 20:14:57 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/06/17 20:14:53 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/06/17 20:14:49 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/06/17 20:14:43 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/06/17 20:14:39 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/06/17 20:14:35 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/06/17 20:14:31 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/06/17 20:14:15 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/06/17 20:14:00 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/06/17 20:13:57 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/06/17 20:13:53 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/06/17 20:13:45 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/06/17 20:13:25 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/06/17 20:13:11 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/06/17 20:13:07 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/06/17 20:12:51 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/06/17 20:12:48 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/06/17 20:12:44 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/06/17 20:12:41 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/06/17 20:12:38 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/06/17 20:12:34 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/06/17 20:12:04 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/06/17 20:11:58 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/06/17 20:11:55 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/06/17 20:11:54 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/06/17 20:11:48 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/06/17 20:11:45 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/06/17 20:11:32 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/06/17 20:11:29 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/06/17 20:10:47 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/06/17 20:10:43 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/06/17 20:10:40 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/06/17 20:10:36 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/06/17 20:10:30 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/06/17 20:10:09 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/06/17 20:09:39 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/06/17 20:09:35 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/06/17 20:09:32 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/06/17 20:09:29 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/06/17 20:09:26 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/06/17 20:08:55 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/06/17 20:08:52 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/06/17 20:08:48 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/06/17 20:08:41 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/06/17 20:08:11 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/06/17 20:08:08 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/06/17 20:08:05 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/06/17 20:08:02 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/06/17 20:07:35 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/06/17 20:07:29 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/06/17 20:07:25 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/06/17 20:07:10 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/06/17 20:07:07 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/06/17 20:07:04 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/06/17 20:07:01 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/06/17 20:06:58 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/06/17 20:06:55 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/06/17 20:06:52 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/06/17 20:06:49 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/06/17 20:06:46 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/06/17 20:06:38 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/06/17 20:06:35 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/06/17 20:06:31 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/06/17 20:06:28 | 000,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/06/17 20:06:16 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/06/17 20:06:09 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/06/17 20:06:05 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/06/17 20:06:00 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/06/17 20:05:42 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/06/17 20:05:39 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/06/17 20:05:10 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/06/17 20:05:07 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/06/17 20:05:04 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/06/17 20:04:54 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/06/17 20:04:03 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/06/17 20:03:52 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/06/17 20:03:50 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/06/17 20:03:47 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/06/17 20:03:31 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/06/17 20:03:28 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/06/17 20:03:25 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/06/17 20:03:21 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/06/17 20:03:00 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/06/17 20:02:46 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/06/17 20:02:43 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/06/17 20:02:37 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/06/17 20:02:27 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/06/17 20:02:25 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/06/17 20:02:16 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/06/17 20:02:14 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/06/17 20:02:11 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/06/17 20:02:08 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/06/17 20:02:05 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/06/17 20:02:03 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/06/17 20:01:54 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/06/17 20:01:51 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/06/17 20:01:49 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/06/17 20:01:46 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/06/17 20:01:43 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/06/17 20:00:50 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/06/17 20:00:13 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/06/17 19:59:51 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/06/17 19:59:49 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/06/17 19:59:47 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/06/17 19:59:44 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/06/17 19:59:43 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/06/17 19:59:41 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/06/17 19:59:32 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/06/17 19:59:29 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/06/17 19:59:27 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/06/17 19:59:24 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/06/17 19:59:19 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/06/17 19:59:16 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/06/17 19:58:19 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/06/17 19:57:40 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/06/17 19:56:04 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/06/17 19:55:55 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/06/17 19:55:25 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/06/17 19:55:23 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/06/17 19:55:21 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/06/17 19:55:07 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/06/17 19:55:00 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/06/17 19:54:58 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/06/17 19:54:53 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/06/17 19:54:51 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/06/17 19:54:49 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/06/17 19:54:47 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/06/17 19:54:32 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/06/17 19:54:28 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/06/17 19:54:27 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/06/17 19:53:06 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/06/17 19:53:00 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/06/17 19:52:50 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/06/17 19:52:48 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/06/17 19:52:47 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/06/17 19:52:42 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/06/17 19:52:41 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/06/17 19:52:40 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/06/17 19:52:39 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/06/17 19:52:36 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/06/17 19:52:15 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/06/17 19:52:14 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/06/17 19:52:10 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/06/17 19:51:47 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/06/17 19:51:46 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/06/17 19:51:45 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/06/17 19:51:44 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/06/17 19:51:43 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/06/17 19:51:42 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/06/17 19:51:41 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/06/17 19:51:39 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/06/17 19:51:31 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/06/17 19:51:15 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/06/17 19:51:05 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/06/17 19:50:58 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/06/17 19:50:58 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/06/17 19:50:57 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/06/17 19:50:57 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/06/17 19:50:56 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/06/17 19:50:53 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/06/17 19:50:52 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/06/17 19:50:51 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/06/17 19:50:51 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/06/17 19:50:48 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/06/17 19:50:47 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/06/17 19:50:14 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/06/17 19:50:13 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/06/17 19:50:13 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/06/17 19:50:12 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/06/17 19:50:11 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/06/17 19:50:11 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/06/17 19:50:10 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/06/17 19:50:09 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/06/17 19:50:07 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/06/17 19:50:07 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/06/17 19:50:06 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/06/17 19:50:05 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/06/17 19:50:04 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/06/17 19:50:04 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/06/17 19:50:03 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/06/17 19:50:03 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/06/17 19:50:02 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/06/17 19:50:01 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/06/17 19:49:54 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/06/17 19:49:50 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/06/17 19:49:50 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/06/17 19:49:49 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/06/17 19:49:48 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/06/17 19:49:48 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/06/17 19:49:47 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/06/17 19:49:46 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/06/17 19:49:07 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/06/17 19:48:59 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/06/17 19:48:42 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/06/17 19:48:40 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/06/17 19:48:39 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/06/17 19:48:39 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/06/17 19:48:38 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/06/17 19:48:36 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/06/17 19:48:32 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/06/17 19:48:32 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/06/17 19:48:29 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/06/17 19:48:28 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/06/17 19:48:28 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/06/17 00:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/06/17 00:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/06/16 15:28:52 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2011/06/09 21:56:26 | 000,359,424 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\ativvaxx32.dll
[2011/05/28 07:26:09 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
[2 C:\Documents and Settings\HP_Administrator\*.tmp files -> C:\Documents and Settings\HP_Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/19 14:07:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/19 14:01:01 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/19 10:56:34 | 000,000,019 | ---- | M] () -- C:\WINDOWS\System32\60537885
[2011/06/19 10:52:31 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/06/19 10:52:31 | 000,001,671 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/06/19 10:26:29 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/06/19 10:21:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/19 10:21:45 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/19 10:20:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/19 10:03:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/19 10:01:33 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Notepad.lnk
[2011/06/19 09:59:01 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/19 09:59:00 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk
[2011/06/19 09:59:00 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2011/06/19 09:28:46 | 000,761,344 | ---- | M] (CrypKey Inc.) -- C:\Documents and Settings\HP_Administrator\0.17894932057704727.exe
[2011/06/19 09:28:45 | 000,761,344 | ---- | M] (CrypKey Inc.) -- C:\Documents and Settings\HP_Administrator\0.6843297656739168.exe
[2011/06/16 23:28:23 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\rstrui.exe (2).lnk
[2011/06/16 21:11:53 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\rstrui.exe.lnk
[2011/06/16 20:44:16 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/16 20:44:12 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/16 20:43:58 | 000,000,105 | ---- | M] () -- C:\WINDOWS\System32\1249732853
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2011/06/09 21:56:32 | 000,168,960 | ---- | M] () -- C:\WINDOWS\System32\lprhelp32.dll
[2011/06/09 21:56:26 | 000,359,424 | ---- | M] (Dmitry Streblechenko) -- C:\WINDOWS\System32\ativvaxx32.dll
[2011/06/09 21:56:17 | 000,785,920 | ---- | M] () -- C:\WINDOWS\System32\capicom32.exe
[2011/06/09 21:56:17 | 000,785,920 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\0.3867908718886275.exe
[2011/06/09 21:56:16 | 000,785,920 | ---- | M] () -- C:\WINDOWS\System32\WMNetMgr32.exe
[2011/06/09 21:56:16 | 000,785,920 | ---- | M] () -- C:\WINDOWS\System32\ncxpnt32.exe
[2011/06/09 21:56:16 | 000,785,920 | ---- | M] () -- C:\WINDOWS\System32\lpk32.exe
[2011/06/09 21:56:16 | 000,785,920 | ---- | M] () -- C:\WINDOWS\System32\ipv6mon32.exe
[2011/06/09 21:56:16 | 000,785,920 | ---- | M] () -- C:\WINDOWS\System32\ipsecsnp32.exe
[2011/06/09 21:56:16 | 000,785,920 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx32.exe
[2011/06/09 21:56:16 | 000,785,920 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\0.594498634718439.exe
[2011/06/09 21:56:14 | 000,785,920 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\0.03954105631440463.exe
[2011/06/09 21:56:13 | 000,785,920 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\0.34426213276118056.exe
[2011/06/04 15:26:32 | 000,074,108 | ---- | M] () -- C:\Sonia As Ravana.JPG
[2011/06/04 07:08:50 | 000,130,496 | ---- | M] () -- C:\WINDOWS\HPHins13.dat
[2011/06/03 16:46:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2011/06/02 19:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/26 20:10:03 | 000,112,640 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
[2 C:\Documents and Settings\HP_Administrator\*.tmp files -> C:\Documents and Settings\HP_Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/19 10:52:31 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/06/19 10:52:31 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/06/19 09:59:01 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/19 09:59:00 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk
[2011/06/19 09:59:00 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2011/06/17 20:16:53 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/06/17 20:16:50 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/06/17 20:04:39 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/06/17 19:59:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/06/17 19:57:56 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/06/17 19:57:53 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/06/17 19:57:49 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/06/17 19:56:56 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/06/17 19:56:02 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/06/17 19:55:58 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/06/17 19:55:53 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/06/17 19:55:49 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/06/17 19:55:44 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/06/17 19:55:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/06/17 19:52:46 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/06/17 19:52:45 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/06/17 19:52:44 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/06/17 19:51:05 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/06/17 19:49:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/06/17 19:49:37 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/06/17 19:49:36 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/06/17 19:49:35 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/06/17 19:49:35 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/06/17 19:49:34 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/06/17 19:49:34 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/06/17 19:49:33 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/06/17 19:49:32 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/06/17 19:49:20 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/06/16 23:28:05 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\rstrui.exe (2).lnk
[2011/06/16 21:11:11 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\rstrui.exe.lnk
[2011/06/16 21:08:48 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\60537885
[2011/06/16 20:44:16 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/16 20:43:58 | 000,785,920 | ---- | C] () -- C:\WINDOWS\System32\ipsecsnp32.exe
[2011/06/13 08:52:05 | 000,785,920 | ---- | C] () -- C:\WINDOWS\System32\lpk32.exe
[2011/06/09 21:56:38 | 000,785,920 | ---- | C] () -- C:\WINDOWS\System32\ncxpnt32.exe
[2011/06/09 21:56:34 | 000,785,920 | ---- | C] () -- C:\WINDOWS\System32\capicom32.exe
[2011/06/09 21:56:34 | 000,785,920 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx32.exe
[2011/06/09 21:56:32 | 000,785,920 | ---- | C] () -- C:\WINDOWS\System32\ipv6mon32.exe
[2011/06/09 21:56:32 | 000,168,960 | ---- | C] () -- C:\WINDOWS\System32\lprhelp32.dll
[2011/06/09 21:56:26 | 000,785,920 | ---- | C] () -- C:\WINDOWS\System32\WMNetMgr32.exe
[2011/06/09 21:56:26 | 000,000,105 | ---- | C] () -- C:\WINDOWS\System32\1249732853
[2011/06/09 21:56:12 | 000,785,920 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\0.594498634718439.exe
[2011/06/09 21:56:12 | 000,785,920 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\0.03954105631440463.exe
[2011/06/09 21:56:11 | 000,785,920 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\0.3867908718886275.exe
[2011/06/09 21:56:10 | 000,785,920 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\0.34426213276118056.exe
[2011/06/04 15:26:30 | 000,074,108 | ---- | C] () -- C:\Sonia As Ravana.JPG
[2011/05/15 12:04:02 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lnktdeoo.sys
[2011/02/03 21:51:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT10.ini
[2010/12/20 23:26:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2010/12/20 23:26:27 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2010/12/20 23:15:11 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/12/20 17:26:18 | 000,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/10/08 11:22:03 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/10/05 08:32:35 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/09/30 11:07:48 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/09/22 22:39:24 | 000,180,208 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/21 14:51:09 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/15 17:45:44 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/12/12 12:24:49 | 000,007,831 | ---- | C] () -- C:\WINDOWS\extend.dat
[2009/11/28 17:06:56 | 000,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/28 17:06:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/26 11:49:43 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/27 13:07:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PUTTY.RND
[2009/08/26 11:10:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/04/25 19:26:16 | 000,000,537 | ---- | C] () -- C:\WINDOWS\muncher.ini
[2007/11/25 17:14:24 | 000,130,496 | ---- | C] () -- C:\WINDOWS\HPHins13.dat
[2007/11/25 17:14:24 | 000,002,977 | ---- | C] () -- C:\WINDOWS\hphmdl13.dat
[2007/03/22 17:52:31 | 000,001,358 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/26 21:42:18 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\kpk-w.bit
[2006/12/26 21:42:18 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\kpk-b.bit
[2006/12/23 09:56:10 | 000,000,194 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/12/02 11:33:09 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2006/11/26 15:03:03 | 000,005,366 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\games.pgn
[2006/11/26 14:48:40 | 000,524,300 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\position.bin
[2006/11/23 12:47:24 | 000,001,678 | ---- | C] () -- C:\WINDOWS\FlipBook.INI
[2006/11/10 10:17:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/10/24 13:24:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/21 08:47:09 | 000,000,054 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2006/10/14 19:27:54 | 001,028,096 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\arasanx.exe
[2006/10/14 17:15:38 | 000,606,208 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\arasan.exe
[2006/10/14 16:52:10 | 001,507,328 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\book.bin
[2006/10/14 12:47:20 | 000,004,516 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\arasan.rc
[2006/09/30 18:05:48 | 000,000,039 | ---- | C] () -- C:\WINDOWS\chssbase.ini
[2006/09/04 19:08:36 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2006/09/04 19:07:57 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/09/04 08:07:08 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/09/03 21:15:41 | 000,112,640 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/03 20:00:29 | 000,060,565 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/09/03 20:00:29 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/09/03 20:00:29 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/09/03 20:00:29 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/09/03 20:00:29 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/09/03 20:00:29 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/09/03 20:00:29 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/09/03 20:00:29 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/09/03 20:00:29 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/09/03 20:00:29 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/09/03 20:00:29 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/09/03 20:00:29 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/09/03 20:00:28 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/09/03 20:00:28 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/09/03 19:58:58 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4800.ini
[2006/09/03 18:47:47 | 000,004,936 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/03 18:43:53 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/05/02 15:38:24 | 000,072,444 | ---- | C] () -- C:\WINDOWS\SetBrowser.exe
[2006/05/02 15:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2006/04/11 15:56:30 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\pythoncom24.dll
[2006/04/11 15:56:30 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\pywintypes24.dll
[2005/12/27 15:58:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/27 15:36:53 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/12/27 15:33:40 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2005/12/27 15:32:51 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/12/27 15:32:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/12/27 15:26:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/27 15:21:45 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/12/27 15:21:45 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/12/27 15:21:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/12/27 15:21:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/12/27 15:21:45 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/12/27 15:21:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/27 15:16:09 | 000,000,159 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/27 15:15:11 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/12/27 15:15:11 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/12/27 15:09:27 | 000,080,417 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2005/12/27 15:09:27 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2005/12/27 15:08:26 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/12/27 15:08:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2005/12/27 15:06:54 | 000,112,873 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2005/12/27 15:06:54 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2005/12/27 15:03:28 | 000,088,403 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
[2005/12/27 15:03:27 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
[2005/12/27 15:02:26 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/12/27 14:58:16 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/12/27 14:46:31 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/27 14:39:37 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/12/27 14:39:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/12/27 14:39:13 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/15 19:44:17 | 000,159,743 | ---- | C] () -- C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
[2005/12/15 19:33:25 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Cleanup.exe
[2005/08/31 05:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/31 05:07:46 | 000,444,072 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/31 05:07:46 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/31 05:05:30 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/31 05:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/31 04:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 22:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 00:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/07/15 11:36:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/07/15 11:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 11:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 11:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/08/10 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 15:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 16:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 16:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 23:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/12/09 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/09 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/12/19 00:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/08 11:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/09/27 18:48:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2009/02/28 14:48:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2006/09/04 21:14:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/04/18 09:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gCmNiCc08200
[2008/12/07 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/09/06 09:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/07/28 13:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2008/07/28 13:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/07/13 18:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/12/27 21:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2010/12/23 15:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/19 10:53:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/21 14:46:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
[2011/02/25 07:17:01 | 000,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnDowngrade.job
[2011/02/25 07:17:02 | 000,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2010/12/26 21:27:01 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/06/03 16:46:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2007/05/03 19:23:43 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\Desktop\fhfhfhf.bmp:Roxio EMC Stream
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

