Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Am I still infected?


  • This topic is locked This topic is locked

#1
pipeman

pipeman

    Member

  • Member
  • PipPipPip
  • 103 posts
I have a computer that was infected with multiple viruses and Malware. Some of the viruses are listed here:

File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6AGAE8DU\ex[2].htm is infected by Win32:Malware-gen, Deleted
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S9RXSUIQ\gayfantasyblog_info[1].htm is infected by JS:Redirector-KF [Trj], Deleted
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UMFQY98U\full-onlinepornmovies_net[1].htm is infected by JS:Redirector-KF [Trj], Deleted
File C:\WINDOWS\pchealth\ERRORREP\UserDumps\svchost.exe.20110919-202803-00.hdmp is infected by Win32:DNSChanger-VJ [Trj], Deleted
File C:\WINDOWS\Temp\0.07105428383118595.exe is infected by Win32:Delf-QVU [Trj], Deleted
File C:\WINDOWS\Temp\jar_cache8629467449458247360.tmp|>bingo\nikon.class is infected by Java:Agent-WC [Expl], Deleted
File C:\WINDOWS\Temp\jar_cache8629467449458247360.tmp|>bingo\pensil.class is infected by Java:Agent-WD [Expl], Deleted
File C:\WINDOWS\Temp\jar_cache956596995554573381.tmp|>bingo\nikon.class is infected by Java:Agent-WC [Expl], Deleted
File C:\WINDOWS\Temp\jar_cache956596995554573381.tmp|>bingo\pensil.class is infected by Java:Agent-WD [Expl], Deleted

There was also a lot of malware that was removed by following the instructions found in this guide: http://www.selectrea...e-removal-guide

On the advice of the guide I'm posting the OTL file here in hopes that someone can look at it and tell me if my system looks ok now or is there something more I need to do to clean my system. The computer seems to be running fine now, except for still being a little slow. Thanks in advance for your time.


OTL logfile created on: 10/3/2011 11:17:00 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Candace Wrzesinski\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.85 Mb Total Physical Memory | 259.88 Mb Available Physical Memory | 25.43% Memory free
2.40 Gb Paging File | 1.85 Gb Available in Paging File | 77.10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 176.12 Gb Free Space | 77.20% Space Free | Partition Type: NTFS

Computer Name: D35SJ8C1 | User Name: Candace Wrzesinski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/03 11:16:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Candace Wrzesinski\My Documents\Downloads\OTL(1).exe
PRC - [2011/10/03 10:35:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/05/19 00:23:16 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/11/06 12:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/20 16:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/08/19 11:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2003/08/19 10:43:48 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/06 00:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/03 10:35:09 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/03 03:52:21 | 001,580,032 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11100300\algo.dll
MOD - [2011/10/01 10:11:10 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/30 09:14:34 | 000,212,640 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11100300\aswRep.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2003/07/29 09:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2003/03/08 23:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 15:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 15:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/03/20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/02/12 14:29:00 | 000,166,272 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2002/07/30 17:22:36 | 000,171,776 | ---- | M] (The Linksys Group, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WMP11V27.sys -- (WMP11V27)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Candace Wrzesinski\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/29 00:05:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 10:35:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/03 10:44:56 | 000,000,000 | ---D | M]

[2008/11/29 12:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Candace Wrzesinski\Application Data\Mozilla\Extensions
[2011/10/01 12:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Candace Wrzesinski\Application Data\Mozilla\Firefox\Profiles\9faqjnh0.default\extensions
[2010/04/26 21:15:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Candace Wrzesinski\Application Data\Mozilla\Firefox\Profiles\9faqjnh0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/20 10:54:41 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Candace Wrzesinski\Application Data\Mozilla\Firefox\Profiles\9faqjnh0.default\searchplugins\aim-search.xml
[2011/10/03 10:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/03 10:44:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/08/18 21:04:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/03 10:35:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/09/22 20:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: Google Gadget Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Candace Wrzesinski\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2008/04/01 09:17:38 | 000,229,814 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8059 more lines...
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1207069349546 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68539364-024C-47D2-82BA-C17234F39D39}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD6C4891-FCE3-43A6-9407-E4C65DCD028D}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Candace Wrzesinski\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Candace Wrzesinski\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/29 12:01:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ee25d55d-abba-11de-8f13-00062522b289}\Shell\AutoRun\command - "" = I:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/03 10:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/10/03 10:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/03 10:44:56 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/03 10:44:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/03 10:44:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/03 10:44:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/03 10:34:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Candace Wrzesinski\IECompatCache
[2011/10/01 15:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/01 15:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/01 15:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/01 15:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/01 15:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/01 15:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/01 15:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/10/01 14:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Candace Wrzesinski\Application Data\SUPERAntiSpyware.com
[2011/10/01 14:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/01 14:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/01 14:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/01 10:11:10 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/01 09:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/09/30 09:33:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Candace Wrzesinski\PrivacIE
[2011/09/29 21:04:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Candace Wrzesinski\Start Menu\Programs\Administrative Tools
[2011/09/29 19:10:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Candace Wrzesinski\IETldCache
[2011/09/29 14:51:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/09/29 14:51:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/09/29 14:51:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/09/29 14:49:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/09/29 14:47:38 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/09/29 14:45:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/09/29 14:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Candace Wrzesinski\Application Data\Windows Desktop Search
[2011/09/29 14:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/09/29 14:40:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/09/29 14:39:52 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011/09/29 14:39:52 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011/09/29 14:39:52 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011/09/29 14:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Candace Wrzesinski\Application Data\Dell
[2011/09/29 14:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/09/29 14:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support Center
[2011/09/29 14:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Candace Wrzesinski\Application Data\PCDr
[2011/09/29 10:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/09/29 10:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/19 12:00:20 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/19 10:01:53 | 000,000,000 | ---D | C] -- C:\OpenCloud Security
[2011/09/19 09:47:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/09/09 04:12:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/03 10:55:42 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/03 10:53:07 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/03 10:52:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/03 10:52:36 | 1071,562,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/03 10:49:05 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/03 10:29:09 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/10/03 10:06:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/01 15:54:04 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/01 15:36:56 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/01 14:56:17 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/01 13:50:34 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/10/01 12:51:15 | 000,000,103 | ---- | M] () -- C:\Documents and Settings\Candace Wrzesinski\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.URL
[2011/10/01 10:11:10 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/01 10:07:33 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2011/10/01 09:21:40 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/09/30 08:58:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/29 20:40:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1308618468.job
[2011/09/29 19:11:07 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Candace Wrzesinski\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/29 14:40:52 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/09/29 14:40:48 | 000,465,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/29 14:40:48 | 000,079,664 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/29 14:20:19 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/29 10:51:21 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/29 09:33:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Candace Wrzesinski\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/29 09:33:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/28 15:22:32 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/24 14:14:00 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/19 12:00:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/09 04:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/06 15:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/09/06 15:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/06 15:36:23 | 000,110,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/06 15:36:20 | 000,104,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/06 15:33:11 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/01 15:54:04 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/01 14:56:17 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/01 12:51:15 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\Candace Wrzesinski\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.URL
[2011/10/01 10:08:20 | 1071,562,752 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/01 09:21:40 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/09/29 19:11:07 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Candace Wrzesinski\Start Menu\Programs\Internet Explorer.lnk
[2011/09/29 19:09:03 | 000,251,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/29 14:40:52 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/09/29 14:40:51 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/09/29 14:40:27 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/29 14:39:44 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/09/29 14:20:19 | 000,000,564 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/29 14:20:19 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/09/29 10:51:21 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/29 09:33:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/19 14:37:16 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
[2011/09/19 14:37:16 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2011/08/28 17:39:56 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/20 18:25:11 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2011/06/20 18:25:11 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2009/08/18 21:15:42 | 000,000,262 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009/08/18 21:14:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2009/08/18 21:14:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2009/08/18 21:14:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2009/08/18 21:14:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2009/08/18 21:14:13 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2009/07/12 00:06:48 | 000,053,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/19 22:40:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/08/01 15:43:48 | 000,001,157 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/06/10 09:36:09 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/06/10 09:36:09 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/06/10 09:36:09 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/06/10 09:36:09 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/06/10 09:36:09 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/06/10 09:36:09 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/06/10 09:36:09 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/06/10 09:36:09 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/06/10 09:36:09 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/06/10 09:36:09 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/06/10 09:36:09 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/06/10 09:36:09 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/06/10 09:36:09 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/06/10 09:36:09 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/06/10 09:36:09 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/06/10 09:36:09 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/06/10 09:34:49 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EPSPRX595.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/07 20:59:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/01 09:24:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/01 07:48:46 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Candace Wrzesinski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/29 12:29:13 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Candace Wrzesinski\Local Settings\Application Data\fusioncache.dat
[2008/03/29 12:04:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/29 11:59:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/29 04:39:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/29 04:38:29 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 17:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 17:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,465,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,079,664 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/08 23:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello pipeman and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{ee25d55d-abba-11de-8f13-00062522b289}\Shell\AutoRun\command - "" = I:\setupSNK.exe