Edited by satyap, 19 June 2011 - 03:41 PM.

  • 0

Advertisements

#2
maliprog
Posted 20 June 2011 - 03:31 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello satyap and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {01C20523-1F06-4D0E-9C07-BD429F8F7E9f} - C:\WINDOWS\system32\ativvaxx32.dll (Dmitry Streblechenko)
    O2 - BHO: (c0a02fd7) - {4F8A1E4C-07D1-CEA2-412D-0B3E31E39EA5} - C:\WINDOWS\system32\lprhelp32.dll ()
    O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll ()
    O4 - HKCU..\Run: [Wqiyukakadikujik] File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\lprhelp32.dll) - C:\WINDOWS\system32\lprhelp32.dll ()

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [emptyflash]
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
satyap
Posted 20 June 2011 - 11:38 PM

satyap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello, Thank you very much for your time and help.

Please find the OTLlog below- I will paste the ComboFix log in the next post:

------------

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01C20523-1F06-4D0E-9C07-BD429F8F7E9f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01C20523-1F06-4D0E-9C07-BD429F8F7E9f}\ deleted successfully.
C:\WINDOWS\system32\ativvaxx32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F8A1E4C-07D1-CEA2-412D-0B3E31E39EA5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F8A1E4C-07D1-CEA2-412D-0B3E31E39EA5}\ deleted successfully.
C:\WINDOWS\system32\lprhelp32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Wqiyukakadikujik deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\lprhelp32.dll deleted successfully.
File C:\WINDOWS\system32\lprhelp32.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Administrator\My Documents\Sharmila\resume\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Administrator\My Documents\Sharmila\resume\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: daddy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 8845522 bytes
->Temporary Internet Files folder emptied: 33394 bytes
->Java cache emptied: 51706 bytes
->FireFox cache emptied: 76287380 bytes
->Flash cache emptied: 2638 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: po12
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46860 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 940054080 bytes

Total Files Cleaned = 978.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: daddy
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: po12

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06202011_214142

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#4
satyap
Posted 20 June 2011 - 11:39 PM

satyap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the ComboFix log.