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
  • VRT log
It would be helpful if you could post each log in separate post
  • 0

#3
pipeman

pipeman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee25d55d-abba-11de-8f13-00062522b289}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee25d55d-abba-11de-8f13-00062522b289}\ not found.
File I:\setupSNK.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 100747218 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->FireFox cache emptied: 21167190 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 58034 bytes

User: All Users

User: Candace Wrzesinski
->Temp folder emptied: 446134124 bytes
->Temporary Internet Files folder emptied: 10776981 bytes
->Java cache emptied: 90679359 bytes
->FireFox cache emptied: 52034878 bytes
->Google Chrome cache emptied: 28657884 bytes
->Apple Safari cache emptied: 39230464 bytes
->Flash cache emptied: 2792164 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33306 bytes
->Flash cache emptied: 343 bytes

User: NetworkService
->Temp folder emptied: 5600 bytes
->Temporary Internet Files folder emptied: 241188692 bytes
->Java cache emptied: 52 bytes
->Flash cache emptied: 8032 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1258425 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152919730 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 144335819 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,271.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Candace Wrzesinski
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10072011_070606

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#4
pipeman

pipeman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-07 08:45:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.10.0
Running: cdttb2ct.exe; Driver: C:\DOCUME~1\CANDAC~1\LOCALS~1\Temp\axtyapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEB6AA374]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEB7112B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEB6CE829]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEB6AC996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEB6AC9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEB6ACB04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEB6CE1DD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEB6AC8EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEB6ACA3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEB6AC940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEB6ACAB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEB6AA398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEB6CEEEF]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEB6CF1A5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEB6ACD88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEB6CED5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEB6CEBC5]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEB711368]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEB6AA162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEB6AA3BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEB6ACEFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEB6AAE54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEB6AC9C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEB6ACA16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEB6ACB2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEB6CE539]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEB6AC918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEB6ACBC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEB6ACA7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEB6AC96E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEB6ACCA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEB6ACADC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEB711400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEB6CEA40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEB6AAD1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEB6CE892]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEB7196E2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEB6CD850]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEB6AA3E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEB6AA404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEB6AA1BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEB6AA2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEB6CEFF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEB6AA2D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEB6AA31C]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEB7F9640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEB6AA428]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEB7269A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C48 805044E4 4 Bytes CALL D1CF3055
.text ntkrnlpa.exe!ZwCallbackReturn + 2E64 80504700 4 Bytes [40, EA, 6C, EB]
.text ntkrnlpa.exe!ZwCallbackReturn + 2EA8 80504744 4 Bytes [92, E8, 6C, EB]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL EB6AB4AF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP EB7223DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP EB723E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP EB7269AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5E6A360, 0x307AC7, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP EB6ADE48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP EB6ADD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP EB6AD0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP EB6ADFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP EB6AE1BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP EB6ADCC4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP EB6AD016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP EB6AD326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP EB6AD4CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP EB6ACFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP EB6ADD7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP EB6AD4A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP EB6ADEFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP EB6AE118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP EB6AD14A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP EB6AD1E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP EB6AD254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP EB6AD28E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP EB6ACF32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP EB6AD096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP EB6AD1AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP EB6AD5E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP EB6AE070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[164] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[164] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[164] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[164] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[164] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[164] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[164] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[164] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[164] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[164] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[164] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[164] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[164] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[164] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[164] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehSched.exe[340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehSched.exe[340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehSched.exe[340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehSched.exe[340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehSched.exe[340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehSched.exe[340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehSched.exe[340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehSched.exe[340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehSched.exe[340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehSched.exe[340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehSched.exe[340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehSched.exe[340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehSched.exe[340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehSched.exe[340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\smss.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[900] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[904] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[904] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[904] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\winlogon.exe[924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[924] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[924] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[924] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[980] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[980] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[980] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[980] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[980] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1176] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
.text C:\Program Files\Windows Defender\MsMpEng.exe[1364] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1404] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1404] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1404] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1404] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1448] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1484] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1736] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\ehome\ehtray.exe[1748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[1748] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\ehome\ehtray.exe[1748] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\ehome\ehtray.exe[1748] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\WINDOWS\ehome\ehtray.exe[1748] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\ehome\ehtray.exe[1748] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\ehome\ehtray.exe[1748] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\ehome\ehtray.exe[1748] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\ehome\ehtray.exe[1748] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\ehome\ehtray.exe[1748] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\ehome\ehtray.exe[1748] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\ehome\ehtray.exe[1748] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\ehome\ehtray.exe[1748] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\ehome\ehtray.exe[1748] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\LEXBCES.EXE[1816] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1948] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1948] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1948] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1948] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1948] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1948] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1948] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\LEXPPS.EXE[1968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\eHome\ehmsas.exe[2104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehmsas.exe[2104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[2104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehmsas.exe[2104] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[2104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehmsas.exe[2104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehmsas.exe[2104] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehmsas.exe[2104] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehmsas.exe[2104] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2104] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehmsas.exe[2104] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehmsas.exe[2104] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehmsas.exe[2104] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehmsas.exe[2104] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehmsas.exe[2104] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehmsas.exe[2104] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2104] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\nvsvc32.exe[2288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[2288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[2288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[2288] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[2288] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[2288] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[2288] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[2288] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[2288] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[2288] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[2288] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[2288] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[2288] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[2288] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[2288] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[2288] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[2288] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2468] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\svchost.exe[2484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2484] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2484] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2484] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2484] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2484] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2484] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2484] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2484] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2484] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2484] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2484] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[2500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2500] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2500] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2500] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2500] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2500] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2500] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\iPod\bin\iPodService.exe[2556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\iPod\bin\iPodService.exe[2556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2556] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\iPod\bin\iPodService.exe[2556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\iPod\bin\iPodService.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\iPod\bin\iPodService.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\iPod\bin\iPodService.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\iPod\bin\iPodService.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\iPod\bin\iPodService.exe[2556] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\iPod\bin\iPodService.exe[2556] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\iPod\bin\iPodService.exe[2556] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\iPod\bin\iPodService.exe[2556] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\iPod\bin\iPodService.exe[2556] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\iPod\bin\iPodService.exe[2556] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\iPod\bin\iPodService.exe[2556] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\iPod\bin\iPodService.exe[2556] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E90804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00E90A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00E90600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00E901F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2560] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00E903FC
.text C:\cdttb2ct.exe[2576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\cdttb2ct.exe[2576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\ctfmon.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[2676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[2676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[2676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[2676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[2676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[2676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[2676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[2676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[2676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[2676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[2724] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\SearchIndexer.exe[2808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003203FC
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B01014
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B00804
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B00A08
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B00C0C
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B00E10
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B001F8
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B003FC
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B00600
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00DE0804
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00DE0A08
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00DE0600
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00DE01F8
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00DE03FC
.text C:\WINDOWS\system32\dllhost.exe[3576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\dllhost.exe[3576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[3576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\dllhost.exe[3576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[3576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\dllhost.exe[3576] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\dllhost.exe[3576] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\dllhost.exe[3576] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\dllhost.exe[3576] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\dllhost.exe[3576] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\dllhost.exe[3576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\dllhost.exe[3576] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\dllhost.exe[3576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\dllhost.exe[3576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\dllhost.exe[3576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\dllhost.exe[3576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\dllhost.exe[3576] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004E1014
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004E0804
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004E0A08
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004E0C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004E0E10
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004E01F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004E03FC
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004E0600
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004F0804
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004F0A08
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004F0600
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004F01F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004F03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3940] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\stsystra.exe[4044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\stsystra.exe[4044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\stsystra.exe[4044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\stsystra.exe[4044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\stsystra.exe[4044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\stsystra.exe[4044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\stsystra.exe[4044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\stsystra.exe[4044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\stsystra.exe[4044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\stsystra.exe[4044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\stsystra.exe[4044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\stsystra.exe[4044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\stsystra.exe[4044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\stsystra.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\stsystra.exe[4044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\stsystra.exe[4044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\stsystra.exe[4044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\alg.exe[4052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[4052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[4052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[4052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[4052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[4052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[4052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[4052] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[4052] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[4052] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[968] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[968] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat B82A5D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----
  • 0

#5
pipeman

pipeman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
There is no VRT.log to post because VRT did not find any threats. FYI, while VRT was scanning it found a few files that were password protected.
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
SO far so good... Let's do two more.

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply
Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#7
pipeman

pipeman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
16:12:16.0312 3316 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
16:12:16.0609 3316 ============================================================
16:12:16.0609 3316 Current date / time: 2011/10/07 16:12:16.0609
16:12:16.0609 3316 SystemInfo:
16:12:16.0609 3316
16:12:16.0609 3316 OS Version: 5.1.2600 ServicePack: 3.0
16:12:16.0609 3316 Product type: Workstation
16:12:16.0609 3316 ComputerName: D35SJ8C1
16:12:16.0609 3316 UserName: Candace Wrzesinski
16:12:16.0609 3316 Windows directory: C:\WINDOWS
16:12:16.0609 3316 System windows directory: C:\WINDOWS
16:12:16.0609 3316 Processor architecture: Intel x86
16:12:16.0609 3316 Number of processors: 2
16:12:16.0609 3316 Page size: 0x1000
16:12:16.0609 3316 Boot type: Normal boot
16:12:16.0609 3316 ============================================================
16:12:17.0156 3316 Initialize success
16:12:23.0937 3152 ============================================================
16:12:23.0937 3152 Scan started
16:12:23.0937 3152 Mode: Manual;
16:12:23.0937 3152 ============================================================
16:12:24.0187 3152 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
16:12:24.0187 3152 Aavmker4 - ok
16:12:24.0218 3152 Abiosdsk - ok
16:12:24.0218 3152 abp480n5 - ok
16:12:24.0281 3152 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:12:24.0281 3152 ACPI - ok
16:12:24.0328 3152 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:12:24.0343 3152 ACPIEC - ok
16:12:24.0343 3152 adpu160m - ok
16:12:24.0390 3152 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:12:24.0390 3152 aec - ok
16:12:24.0453 3152 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
16:12:24.0453 3152 Afc - ok
16:12:24.0515 3152 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
16:12:24.0531 3152 AFD - ok
16:12:24.0593 3152 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
16:12:24.0593 3152 AFS2K - ok
16:12:24.0593 3152 Aha154x - ok
16:12:24.0609 3152 aic78u2 - ok
16:12:24.0609 3152 aic78xx - ok
16:12:24.0625 3152 AliIde - ok
16:12:24.0640 3152 amsint - ok
16:12:24.0640 3152 asc - ok
16:12:24.0656 3152 asc3350p - ok
16:12:24.0656 3152 asc3550 - ok
16:12:24.0703 3152 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
16:12:24.0703 3152 aswFsBlk - ok
16:12:24.0750 3152 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
16:12:24.0750 3152 aswMon2 - ok
16:12:24.0765 3152 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
16:12:24.0765 3152 aswRdr - ok
16:12:24.0843 3152 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
16:12:24.0859 3152 aswSnx - ok
16:12:24.0875 3152 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
16:12:24.0890 3152 aswSP - ok
16:12:24.0906 3152 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
16:12:24.0906 3152 aswTdi - ok
16:12:24.0937 3152 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:12:24.0937 3152 AsyncMac - ok
16:12:24.0953 3152 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
16:12:24.0953 3152 atapi - ok
16:12:24.0968 3152 Atdisk - ok
16:12:24.0984 3152 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:12:24.0984 3152 Atmarpc - ok
16:12:25.0000 3152 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:12:25.0000 3152 audstub - ok
16:12:25.0031 3152 BCM43XX (588d19f3522fea9c76ab991fe457d929) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:12:25.0046 3152 BCM43XX - ok
16:12:25.0093 3152 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:12:25.0093 3152 Beep - ok
16:12:25.0218 3152 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:12:25.0218 3152 cbidf2k - ok
16:12:25.0265 3152 cd20xrnt - ok
16:12:25.0328 3152 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:12:25.0328 3152 Cdaudio - ok
16:12:25.0375 3152 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:12:25.0421 3152 Cdfs - ok
16:12:25.0484 3152 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:12:25.0484 3152 Cdrom - ok
16:12:25.0515 3152 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
16:12:25.0515 3152 cercsr6 - ok
16:12:25.0531 3152 Changer - ok
16:12:25.0546 3152 CmdIde - ok
16:12:25.0562 3152 Cpqarray - ok
16:12:25.0562 3152 dac2w2k - ok
16:12:25.0578 3152 dac960nt - ok
16:12:25.0625 3152 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:12:25.0625 3152 Disk - ok
16:12:25.0656 3152 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:12:25.0687 3152 dmboot - ok
16:12:25.0734 3152 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:12:25.0734 3152 dmio - ok
16:12:25.0750 3152 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:12:25.0