Thanks,
satyap

--------

ComboFix 11-06-19.0r1 - HP_Administrator 06/20/2011 21:57:47.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.499 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UA.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UAcpt.dtd
c:\documents and settings\daddy\Application Data\Mozilla\Firefox\Profiles\fr6j11pn.default\extensions\{26c8b6cc-5112-49d8-87ed-0d1f03ed8032}
c:\documents and settings\daddy\Application Data\Mozilla\Firefox\Profiles\fr6j11pn.default\extensions\{26c8b6cc-5112-49d8-87ed-0d1f03ed8032}\chrome\xulcache.jar
c:\documents and settings\daddy\Application Data\Mozilla\Firefox\Profiles\fr6j11pn.default\extensions\{26c8b6cc-5112-49d8-87ed-0d1f03ed8032}\defaults\preferences\xulcache.js
c:\documents and settings\daddy\Application Data\Mozilla\Firefox\Profiles\fr6j11pn.default\extensions\{26c8b6cc-5112-49d8-87ed-0d1f03ed8032}\install.rdf
c:\documents and settings\daddy\Application Data\Mozilla\Firefox\Profiles\fr6j11pn.default\extensions\{2dd51bb8-e35f-44b9-a536-eb5b984e13d9}
c:\documents and settings\daddy\Application Data\Mozilla\Firefox\Profiles\fr6j11pn.default\extensions\{2dd51bb8-e35f-44b9-a536-eb5b984e13d9}\chrome.manifest
c:\documents and settings\daddy\Application Data\Mozilla\Firefox\Profiles\fr6j11pn.default\extensions\{2dd51bb8-e35f-44b9-a536-eb5b984e13d9}\chrome\xulcache.jar
c:\documents and settings\daddy\Application Data\Mozilla\Firefox\Profiles\fr6j11pn.default\extensions\{2dd51bb8-e35f-44b9-a536-eb5b984e13d9}\defaults\preferences\xulcache.js
c:\documents and settings\daddy\Application Data\Mozilla\Firefox\Profiles\fr6j11pn.default\extensions\{2dd51bb8-e35f-44b9-a536-eb5b984e13d9}\install.rdf
c:\documents and settings\daddy\Application Data\Mozilla\Firefox\Profiles\fr6j11pn.default\extensions\{ec04f86d-dc8b-4e7c-9c7a-9c14d55cf9d4}
c:\documents and settings\daddy\Application Data\Mozilla\Firefox\Profiles\fr6j11pn.default\extensions\{ec04f86d-dc8b-4e7c-9c7a-9c14d55cf9d4}\chrome\xulcache.jar
c:\documents and settings\daddy\Application Data\Mozilla\Firefox\Profiles\fr6j11pn.default\extensions\{ec04f86d-dc8b-4e7c-9c7a-9c14d55cf9d4}\defaults\preferences\xulcache.js
c:\documents and settings\daddy\Application Data\Mozilla\Firefox\Profiles\fr6j11pn.default\extensions\{ec04f86d-dc8b-4e7c-9c7a-9c14d55cf9d4}\install.rdf
c:\documents and settings\daddy\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\0.03954105631440463.exe
c:\documents and settings\HP_Administrator\0.17894932057704727.exe
c:\documents and settings\HP_Administrator\0.34426213276118056.exe
c:\documents and settings\HP_Administrator\0.3867908718886275.exe
c:\documents and settings\HP_Administrator\0.594498634718439.exe
c:\documents and settings\HP_Administrator\0.6843297656739168.exe
c:\documents and settings\HP_Administrator\Application Data\arasanx.exe
c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{2dd51bb8-e35f-44b9-a536-eb5b984e13d9}
c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{2dd51bb8-e35f-44b9-a536-eb5b984e13d9}\chrome.manifest
c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{2dd51bb8-e35f-44b9-a536-eb5b984e13d9}\chrome\xulcache.jar
c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{2dd51bb8-e35f-44b9-a536-eb5b984e13d9}\defaults\preferences\xulcache.js
c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{2dd51bb8-e35f-44b9-a536-eb5b984e13d9}\install.rdf
c:\documents and settings\HP_Administrator\Application Data\PriceGong
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\1.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\a.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\b.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\c.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\d.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\e.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\f.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\g.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\h.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\i.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\J.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\k.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\l.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\m.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\n.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\o.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\p.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\q.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\r.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\s.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\t.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\u.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\v.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\w.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\x.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\y.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\z.xml
c:\documents and settings\HP_Administrator\g2mdlhlpx.exe
c:\documents and settings\HP_Administrator\WINDOWS
c:\documents and settings\LocalService\Application Data\020000009a342aea1270C(2).manifest
c:\documents and settings\LocalService\Application Data\020000009a342aea1270C.manifest
c:\documents and settings\LocalService\Application Data\020000009a342aea1270O(2).manifest
c:\documents and settings\LocalService\Application Data\020000009a342aea1270O.manifest
c:\documents and settings\LocalService\Application Data\020000009a342aea1270P(2).manifest
c:\documents and settings\LocalService\Application Data\020000009a342aea1270P.manifest
c:\documents and settings\LocalService\Application Data\020000009a342aea1270S(2).manifest
c:\documents and settings\LocalService\Application Data\020000009a342aea1270S.manifest
c:\documents and settings\po12\WINDOWS
c:\program files\Blinkx
c:\program files\Blinkx\blinkx.ico
c:\program files\Blinkx\blinkxss.exe
c:\program files\Blinkx\blinkxstop.exe
c:\program files\Blinkx\lang.dll
c:\program files\Blinkx\templates\beat.ico
c:\program files\Blinkx\templates\index.html
c:\program files\Blinkx\templates\noflash.html
c:\program files\Blinkx\templates\offline.html
c:\program files\Blinkx\templates\offline.swf
c:\program files\Blinkx\templates\uninstall.exe
c:\windows\Google Pack Screensaver Uninstaller.exe
c:\windows\system32\config\systemprofile\WINDOWS
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\system32\dllcache\proquota.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NLA32
-------\Service_Nla32
.
.
((((((((((((((((((((((((( Files Created from 2011-05-21 to 2011-06-21 )))))))))))))))))))))))))))))))
.
.
2011-06-21 05:08 . 2004-08-10 12:00 50176 ----a-w- c:\windows\system32\proquota.exe
2011-06-21 05:08 . 2004-08-10 12:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2011-06-21 04:46 . 2011-06-21 04:46 168960 ----a-w- c:\windows\system32\ativvaxx32.dll
2011-06-21 04:41 . 2011-06-21 04:41 -------- d-----w- C:\_OTL
2011-06-19 17:03 . 2011-06-19 17:03 -------- d-----w- C:\_OTM
2011-06-18 16:48 . 2011-06-18 16:48 0 ---ha-w- c:\documents and settings\HP_Administrator\dmgshwlrtg.tmp
2011-06-18 03:17 . 2004-08-04 07:56 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-06-18 03:16 . 2001-08-18 05:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-06-18 03:16 . 2001-08-18 05:36 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-06-18 03:16 . 2001-08-18 05:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-06-18 03:16 . 2001-08-18 05:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-06-18 03:16 . 2001-08-18 05:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-06-18 03:16 . 2001-08-17 19:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-06-18 03:16 . 2004-08-04 05:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-06-18 03:16 . 2004-08-04 05:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-06-18 03:16 . 2004-08-04 07:56 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-06-18 03:16 . 2004-08-04 06:07 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-06-18 03:14 . 2001-08-17 19:13 16925 ----a-w- c:\windows\system32\dllcache\w940nd.sys
2011-06-18 03:13 . 2001-08-17 20:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2011-06-18 03:12 . 2001-08-17 20:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2011-06-18 03:11 . 2001-08-17 19:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-06-18 03:10 . 2001-08-18 05:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-06-18 03:09 . 2001-08-18 05:36 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2011-06-18 03:08 . 2004-08-04 05:41 95424 ----a-w- c:\windows\system32\dllcache\slnthal.sys
2011-06-18 03:07 . 2001-08-17 19:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-06-18 03:06 . 2001-08-17 21:56 210496 ----a-w- c:\windows\system32\dllcache\s3mvirge.dll
2011-06-18 03:05 . 2004-08-04 05:41 13776 ----a-w- c:\windows\system32\dllcache\recagent.sys
2011-06-18 03:04 . 2001-08-18 05:36 35328 ----a-w- c:\windows\system32\dllcache\psisload.dll
2011-06-18 03:03 . 2001-08-17 19:11 29769 ----a-w- c:\windows\system32\dllcache\pcntn5m.sys
2011-06-18 03:02 . 2001-08-17 20:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-06-18 03:01 . 2001-08-17 19:11 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2011-06-18 03:00 . 2004-08-04 06:10 51328 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-06-18 02:59 . 2001-08-18 05:36 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll
2011-06-18 02:58 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-06-18 02:57 . 2004-08-10 12:00 59392 ----a-w- c:\windows\system32\dllcache\imscinst.exe
2011-06-18 02:56 . 2004-08-04 06:00 8192 ----a-w- c:\windows\system32\dllcache\i2omgmt.sys
2011-06-18 02:55 . 2001-08-18 05:36 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2011-06-18 02:54 . 2001-08-17 19:15 455680 ----a-w- c:\windows\system32\dllcache\fus2base.sys
2011-06-18 02:53 . 2001-08-17 19:19 72192 ----a-w- c:\windows\system32\dllcache\es1969.sys
2011-06-18 02:52 . 2001-08-17 20:47 23808 ----a-w- c:\windows\system32\dllcache\dot4usb.sys
2011-06-18 02:51 . 2001-08-17 20:52 179584 ----a-w- c:\windows\system32\dllcache\dac2w2k.sys
2011-06-18 02:50 . 2001-08-17 19:13 49182 ----a-w- c:\windows\system32\dllcache\cem56n5.sys
2011-06-18 02:49 . 2001-08-18 05:36 102400 ----a-w- c:\windows\system32\dllcache\binlsvc.dll
2011-06-18 02:48 . 2004-08-04 06:07 43008 ----a-w- c:\windows\system32\dllcache\amdagp.sys
2011-06-18 02:47 . 2001-08-17 21:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-06-17 07:34 . 2011-06-17 07:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-06-17 07:32 . 2011-06-17 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-06-17 03:43 . 2011-06-10 04:56 785920 ----a-w- c:\windows\system32\ipsecsnp32.exe
2011-06-17 03:37 . 2011-06-17 03:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-13 15:52 . 2011-06-10 04:56 785920 ----a-w- c:\windows\system32\lpk32.exe
2011-06-11 05:03 . 2011-06-11 05:03 0 ---ha-w- c:\documents and settings\HP_Administrator\hicppfozsd.tmp
2011-06-10 04:56 . 2011-06-10 04:56 785920 ----a-w- c:\windows\system32\ncxpnt32.exe
2011-06-10 04:56 . 2011-06-10 04:56 785920 ----a-w- c:\windows\system32\capicom32.exe
2011-06-10 04:56 . 2011-06-10 04:56 785920 ----a-w- c:\windows\system32\ativvaxx32.exe
2011-06-10 04:56 . 2011-06-10 04:56 785920 ----a-w- c:\windows\system32\ipv6mon32.exe
2011-06-10 04:56 . 2011-06-10 04:56 785920 ----a-w- c:\windows\system32\WMNetMgr32.exe
2011-05-28 14:26 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-15 19:04 . 2011-05-15 19:04 54016 ----a-w- c:\windows\system32\drivers\lnktdeoo.sys
2011-05-10 12:10 . 2010-12-19 07:02 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2009-11-23 05:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2009-11-23 05:43 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2009-11-23 05:43 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2009-11-23 05:43 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2009-11-23 05:43 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2009-11-23 05:43 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2009-11-23 05:43 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2009-11-23 05:43 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-10 05:03 . 2010-06-10 05:03 101760 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09D9207E-2323-4B65-4641-BC7193608EB1}]
2011-06-21 04:46 168960 ----a-w- c:\windows\system32\ativvaxx32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-30 57344]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-18 39408]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-30 40960]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-24 149280]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2006-08-25 81920]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712]
.
c:\documents and settings\daddy\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-27 27136]
.
c:\documents and settings\po12\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-27 27136]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\satya\registry-backup\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-12-9 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-12-9 51984]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-4-15 610120]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-27 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\ativvaxx32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NX Client for Windows\\bin\\NXWin.exe"=
"c:\\Program Files\\NX Client for Windows\\nxclient.exe"=
"c:\\Program Files\\PhonerLite\\PhonerLite.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_10\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\WMNetMgr32.exe"=
"c:\\WINDOWS\\system32\\ativvaxx32.exe"=
"c:\\WINDOWS\\system32\\capicom32.exe"=
"c:\\WINDOWS\\system32\\ncxpnt32.exe"=
"c:\\WINDOWS\\system32\\lpk32.exe"=
"c:\\WINDOWS\\system32\\ipsecsnp32.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59118:TCP"= 59118:TCP:Pando Media Booster
"59118:UDP"= 59118:UDP:Pando Media Booster
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/28/2011 7:26 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/22/2009 10:43 PM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2009 10:43 PM 19544]
R2 mnmsrvc32;NetMeeting Remote Desktop Sharing ;c:\windows\system32\ipsecsnp32.exe [6/16/2011 8:43 PM 785920]
R2 NetDDE32;Network DDE ;c:\windows\system32\ativvaxx32.exe [6/9/2011 9:56 PM 785920]
R2 RasAuto32;Remote Access Auto Connection Manager ;c:\windows\system32\capicom32.exe [6/9/2011 9:56 PM 785920]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [3/20/2011 7:01 PM 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [3/20/2011 7:02 PM 416112]
R2 W32Time32;Windows Time ;c:\windows\system32\ncxpnt32.exe [6/9/2011 9:56 PM 785920]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/15/2010 10:40 PM 135664]
S2 RemoteRegistry32;Remote Registry ;c:\windows\system32\WMNetMgr32.exe [6/9/2011 9:56 PM 785920]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/15/2010 10:40 PM 135664]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/15/2010 5:45 PM 35088]
S3 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 4:18 AM 360224]
S3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [9/21/2010 2:49 PM 23608]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [12/24/2009 3:25 PM 15656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-11 01:13]
.
2011-06-20 c:\windows\Tasks\expressburnDowngrade.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-08-31 03:33]
.
2011-06-20 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-08-31 03:33]
.
2011-06-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-18 05:40]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 05:40]
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 05:40]
.
2010-12-27 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-12-20 23:09]
.
2011-06-03 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe [2007-05-04 23:27]
.
2007-05-04 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe [2007-05-04 23:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.collegeconfidential.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\HP_Administrator\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKCU-Run-X-Lite 4 - c:\program files\CounterPath\X-Lite 4\X-Lite4.exe
AddRemove-blinkx beat - c:\program files\Blinkx\templates\uninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-20 22:15
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2424)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\ipv6mon32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\windows\system32\wscntfy.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2011-06-20 22:22:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-21 05:22
.
Pre-Run: 93,319,593,984 bytes free
Post-Run: 93,229,379,584 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C3B5F272462080DBDC1664A4620E4B5C
  • 0

#5
maliprog
Posted 21 June 2011 - 12:12 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi satyap,

How is your system now? Problems?

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#6
satyap
Posted 21 June 2011 - 08:13 AM

satyap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi, the problem still exists- I just tried after doing the TDSSKiller and aswMBR scan.

Here is the TDDSKiller log, and will post the aswMBR log next.

-------------

2011/06/21 03:16:27.0953 3924 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/21 03:16:28.0500 3924 ================================================================================
2011/06/21 03:16:28.0500 3924 SystemInfo:
2011/06/21 03:16:28.0500 3924
2011/06/21 03:16:28.0500 3924 OS Version: 5.1.2600 ServicePack: 2.0
2011/06/21 03:16:28.0500 3924 Product type: Workstation
2011/06/21 03:16:28.0500 3924 ComputerName: HOMEPC
2011/06/21 03:16:28.0500 3924 UserName: HP_Administrator
2011/06/21 03:16:28.0500 3924 Windows directory: C:\WINDOWS
2011/06/21 03:16:28.0500 3924 System windows directory: C:\WINDOWS
2011/06/21 03:16:28.0500 3924 Processor architecture: Intel x86
2011/06/21 03:16:28.0500 3924 Number of processors: 1
2011/06/21 03:16:28.0500 3924 Page size: 0x1000
2011/06/21 03:16:28.0500 3924 Boot type: Normal boot
2011/06/21 03:16:28.0500 3924 ================================================================================
2011/06/21 03:16:30.0765 3924 Initialize success
2011/06/21 03:16:41.0859 2864 ================================================================================
2011/06/21 03:16:41.0859 2864 Scan started
2011/06/21 03:16:41.0859 2864 Mode: Manual;
2011/06/21 03:16:41.0859 2864 ================================================================================
2011/06/21 03:16:43.0328 2864 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/21 03:16:43.0484 2864 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/21 03:16:43.0531 2864 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/21 03:16:43.0640 2864 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/06/21 03:16:43.0734 2864 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/06/21 03:16:43.0843 2864 AgereSoftModem (b7d2103eb2ecb765b2b7106bad089ab1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/06/21 03:16:44.0062 2864 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
2011/06/21 03:16:44.0109 2864 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
2011/06/21 03:16:44.0156 2864 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
2011/06/21 03:16:44.0234 2864 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
2011/06/21 03:16:44.0312 2864 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/21 03:16:44.0343 2864 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
2011/06/21 03:16:44.0515 2864 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/21 03:16:44.0578 2864 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/21 03:16:44.0640 2864 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/21 03:16:44.0734 2864 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/06/21 03:16:44.0781 2864 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/06/21 03:16:44.0859 2864 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/21 03:16:44.0906 2864 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/21 03:16:44.0968 2864 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/21 03:16:45.0171 2864 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/21 03:16:45.0265 2864 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/21 03:16:45.0312 2864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/21 03:16:45.0375 2864 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
2011/06/21 03:16:45.0421 2864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/21 03:16:45.0515 2864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/21 03:16:45.0609 2864 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/21 03:16:45.0687 2864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/21 03:16:45.0718 2864 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/21 03:16:45.0781 2864 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/06/21 03:16:45.0828 2864 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/21 03:16:46.0046 2864 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/06/21 03:16:46.0171 2864 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/21 03:16:46.0343 2864 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/21 03:16:46.0437 2864 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/21 03:16:46.0468 2864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/21 03:16:46.0515 2864 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/21 03:16:46.0609 2864 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/21 03:16:46.0734 2864 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/21 03:16:46.0781 2864 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/21 03:16:46.0812 2864 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/21 03:16:46.0859 2864 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/21 03:16:46.0921 2864 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/21 03:16:46.0984 2864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/21 03:16:47.0000 2864 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/21 03:16:47.0093 2864 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
2011/06/21 03:16:47.0140 2864 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/21 03:16:47.0203 2864 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/21 03:16:47.0265 2864 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2011/06/21 03:16:47.0375 2864 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/21 03:16:47.0453 2864 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/21 03:16:47.0578 2864 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/21 03:16:47.0734 2864 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/21 03:16:47.0812 2864 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/06/21 03:16:47.0906 2864 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/21 03:16:48.0218 2864 IntcAzAudAddService (27b220620a480e54bf57e4750ca9b65f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/21 03:16:48.0296 2864 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/21 03:16:48.0359 2864 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/21 03:16:48.0421 2864 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/21 03:16:48.0453 2864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/21 03:16:48.0515 2864 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/21 03:16:48.0562 2864 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/21 03:16:48.0625 2864 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/21 03:16:48.0687 2864 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/21 03:16:48.0734 2864 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/21 03:16:48.0796 2864 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/21 03:16:48.0859 2864 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/21 03:16:48.0937 2864 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/21 03:16:49.0031 2864 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/21 03:16:49.0171 2864 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\WINDOWS\system32\mbmiodrvr.sys
2011/06/21 03:16:49.0234 2864 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2011/06/21 03:16:49.0312 2864 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/06/21 03:16:49.0359 2864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/21 03:16:49.0406 2864 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/21 03:16:49.0500 2864 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/21 03:16:49.0531 2864 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/21 03:16:49.0593 2864 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/21 03:16:49.0750 2864 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/21 03:16:49.0843 2864 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/21 03:16:49.0906 2864 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/21 03:16:50.0000 2864 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/21 03:16:50.0046 2864 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/21 03:16:50.0093 2864 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/21 03:16:50.0171 2864 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/21 03:16:50.0218 2864 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/21 03:16:50.0265 2864 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/21 03:16:50.0296 2864 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/21 03:16:50.0359 2864 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/21 03:16:50.0437 2864 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/21 03:16:50.0468 2864 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/21 03:16:50.0515 2864 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/21 03:16:50.0562 2864 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/21 03:16:50.0609 2864 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/21 03:16:50.0640 2864 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/21 03:16:50.0703 2864 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/21 03:16:50.0796 2864 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/21 03:16:50.0843 2864 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/06/21 03:16:50.0921 2864 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
2011/06/21 03:16:50.0968 2864 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/21 03:16:51.0078 2864 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/21 03:16:51.0171 2864 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/06/21 03:16:51.0218 2864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/21 03:16:51.0265 2864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/21 03:16:51.0343 2864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/21 03:16:51.0390 2864 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/21 03:16:51.0437 2864 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/21 03:16:51.0500 2864 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/21 03:16:51.0578 2864 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/21 03:16:51.0609 2864 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/21 03:16:51.0687 2864 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/21 03:16:51.0750 2864 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/21 03:16:52.0062 2864 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/21 03:16:52.0140 2864 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/21 03:16:52.0234 2864 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/06/21 03:16:52.0296 2864 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/21 03:16:52.0328 2864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/21 03:16:52.0375 2864 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/21 03:16:52.0453 2864 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
2011/06/21 03:16:52.0703 2864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/21 03:16:52.0765 2864 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/21 03:16:52.0796 2864 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/21 03:16:52.0828 2864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/21 03:16:52.0890 2864 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/21 03:16:52.0937 2864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/21 03:16:52.0984 2864 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/21 03:16:53.0078 2864 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/21 03:16:53.0140 2864 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/21 03:16:53.0281 2864 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
2011/06/21 03:16:53.0328 2864 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/06/21 03:16:53.0359 2864 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/21 03:16:53.0421 2864 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/21 03:16:53.0484 2864 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/21 03:16:53.0562 2864 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/21 03:16:53.0656 2864 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/21 03:16:53.0734 2864 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/21 03:16:53.0796 2864 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/21 03:16:53.0921 2864 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/21 03:16:53.0984 2864 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/06/21 03:16:54.0031 2864 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/21 03:16:54.0078 2864 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/21 03:16:54.0140 2864 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/21 03:16:54.0296 2864 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/21 03:16:54.0406 2864 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/21 03:16:54.0453 2864 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/21 03:16:54.0500 2864 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/21 03:16:54.0578 2864 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/21 03:16:54.0703 2864 TuneConvertAudio (ff6e54b49607cc0f37d675b763735570) C:\WINDOWS\system32\drivers\TuneConvertAudio.sys
2011/06/21 03:16:54.0734 2864 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/21 03:16:54.0859 2864 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/21 03:16:54.0953 2864 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/21 03:16:55.0015 2864 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/21 03:16:55.0046 2864 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/21 03:16:55.0093 2864 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/21 03:16:55.0156 2864 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/21 03:16:55.0187 2864 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/21 03:16:55.0234 2864 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/21 03:16:55.0281 2864 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/21 03:16:55.0328 2864 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/06/21 03:16:55.0359 2864 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/21 03:16:55.0390 2864 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/21 03:16:55.0453 2864 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/06/21 03:16:55.0578 2864 W8335XP (7455b3c11a1d6a844b53febdb58646e9) C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys
2011/06/21 03:16:55.0640 2864 wacmoumonitor (826a053968d0faf39afd8aecff580cb6) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2011/06/21 03:16:55.0718 2864 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2011/06/21 03:16:55.0781 2864 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2011/06/21 03:16:55.0875 2864 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/21 03:16:55.0984 2864 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/21 03:16:56.0093 2864 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/21 03:16:56.0187 2864 WinDriver6 (097a8291df541f9b9af2c500797cdcaa) C:\WINDOWS\system32\drivers\windrvr6.sys
2011/06/21 03:16:56.0296 2864 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/21 03:16:56.0359 2864 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/21 03:16:56.0468 2864 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
2011/06/21 03:16:56.0500 2864 ================================================================================
2011/06/21 03:16:56.0500 2864 Scan finished
2011/06/21 03:16:56.0500 2864 ================================================================================
2011/06/21 03:16:56.0531 3548 Detected object count: 0
2011/06/21 03:16:56.0531 3548 Actual detected object count: 0
  • 0

#7
satyap
Posted 21 June 2011 - 08:15 AM

satyap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
The aswMBR log below:

Thanks,
satyap
------
aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-21 03:18:42
-----------------------------
03:18:42.078 OS Version: Windows 5.1.2600 Service Pack 2
03:18:42.078 Number of processors: 1 586 0x409
03:18:42.078 ComputerName: HOMEPC UserName:
03:18:43.390 Initialize success
03:18:43.609 AVAST engine defs: 11062100
03:19:14.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
03:19:14.828 Disk 0 Vendor: SAMSUNG_SP2004C VM100-33 Size: 190782MB BusType: 3
03:19:16.843 Disk 0 MBR read successfully
03:19:16.843 Disk 0 MBR scan
03:19:16.843 Disk 0 unknown MBR code
03:19:18.843 Disk 0 scanning sectors +390700800
03:19:18.859 Disk 0 scanning C:\WINDOWS\system32\drivers
03:19:24.406 Service scanning
03:19:25.640 Disk 0 trace - called modules:
03:19:25.656 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
03:19:25.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86767ab8]
03:19:25.656 3 CLASSPNP.SYS[f77d005b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x867d0b00]
03:19:26.218 AVAST engine scan C:\WINDOWS
03:55:55.312 File: C:\WINDOWS\system32\ativvaxx32.exe **INFECTED** Win32:Downloader-HUV [Trj]
03:56:08.234 File: C:\WINDOWS\system32\capicom32.exe **INFECTED** Win32:Downloader-HUV [Trj]
04:06:56.953 File: C:\WINDOWS\system32\ipsecsnp32.exe **INFECTED** Win32:Downloader-HUV [Trj]
04:06:57.796 File: C:\WINDOWS\system32\ipv6mon32.exe **INFECTED** Win32:Downloader-HUV [Trj]
04:08:46.765 File: C:\WINDOWS\system32\ncxpnt32.exe **INFECTED** Win32:Downloader-HUV [Trj]
04:14:27.296 AVAST engine scan C:\Documents and Settings\HP_Administrator
04:24:15.890 AVAST engine scan C:\Documents and Settings\All Users
04:24:49.609 Scan finished successfully
07:07:33.796 Disk 0 MBR has been saved successfully to "C:\satya\MBR.dat"
07:07:33.796 The log file has been saved successfully to "C:\satya\aswMBR.txt"
  • 0

#8
maliprog
Posted 21 June 2011 - 02:16 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You are still infected. We need some different tool.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Confirm deletion to all infection AVP finds
Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop
  • 0

#9
satyap
Posted 21 June 2011 - 10:05 PM

satyap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi, the tool prompted me to delete about5-6 infected files, and then it rebooted the PC. Looks like it did complete. Please find the log below:

Thanks,
satyap

---------

Autoscan: stopped 22 minutes ago (events: 3, objects: 436, time: 00:18:24)
6/21/2011 8:22:11 PM Task started
6/21/2011 8:24:08 PM Detected: Trojan.Win32.Menti.gqxg C:\WINDOWS\system32\ipsecsnp32.exe
6/21/2011 8:40:35 PM Task stopped
Disinfect active threats: completed 8 minutes ago (events: 14, objects: 4663, time: 00:13:58)
6/21/2011 8:40:35 PM Task started
6/21/2011 8:40:35 PM Detected: Trojan.Win32.Menti.gqxg C:\WINDOWS\system32\ipsecsnp32.exe
6/21/2011 8:40:57 PM Will be deleted on system restart: Trojan.Win32.Menti.gqxg C:\WINDOWS\system32\ipsecsnp32.exe
6/21/2011 8:42:45 PM Detected: Trojan.Win32.Menti.gqxg C:\WINDOWS\system32\ipsecsnp32.exe
6/21/2011 8:42:57 PM Will be deleted on system restart: Trojan.Win32.Menti.gqxg C:\WINDOWS\system32\ipsecsnp32.exe
6/21/2011 8:42:58 PM Detected: Trojan.Win32.Menti.gqxg C:\WINDOWS\system32\ativvaxx32.exe
6/21/2011 8:43:17 PM Will be deleted on system restart: Trojan.Win32.Menti.gqxg C:\WINDOWS\system32\ativvaxx32.exe
6/21/2011 8:43:17 PM Detected: Trojan.Win32.Menti.gqxg C:\WINDOWS\system32\ipv6mon32.exe
6/21/2011 8:43:24 PM Will be deleted on system restart: Trojan.Win32.Menti.gqxg C:\WINDOWS\system32\ipv6mon32.exe
6/21/2011 8:43:24 PM Detected: Trojan.Win32.Menti.gqxg C:\WINDOWS\system32\capicom32.exe
6/21/2011 8:43:45 PM Will be deleted on system restart: Trojan.Win32.Menti.gqxg C:\WINDOWS\system32\capicom32.exe
6/21/2011 8:43:46 PM Detected: Trojan.Win32.Menti.gqxg C:\WINDOWS\system32\ncxpnt32.exe
6/21/2011 8:44:12 PM Will be deleted on system restart: Trojan.Win32.Menti.gqxg C:\WINDOWS\system32\ncxpnt32.exe
6/21/2011 8:54:33 PM Task completed
  • 0

#10
maliprog
Posted 21 June 2011 - 11:20 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi satyap,

Nice. AVP took care of them. Do you still experience redirections?

Step 1

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

  • GMER log
  • New OTL scan log
It would be helpful if you could post each log in separate post
  • 0

Advertisements

#11
satyap
Posted 22 June 2011 - 09:01 PM

satyap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi mailprog,

The redirect issue seems to have got eliminated. Thank you for all your help. A few observations: I looked over the malware prevention guidelines on this site, and followed them as advised- installed ERUNT, SpywareBlaster, MalwareBytes Anti-Malware, SpywareGuard, Avast! and Online Armor. I also set up the system for automatic updates for Windows updates. As a result, the PC has now got updated to XP Service Pack 3. However, there was one recommended application which is not running: SystemRestorePoint - so not sure I can make clean restore points. I will try it again now and see what the error is.

Please find the GMER log below:

---------

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-22 19:17:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 SAMSUNG_SP2004C rev.VM100-33
Running: vmbjz51r.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kwldipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF16B4202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF171ACB2]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwAssignProcessToJobObject [0xF17CE928]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF16D86C1]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwConnectPort [0xF17CD64C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF16B681C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF16B6874]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateFile [0xF17D4316]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF16B698A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF16D8075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF16B6772]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreatePort [0xF17CD46A]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateProcess [0xF17CEEE8]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateProcessEx [0xF17CB978]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF16B68C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF16B67C6]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateThread [0xF17CC634]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF16B6938]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwDebugActiveProcess [0xF17CCD22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF16B4226]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF18B3398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF16D8D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF16D903D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF16B6C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF16D8BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF16D8A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF171AD62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF16B3FF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF18D393C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF18D3B44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF16B424A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF16B6D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF16B4CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF16B684C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF16B689C]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwOpenFile [0xF17D4694]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF16B69B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF16D83D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF16B679E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF16B6A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF16B6904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF16B67F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF16B6B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF16B6962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF171ADFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF16D88D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF16B4BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF16D872A]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwQueueApcThread [0xF17CEA44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF1723E48]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF18D4208]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRequestPort [0xF17CDCB0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0xF17CE018]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF16D76E8]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwResumeThread [0xF17CD0CE]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSecureConnectPort [0xF17CD86E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF16B426E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF16B4292]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSetContextThread [0xF17CCBCC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF18B375C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xF18D4E12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF16B404A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF16B4186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF16D8E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF16B4162]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSuspendProcess [0xF17CD1FE]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSuspendThread [0xF17CCF7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF16B41AA]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwTerminateProcess [0xF17CC472]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwTerminateThread [0xF17CCA66]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwUnloadDriver [0xF17CE518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF16B42B6]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwWriteVirtualMemory [0xF17CE804]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + C2 804E48EC 4 Bytes JMP CF033A6D
.text ntoskrnl.exe!ZwYieldExecution + 102 804E492C 16 Bytes [1C, 68, 6B, F1, 74, 68, 6B, ...] {SBB AL, 0x68; IMUL ESI, ECX, 0x74; PUSH 0x4316f16b; JGE 0xfffffffffffffffd; MOV CH, [ECX+0x6b]; INT1 }
.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4958 12 Bytes CALL F93FC64B
.text ntoskrnl.exe!ZwYieldExecution + 16A 804E4994 12 Bytes [26, 42, 6B, F1, 98, 33, 8B, ...]
.text ntoskrnl.exe!ZwYieldExecution + 23E 804E4A68 16 Bytes [4C, 68, 6B, F1, 9C, 68, 6B, ...]
.text ...
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP F172DD5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80575B10 4 Bytes CALL F16B5335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E6A62 5 Bytes JMP F172C2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP F16B7CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP F16B7BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP F16B6E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP F16B6F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP F16B7E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP F16B7B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP F16B8040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP F16B6FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP F16B6E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP F16B7F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP F16B7D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP F16B7C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP F16B732A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP F16B71AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP F16B7352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP F16B706A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP F16B6DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP F16B70DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP F16B7114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP F16B6F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP F16B7034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP F16B746C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP F16B7EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\smss.exe[512] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[576] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[648] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[648] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[648] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[648] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [5C, 71]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 2 Bytes [56, 71]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [50, 71]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715A0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A00001
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71630F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71540F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 71810F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71600F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 71840F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [74, 71] {JZ 0x73}
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A40804
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A40A08
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A40600
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A401F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A403FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71780F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 716C0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71690F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71720F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 716F0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A51014
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A50804
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A50A08
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A50C0C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A50E10
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A501F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A503FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A50600
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 718A0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 718D0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 71870F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71660F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[752] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[752] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[752] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[752] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[752] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[752] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[880] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[880] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[880] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[880] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[880] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009F0001
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A30804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A30A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A30600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A301F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A303FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A41014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A40804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A40A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A40C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A40E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A401F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A403FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A40600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Online Armor\OAcat.exe[1160] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Online Armor\OAcat.exe[1160] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Online Armor\OAcat.exe[1160] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Online Armor\OAcat.exe[1160] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00381014
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00380804
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00380A08
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00380C0C
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00380E10
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003801F8
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!CreateServiceW 77E37381 5 Bytes JMP 003803FC
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00380600
.text C:\Program Files\Online Armor\OAcat.exe[1160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Online Armor\OAcat.exe[1160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Online Armor\OAcat.exe[1160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Online Armor\OAcat.exe[1160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Online Armor\OAcat.exe[1160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Online Armor\oasrv.exe[1184] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Online Armor\oasrv.exe[1184] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Online Armor\oasrv.exe[1184] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Online Armor\oasrv.exe[1184] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001
.text C:\Program Files\Online Armor\oasrv.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Online Armor\oasrv.exe[1184] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 71A50F5A
.text C:\Program Files\Online Armor\oasrv.exe[1184] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Online Armor\oasrv.exe[1184] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Online Armor\oasrv.exe[1184] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Online Armor\oasrv.exe[1184] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Online Armor\oasrv.exe[1184] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Online Armor\oasrv.exe[1184] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\wuauclt.exe[1220] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[1220] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1220] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[1220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wuauclt.exe[1220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wuauclt.exe[1220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wuauclt.exe[1220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[1220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1336] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1336] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1712] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1712] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1712] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A40001
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A80804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A80A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A80600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A91014
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A90804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A90A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A90C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A90E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A90600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002D0600
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00930001
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 017D0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 017D0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 017D0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 017D01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 017D03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 00D5C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 017E1014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 017E0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 017E0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 017E0C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 017E0E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 017E01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 017E03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 017E0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\svchost.exe[1956] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1956] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1956] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[1984] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehSched.exe[1984] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[1984] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehSched.exe[1984] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[1984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehSched.exe[1984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehSched.exe[1984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehSched.exe[1984] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehSched.exe[1984] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002D0600
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [5C, 71]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 2 Bytes [56, 71]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [50, 71]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715A0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A20001
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71630F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71540F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 71810F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71600F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 71840F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [74, 71] {JZ 0x73}
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01B70804
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01B70A08
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01B70600
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01B701F8
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01B703FC
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71780F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 716C0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71690F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71720F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 716F0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 01B81014
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 01B80804
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 01B80A08
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 01B80C0C
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 01B80E10
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 01B801F8
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 01B803FC
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 01B80600
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 718A0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 718D0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 71870F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71660F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A10001
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A50804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A50A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A50600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A501F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A503FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A61014
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A60804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A60A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A60C0C
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A60E10
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A601F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A603FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A60600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[2116] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\WINDOWS\ehome\ehtray.exe[2116] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\ehome\ehtray.exe[2116] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[2116] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00940001
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00990804
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00990A08
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00990600
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009901F8
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009903FC
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 009A1014
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 009A0804
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 009A0A08
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 009A0C0C
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 009A0E10
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 009A01F8
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 009A03FC
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 009A0600
.text C:\WINDOWS\ehome\ehtray.exe[2116] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehmsas.exe[2268] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[2268] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehmsas.exe[2268] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehmsas.exe[2268] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehmsas.exe[2268] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehmsas.exe[2268] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002D0600
.text C:\vmbjz51r.exe[2348] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\vmbjz51r.exe[2348] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [5C, 71]
.text C:\vmbjz51r.exe[2348] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes [FF, 25, 1E]
.text C:\vmbjz51r.exe[2348] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 2 Bytes [56, 71]
.text C:\vmbjz51r.exe[2348] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\vmbjz51r.exe[2348] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [50, 71]
.text C:\vmbjz51r.exe[2348] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\vmbjz51r.exe[2348] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715A0F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AB0001
.text C:\vmbjz51r.exe[2348] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71630F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71540F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 71810F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71600F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 71840F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\vmbjz51r.exe[2348] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\vmbjz51r.exe[2348] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [74, 71] {JZ 0x73}
.text C:\vmbjz51r.exe[2348] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\vmbjz51r.exe[2348] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71780F5A
.text C:\vmbjz51r.exe[2348] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 716C0F5A
.text C:\vmbjz51r.exe[2348] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71690F5A
.text C:\vmbjz51r.exe[2348] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71720F5A
.text C:\vmbjz51r.exe[2348] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 716F0F5A
.text C:\vmbjz51r.exe[2348] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\vmbjz51r.exe[2348] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\vmbjz51r.exe[2348] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\vmbjz51r.exe[2348] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\vmbjz51r.exe[2348] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 717E0F5A
.text C:\vmbjz51r.exe[2348] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 717B0F5A
.text C:\vmbjz51r.exe[2348] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 718A0F5A
.text C:\vmbjz51r.exe[2348] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 718D0F5A
.text C:\vmbjz51r.exe[2348] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 71870F5A
.text C:\vmbjz51r.exe[2348] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\vmbjz51r.exe[2348] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71660F5A
.text C:\vmbjz51r.exe[2348] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008E0001
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A30804
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A30A08
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A30600
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A301F8
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A303FC
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A41014
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A40804
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A40A08
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A40C0C
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A40E10
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A401F8
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A403FC
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A40600
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 019B0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 019B0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 019B0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 019B01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 019B03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 019C1014
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 019C0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 019C0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 019C0C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 019C0E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 019C01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 019C03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 019C0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 10012420 C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 71540F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!select 71AB30A8 6 Bytes JMP 71510F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100123AA C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!ioctlsocket 71AB3F50 6 Bytes JMP 714E0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 100122D1 C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!bind 71AB4480 5 Bytes JMP 1001225B C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10012334 C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71570F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71440F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 100123D4 C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!recv 71AB676F 6 Bytes JMP 71480F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71410F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 1001246E C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSAAsyncSelect 71AC0991 6 Bytes JMP 714B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10012369 C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 713B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\Explorer.EXE[2476] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2476] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [6B, 71]
.text C:\WINDOWS\Explorer.EXE[2476] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2476] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2476] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2476] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00820001
.text C:\WINDOWS\Explorer.EXE[2476] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71720F5A
.text C:\WINDOWS\Explorer.EXE[2476] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\Explorer.EXE[2476] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\Explorer.EXE[2476] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 716F0F5A
.text C:\WINDOWS\Explorer.EXE[2476] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [83, 71]
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00980804
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00980A08
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00980600
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009801F8
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009803FC
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71870F5A
.text C:\WINDOWS\Explorer.EXE[2476] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 717B0F5A
.text C:\WINDOWS\Explorer.EXE[2476] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71780F5A
.text C:\WINDOWS\Explorer.EXE[2476] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71810F5A
.text C:\WINDOWS\Explorer.EXE[2476] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 717E0F5A
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00991014
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00990804
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00990A08
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00990C0C
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00990E10
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 009901F8
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 009903FC
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00990600
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 715D0F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!select 71AB30A8 6 Bytes JMP 715A0F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 71690F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!ioctlsocket 71AB3F50 6 Bytes JMP 71570F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 71660F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71600F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 714B0F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!recv 71AB676F 6 Bytes JMP 714F0F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71480F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!WSAAsyncSelect 71AC0991 6 Bytes JMP 71540F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71420F5A
.text C:\WINDOWS\Explorer.EXE[2476] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71750F5A
.text C:\WINDOWS\Explorer.EXE[2476] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\svchost.exe[2680] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2680] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2680] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A30001
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A80804
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A80A08
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A80600
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A801F8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A803FC
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A91014
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A90804
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A90A08
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A90C0C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A90E10
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A901F8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A903FC
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A90600
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\system32\svchost.exe[2764] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2764] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2764] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2764] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [5C, 71]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 2 Bytes [56, 71]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [50, 71]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715A0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A10001
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71630F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71540F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 71810F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71600F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 71840F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [74, 71] {JZ 0x73}
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A50804
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A50A08
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A50600
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A501F8
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A503FC
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71780F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 716C0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71690F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71720F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 716F0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A61014
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A60804
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A60A08
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A60C0C
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A60E10
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A601F8
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A603FC
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A60600
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 718A0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 718D0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 71870F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71660F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [5C, 71]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 2 Bytes [56, 71]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [50, 71]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715A0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71630F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71540F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 71810F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71600F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 71840F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [74, 71] {JZ 0x73}
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71780F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 716C0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71690F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71720F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 716F0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 717E0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 717B0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 718A0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 718D0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 71870F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71660F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002D1014
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002D0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002D0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002D0E10
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002D01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[3076] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3076] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\WINDOWS\system32\ctfmon.exe[3076] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[3076] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3076] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00940001
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00970804
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00970A08
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00970600
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009701F8
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009703FC
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00981014
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00980804
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00980A08
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00980C0C
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00980E10
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 009801F8
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 009803FC
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00980600
.text C:\WINDOWS\system32\ctfmon.exe[3076] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Online Armor\OAui.exe[3144] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Online Armor\OAui.exe[3144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Online Armor\OAui.exe[3144] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Online Armor\OAui.exe[3144] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\Program Files\Online Armor\OAui.exe[3144] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Online Armor\OAui.exe[3144] USER32.dll!LoadStringW 7E419E36 6 Bytes JMP 71A50F5A
.text C:\Program Files\Online Armor\OAui.exe[3144] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Online Armor\OAui.exe[3144] USER32.dll!LoadStringA 7E42C908 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Online Armor\OAui.exe[3144] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Online Armor\OAui.exe[3144] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Online Armor\OAui.exe[3144] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Online Armor\OAui.exe[3144] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\QuickTime\qttask.exe[3292] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\qttask.exe[3292] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\QuickTime\qttask.exe[3292] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\QuickTime\qttask.exe[3292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\QuickTime\qttask.exe[3292] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A40001
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A80804
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A80A08
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A80600
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A801F8
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A803FC
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A91014
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A90804
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A90A08
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A90C0C
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A90E10
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A901F8
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A903FC
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A90600
.text C:\Program Files\QuickTime\qttask.exe[3292] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [5C, 71]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 2 Bytes [56, 71]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [50, 71]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715A0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A00001
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71630F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71540F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 71810F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71600F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 71840F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [74, 71] {JZ 0x73}
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00DB0804
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00DB0A08
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00DB0600
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00DB01F8
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00DB03FC
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71780F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 716C0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71690F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71720F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 716F0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00DC1014
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00DC0804
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00DC0A08
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00DC0C0C
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00DC0E10
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00DC01F8
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00DC03FC
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00DC0600
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 718A0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 718D0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 71870F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71660F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A80001
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AC0804
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AC0A08
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AC0600
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AC01F8
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AC03FC
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00AD1014
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00AD0804
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00AD0A08
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00AD0C0C
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00AD0E10
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00AD01F8
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00AD03FC
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00AD0600
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\wscntfy.exe[3448] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3448] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A50001
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AE0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AE0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AE0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AE01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AE03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00AF1014
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00AF0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00AF0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00AF0C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00AF0E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00AF01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00AF03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00AF0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Online Armor\OAhlp.exe[3656] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Online Armor\OAhlp.exe[3656] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Online Armor\OAhlp.exe[3656] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Online Armor\OAhlp.exe[3656] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D90001
.text C:\Program Files\Online Armor\OAhlp.exe[3656] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Online Armor\OAhlp.exe[3656] USER32.dll!LoadStringW 7E419E36 6 Bytes JMP 71A50F5A
.text C:\Program Files\Online Armor\OAhlp.exe[3656] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Online Armor\OAhlp.exe[3656] USER32.dll!LoadStringA 7E42C908 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Online Armor\OAhlp.exe[3656] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Online Armor\OAhlp.exe[3656] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Online Armor\OAhlp.exe[3656] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Online Armor\OAhlp.exe[3656] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\dllhost.exe[3892] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\dllhost.exe[3892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[3892] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\dllhost.exe[3892] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\dllhost.exe[3892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\dllhost.exe[3892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\dllhost.exe[3892] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\dllhost.exe[3892] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\dllhost.exe[3892] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A80001
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AC0804
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AC0A08
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AC0600
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AC01F8
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AC03FC
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00AD1014
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00AD0804
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00AD0A08
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00AD0C0C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00AD0E10
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00AD01F8
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00AD03FC
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00AD0600
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [5C, 71]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 2 Bytes [56, 71]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [50, 71]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715A0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B80001
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71630F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71540F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 71810F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71600F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 71840F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [74, 71] {JZ 0x73}
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BC0804
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00BC0A08
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00BC0600
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00BC01F8
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00BC03FC
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71780F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 716C0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71690F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71720F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 716F0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00BD1014
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00BD0804
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00BD0A08
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00BD0C0C
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00BD0E10
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00BD01F8
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00BD03FC
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00BD0600
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 718A0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 718D0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 71870F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71660F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\System32\alg.exe[4008] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[4008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4008] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[4008] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[4008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[4008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[4008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[4008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7AF8EB0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7AF8F80] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7AF8F10] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7AF8F50] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7AF8F10] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7AF8F80] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7AF8EB0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F189B3C4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7AF8F10] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7AF8F50] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7AF8EB0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7AF8F80] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F18B42AA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F18B460C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F18B3D40] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F18B441C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[648] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[648] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\user32.dll [GDI32.dll!GetStockObject] [00A69CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [00A6AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryA] [00A6ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!GetProcAddress] [00A6A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryW] [00A6ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00A6AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00A6ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00A6A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00A6ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [GDI32.dll!GetStockObject] [00A69CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [00A6ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [00A6ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [00A6A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExW] [00A6AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExA] [00A6AE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!AnimateWindow] [00A69D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TrackPopupMenuEx] [00A69B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] [00A6A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetSysColor] [00A69C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] [00A6A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetSysColorBrush] [00A69CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TrackPopupMenu] [00A69B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [00A69CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00A6AE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00A6AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00A6ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00A6ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00A6A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [00A6A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [00A6A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [00A69C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [00A69B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [00A69B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [00A6A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [00A6ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [00A6ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!GetProcAddress] [00A6A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Emsisoft)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Emsisoft)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Emsisoft)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Emsisoft)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Emsisoft)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----
  • 0

#12
satyap
Posted 22 June 2011 - 09:03 PM

satyap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Please find the OTL log below:

Thanks,
satyap

-----

OTL logfile created on: 6/22/2011 7:19:47 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Sharmila\resume
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.36 Mb Total Physical Memory | 239.96 Mb Available Physical Memory | 25.01% Memory free
2.26 Gb Paging File | 1.64 Gb Available in Paging File | 72.54% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.79 Gb Total Space | 84.25 Gb Free Space | 47.39% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.19% Space Free | Partition Type: FAT32

Computer Name: HOMEPC | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/19 14:20:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Sharmila\resume\OTL.exe
PRC - [2011/06/06 11:27:25 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/04/15 15:50:00 | 000,610,120 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2011/04/06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2011/04/06 13:01:06 | 002,477,032 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2011/04/06 13:01:04 | 001,165,336 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2010/10/26 14:42:14 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010/10/26 14:42:14 | 002,953,584 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010/10/26 14:42:14 | 001,153,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2010/10/26 14:42:14 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/10/24 04:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/29 19:19:00 | 000,057,344 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
PRC - [2005/09/21 10:41:10 | 001,605,740 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
PRC - [2005/02/01 20:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIADA.EXE
PRC - [1996/12/09 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (SafeList) ==========

MOD - [2011/06/20 21:46:19 | 000,168,960 | ---- | M] () -- C:\WINDOWS\system32\ativvaxx32.dll
MOD - [2011/06/19 14:20:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Sharmila\resume\OTL.exe
MOD - [2011/04/06 13:01:12 | 001,114,896 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oawatch.dll
MOD - [2008/04/13 17:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 17:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 17:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/13 17:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 17:12:05 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\security.dll
MOD - [2008/04/13 17:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (Apache2)
SRV - [2011/06/09 21:56:16 | 000,785,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\WMNetMgr32.exe -- (RemoteRegistry32)
SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/10/26 14:42:14 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010/10/26 14:42:14 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010/07/15 17:45:44 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/08/03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) [On_Demand | Stopped] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/09/29 20:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 05:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 04:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/24 15:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/04/06 13:02:26 | 000,039,048 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2011/04/06 13:01:32 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2011/04/06 13:01:30 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2011/04/06 13:01:30 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/10/11 12:19:26 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010/09/11 08:30:22 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TuneConvertAudio.sys -- (TuneConvertAudio)
DRV - [2010/07/15 17:45:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/05/13 11:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/01/30 14:29:50 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/06/08 13:15:20 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/02/16 12:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/10/20 08:23:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/10/18 13:15:42 | 004,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/09/23 13:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/08/22 00:53:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2005/08/13 22:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/04 00:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 01:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/10 10:42:36 | 000,002,944 | ---- | M] ([email protected]) [Kernel | System | Running] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/11/05 15:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 23 05 C2 01 06 1F 0E 4D 9C 07 BD 42 9F 8F 7E 9F [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "about:myworld|http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=nshome&bd=pavilion&locale=EN_US&c=Q106&pf=desktop|http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=nshome2&bd=pavilion&locale=EN_US&c=Q106&pf=desktop"

FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Flock\flock\plugins [2008/05/18 12:56:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Flock\flock\components [2008/05/18 12:56:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/06 11:27:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/06 11:27:36 | 000,000,000 | ---D | M]

[2008/11/26 01:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2011/06/21 22:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions
[2010/07/27 07:55:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/27 07:55:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/30 09:53:03 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/07/27 07:55:11 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/02/16 22:48:54 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2010/07/27 07:55:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/06/21 22:06:43 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\[email protected]
[2010/07/27 07:55:14 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sylydm6m.default\extensions\[email protected]
[2011/06/21 22:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/21 08:49:08 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/05/07 14:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/05/18 12:56:16 | 000,000,000 | ---D | M] (afcE93FC2E44C41 Branding) -- C:\PROGRAM FILES\FLOCK\FLOCK\EXTENSIONS\[email protected]
[2008/05/18 12:56:16 | 000,000,000 | ---D | M] (nse Branding) -- C:\PROGRAM FILES\FLOCK\FLOCK\EXTENSIONS\[email protected]
[2010/06/09 22:03:02 | 000,101,760 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/06/09 22:02:05 | 000,064,384 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/07/13 15:54:03 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2011/06/20 22:15:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (c0a02fd7) - {09D9207E-2323-4B65-4641-BC7193608EB1} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\satya\virus-removal-downloads\registry-backup\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.bitstream...er/tdserver.cab (TDServer Control)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\ativvaxx32.dll) - C:\WINDOWS\system32\ativvaxx32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/27 15:29:28 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 07:57:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/22 07:55:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/21 23:29:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/06/21 23:29:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/06/21 23:29:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/06/21 23:29:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/06/21 23:06:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/06/21 22:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\QFX Software
[2011/06/21 22:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/06/21 22:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyScrambler
[2011/06/21 22:06:07 | 000,225,856 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/06/21 22:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/06/21 22:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\OnlineArmor
[2011/06/21 22:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2011/06/21 22:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Armor
[2011/06/21 22:01:39 | 000,029,464 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/06/21 22:01:39 | 000,025,192 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2011/06/21 22:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2011/06/21 21:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/06/21 21:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/06/21 21:38:36 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/21 21:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/21 21:38:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/21 21:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/21 19:53:40 | 099,372,504 | ---- | C] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\setup_9.0.0.722_22.06.2011_05-01.exe
[2011/06/21 03:15:25 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2011/06/20 21:55:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/20 21:51:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/20 21:51:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/20 21:51:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/20 21:51:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/20 21:51:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/20 21:50:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Administrative Tools
[2011/06/20 21:48:59 | 004,131,325 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/06/20 21:41:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/19 10:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/06/19 10:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/06/19 10:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\GooredFix Backups
[2011/06/19 10:03:31 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/17 20:16:57 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/06/17 20:16:25 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/06/17 20:16:21 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/06/17 20:15:53 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/06/17 20:15:49 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/06/17 20:15:40 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/06/17 20:15:19 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/06/17 20:14:57 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/06/17 20:14:53 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/06/17 20:14:49 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/06/17 20:14:43 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/06/17 20:14:39 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/06/17 20:14:35 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/06/17 20:14:31 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/06/17 20:14:15 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/06/17 20:14:00 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/06/17 20:13:57 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/06/17 20:13:53 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/06/17 20:13:45 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/06/17 20:13:25 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/06/17 20:13:11 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/06/17 20:13:07 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/06/17 20:12:51 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/06/17 20:12:48 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/06/17 20:12:44 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/06/17 20:12:41 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/06/17 20:12:38 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/06/17 20:12:34 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/06/17 20:12:04 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/06/17 20:11:58 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/06/17 20:11:55 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/06/17 20:11:48 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/06/17 20:11:45 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/06/17 20:11:32 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/06/17 20:11:29 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/06/17 20:10:47 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/06/17 20:10:43 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/06/17 20:10:40 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/06/17 20:10:36 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/06/17 20:10:30 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/06/17 20:10:09 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/06/17 20:09:39 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/06/17 20:09:35 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/06/17 20:09:32 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/06/17 20:09:29 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/06/17 20:09:26 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/06/17 20:08:55 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/06/17 20:08:52 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/06/17 20:08:48 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/06/17 20:08:41 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/06/17 20:08:11 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/06/17 20:08:08 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/06/17 20:08:05 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/06/17 20:08:02 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/06/17 20:07:35 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/06/17 20:07:29 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/06/17 20:07:25 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/06/17 20:07:10 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/06/17 20:07:07 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/06/17 20:07:04 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/06/17 20:07:01 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/06/17 20:06:58 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/06/17 20:06:55 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/06/17 20:06:52 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/06/17 20:06:49 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/06/17 20:06:46 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/06/17 20:06:38 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/06/17 20:06:35 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/06/17 20:06:16 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/06/17 20:06:05 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/06/17 20:06:00 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/06/17 20:05:42 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/06/17 20:05:39 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/06/17 20:05:10 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/06/17 20:05:07 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/06/17 20:05:04 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/06/17 20:04:54 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/06/17 20:04:03 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/06/17 20:03:52 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/06/17 20:03:50 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/06/17 20:03:47 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/06/17 20:03:31 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/06/17 20:03:28 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/06/17 20:03:25 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/06/17 20:03:21 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/06/17 20:03:00 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/06/17 20:02:46 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/06/17 20:02:43 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/06/17 20:02:37 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/06/17 20:02:27 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/06/17 20:02:25 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/06/17 20:02:16 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/06/17 20:02:14 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/06/17 20:02:11 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/06/17 20:02:08 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/06/17 20:02:05 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/06/17 20:02:03 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/06/17 20:01:54 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/06/17 20:01:51 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/06/17 20:01:49 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/06/17 20:01:46 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/06/17 20:01:43 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/06/17 20:00:50 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/06/17 20:00:13 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/06/17 19:59:51 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/06/17 19:59:49 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/06/17 19:59:47 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/06/17 19:59:44 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/06/17 19:59:43 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/06/17 19:59:41 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/06/17 19:59:32 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/06/17 19:59:29 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/06/17 19:59:27 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/06/17 19:59:24 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/06/17 19:59:19 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/06/17 19:59:16 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/06/17 19:58:19 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/06/17 19:57:40 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/06/17 19:56:04 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/06/17 19:55:55 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/06/17 19:55:23 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/06/17 19:55:21 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/06/17 19:55:07 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/06/17 19:55:00 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/06/17 19:54:58 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/06/17 19:54:53 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/06/17 19:54:51 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/06/17 19:54:49 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/06/17 19:54:47 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/06/17 19:54:32 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/06/17 19:54:28 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/06/17 19:54:27 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/06/17 19:53:06 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/06/17 19:53:00 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/06/17 19:52:50 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/06/17 19:52:48 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/06/17 19:52:47 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/06/17 19:52:42 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/06/17 19:52:41 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/06/17 19:52:40 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/06/17 19:52:39 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/06/17 19:52:36 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/06/17 19:52:15 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/06/17 19:52:14 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/06/17 19:52:10 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/06/17 19:51:47 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/06/17 19:51:46 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/06/17 19:51:45 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/06/17 19:51:44 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/06/17 19:51:43 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/06/17 19:51:42 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/06/17 19:51:41 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/06/17 19:51:31 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/06/17 19:51:15 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/06/17 19:51:05 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/06/17 19:50:58 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/06/17 19:50:58 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/06/17 19:50:57 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/06/17 19:50:57 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/06/17 19:50:56 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/06/17 19:50:53 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/06/17 19:50:52 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/06/17 19:50:51 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/06/17 19:50:51 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/06/17 19:50:48 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/06/17 19:50:47 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/06/17 19:50:14 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/06/17 19:50:13 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/06/17 19:50:13 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/06/17 19:50:12 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/06/17 19:50:11 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/06/17 19:50:11 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/06/17 19:50:10 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/06/17 19:50:09 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/06/17 19:50:07 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/06/17 19:50:07 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/06/17 19:50:06 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/06/17 19:50:05 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/06/17 19:50:04 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/06/17 19:50:04 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/06/17 19:50:03 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/06/17 19:50:03 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/06/17 19:50:02 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/06/17 19:50:01 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/06/17 19:49:54 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/06/17 19:49:50 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/06/17 19:49:50 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/06/17 19:49:49 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/06/17 19:49:48 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/06/17 19:49:48 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/06/17 19:49:47 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/06/17 19:49:46 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/06/17 19:49:07 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/06/17 19:48:59 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/06/17 19:48:42 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/06/17 19:48:40 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/06/17 19:48:39 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/06/17 19:48:39 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/06/17 19:48:38 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/06/17 19:48:36 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/06/17 19:48:32 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/06/17 19:48:32 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/06/17 19:48:29 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/06/17 19:48:28 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/06/17 19:48:28 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/06/17 00:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/06/17 00:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/06/16 15:28:52 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2011/05/28 07:26:09 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
[2 C:\Documents and Settings\HP_Administrator\*.tmp files -> C:\Documents and Settings\HP_Administrator\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/22 19:01:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/22 15:01:01 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/22 14:54:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/22 09:10:42 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/06/22 08:25:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/22 08:17:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/22 08:17:47 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/22 08:10:08 | 000,302,592 | ---- | M] () -- C:\vmbjz51r.exe
[2011/06/22 08:00:27 | 000,437,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/22 08:00:27 | 000,070,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/21 23:12:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/21 21:43:08 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SpywareBlaster.lnk
[2011/06/21 21:38:37 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/21 21:34:24 | 000,001,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/21 21:34:22 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk
[2011/06/21 21:34:22 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2011/06/21 20:22:30 | 255,901,696 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2011/06/21 20:17:52 | 099,372,504 | ---- | M] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\setup_9.0.0.722_22.06.2011_05-01.exe
[2011/06/21 07:48:24 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\60537885
[2011/06/21 03:15:50 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2011/06/20 22:15:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/20 21:55:18 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/20 21:49:16 | 004,131,325 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/06/20 21:46:19 | 000,168,960 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx32.dll
[2011/06/20 21:46:19 | 000,000,105 | ---- | M] () -- C:\WINDOWS\System32\1249732853
[2011/06/19 17:29:31 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/06/19 17:29:30 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\expressburnDowngrade.job
[2011/06/19 10:52:31 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/06/19 10:52:31 | 000,001,671 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/06/19 10:01:33 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Notepad.lnk
[2011/06/16 23:28:23 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\rstrui.exe (2).lnk
[2011/06/16 21:11:53 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\rstrui.exe.lnk
[2011/06/16 20:44:16 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/16 20:44:12 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2011/06/09 21:56:16 | 000,785,920 | ---- | M] () -- C:\WINDOWS\System32\WMNetMgr32.exe
[2011/06/09 21:56:16 | 000,785,920 | ---- | M] () -- C:\WINDOWS\System32\lpk32.exe
[2011/06/04 15:26:32 | 000,074,108 | ---- | M] () -- C:\Sonia As Ravana.JPG
[2011/06/04 07:08:50 | 000,130,496 | ---- | M] () -- C:\WINDOWS\HPHins13.dat
[2011/06/03 16:46:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2011/06/02 19:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 20:10:03 | 000,112,640 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
[2 C:\Documents and Settings\HP_Administrator\*.tmp files -> C:\Documents and Settings\HP_Administrator\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/22 08:10:06 | 000,302,592 | ---- | C] () -- C:\vmbjz51r.exe
[2011/06/21 22:18:04 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/06/21 22:16:28 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2011/06/21 22:15:29 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/06/21 22:15:04 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/06/21 22:01:39 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/06/21 22:01:39 | 000,039,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/06/21 21:43:08 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SpywareBlaster.lnk
[2011/06/21 21:38:37 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/20 21:51:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/20 21:51:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/20 21:51:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/20 21:46:19 | 000,168,960 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx32.dll
[2011/06/19 10:52:31 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/06/19 10:52:31 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/06/19 09:59:01 | 000,001,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/19 09:59:00 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk
[2011/06/19 09:59:00 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2011/06/17 20:16:50 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/06/17 20:04:39 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/06/17 19:59:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/06/17 19:57:56 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/06/17 19:57:53 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/06/17 19:57:49 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/06/17 19:56:56 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/06/17 19:56:02 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/06/17 19:55:58 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/06/17 19:55:53 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/06/17 19:55:49 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/06/17 19:55:44 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/06/17 19:55:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/06/17 19:52:46 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/06/17 19:52:45 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/06/17 19:52:44 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/06/17 19:51:05 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/06/17 19:49:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/06/17 19:49:37 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/06/17 19:49:36 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/06/17 19:49:35 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/06/17 19:49:35 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/06/17 19:49:34 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/06/17 19:49:34 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/06/17 19:49:33 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/06/17 19:49:32 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/06/17 19:49:20 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/06/16 23:28:05 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\rstrui.exe (2).lnk
[2011/06/16 21:11:11 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\rstrui.exe.lnk
[2011/06/16 21:08:48 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\60537885
[2011/06/16 20:44:16 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/13 08:52:05 | 000,785,920 | ---- | C] () -- C:\WINDOWS\System32\lpk32.exe
[2011/06/09 21:56:26 | 000,785,920 | ---- | C] () -- C:\WINDOWS\System32\WMNetMgr32.exe
[2011/06/09 21:56:26 | 000,000,105 | ---- | C] () -- C:\WINDOWS\System32\1249732853
[2011/06/04 15:26:30 | 000,074,108 | ---- | C] () -- C:\Sonia As Ravana.JPG
[2011/05/15 12:04:02 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lnktdeoo.sys
[2011/02/03 21:51:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT10.ini
[2010/12/20 23:26:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2010/12/20 23:26:27 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2010/12/20 23:15:11 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/12/20 17:26:18 | 000,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/10/08 11:22:03 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/10/05 08:32:35 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/09/30 11:07:48 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/09/22 22:39:24 | 000,180,208 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/21 14:51:09 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/15 17:45:44 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/12/12 12:24:49 | 000,007,831 | ---- | C] () -- C:\WINDOWS\extend.dat
[2009/11/28 17:06:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/28 17:06:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/26 11:49:43 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/27 13:07:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PUTTY.RND
[2009/08/26 11:10:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/04/25 19:26:16 | 000,000,537 | ---- | C] () -- C:\WINDOWS\muncher.ini
[2007/11/25 17:14:24 | 000,130,496 | ---- | C] () -- C:\WINDOWS\HPHins13.dat
[2007/11/25 17:14:24 | 000,002,977 | ---- | C] () -- C:\WINDOWS\hphmdl13.dat
[2007/03/22 17:52:31 | 000,001,358 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/26 21:42:18 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\kpk-w.bit
[2006/12/26 21:42:18 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\kpk-b.bit
[2006/12/23 09:56:10 | 000,000,194 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/12/02 11:33:09 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2006/11/26 15:03:03 | 000,005,366 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\games.pgn
[2006/11/26 14:48:40 | 000,524,300 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\position.bin
[2006/11/23 12:47:24 | 000,001,678 | ---- | C] () -- C:\WINDOWS\FlipBook.INI
[2006/11/10 10:17:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/10/24 13:24:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/21 08:47:09 | 000,000,054 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2006/10/14 17:15:38 | 000,606,208 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\arasan.exe
[2006/10/14 16:52:10 | 001,507,328 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\book.bin
[2006/10/14 12:47:20 | 000,004,516 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\arasan.rc
[2006/09/30 18:05:48 | 000,000,039 | ---- | C] () -- C:\WINDOWS\chssbase.ini
[2006/09/04 19:08:36 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2006/09/04 19:07:57 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/09/04 08:07:08 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/09/03 21:15:41 | 000,112,640 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/03 20:00:29 | 000,060,565 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/09/03 20:00:29 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/09/03 20:00:29 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/09/03 20:00:29 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/09/03 20:00:29 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/09/03 20:00:29 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/09/03 20:00:29 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/09/03 20:00:29 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/09/03 20:00:29 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/09/03 20:00:29 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/09/03 20:00:29 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/09/03 20:00:29 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/09/03 20:00:28 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/09/03 20:00:28 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/09/03 19:58:58 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4800.ini
[2006/09/03 18:47:47 | 000,004,936 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/03 18:43:53 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/05/02 15:38:24 | 000,072,444 | ---- | C] () -- C:\WINDOWS\SetBrowser.exe
[2006/05/02 15:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2006/04/11 15:56:30 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\pythoncom24.dll
[2006/04/11 15:56:30 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\pywintypes24.dll
[2005/12/27 15:58:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/27 15:36:53 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/12/27 15:33:40 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2005/12/27 15:32:51 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/12/27 15:32:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/12/27 15:26:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/27 15:21:45 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/12/27 15:21:45 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/12/27 15:21:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/12/27 15:21:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/12/27 15:21:45 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/12/27 15:21:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/27 15:16:09 | 000,000,159 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/27 15:15:11 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/12/27 15:15:11 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/12/27 15:09:27 | 000,080,417 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2005/12/27 15:09:27 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2005/12/27 15:08:26 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/12/27 15:08:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2005/12/27 15:06:54 | 000,112,873 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2005/12/27 15:06:54 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2005/12/27 15:03:28 | 000,088,403 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
[2005/12/27 15:03:27 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
[2005/12/27 15:02:26 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/12/27 14:58:16 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/12/27 14:46:31 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/27 14:39:37 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/12/27 14:39:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/12/27 14:39:13 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/15 19:33:25 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Cleanup.exe
[2005/08/31 05:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/31 05:07:46 | 000,437,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/31 05:07:46 | 000,070,344 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/31 05:05:30 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/31 05:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/31 04:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 22:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 00:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/07/15 11:36:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/07/15 11:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 11:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 11:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/08/10 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 15:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 16:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 16:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 23:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/12/09 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/09 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/12/19 00:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/08 11:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/09/27 18:48:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2009/02/28 14:48:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2006/09/04 21:14:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/04/18 09:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gCmNiCc08200
[2008/12/07 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/09/06 09:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/07/28 13:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2011/06/21 22:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2008/07/28 13:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/07/13 18:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/06/21 22:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2009/12/27 21:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2011/06/22 08:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/19 10:53:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/21 14:46:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
[2011/06/19 17:29:30 | 000,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnDowngrade.job
[2011/06/19 17:29:31 | 000,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2010/12/26 21:27:01 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/06/03 16:46:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2007/05/03 19:23:43 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\Desktop\fhfhfhf.bmp:Roxio EMC Stream
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >
  • 0

#13
maliprog
Posted 23 June 2011 - 02:56 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Nice :). You can set your System Restore point manually.

To set a System Restore Point...
  • Open the Start menu
  • Open the Programs menu
  • Open the Accessories menu
  • Open the System Tools menu
  • Finally, start System Restore
  • Pick the option for setting a System Restore Point and click on the Next button
  • Fill in a name for the restore point so you can find it and click on the Create button
  • Click on the Close button when done

  • 0

#14
satyap
Posted 23 June 2011 - 04:16 PM

satyap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi maliprog - Yes, I have been able to create a restore point manaully. Once in a while at system startup I see some crashes from .Net - not sure what they are about (once it was from CAS Policy Manager, and another time from some other .Net module). I am going to ingore them as long as they dont cause me grief :)

Thanks, again.

Take care,
satyap
  • 0

#15
maliprog
Posted 23 June 2011 - 11:05 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi satyap,

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP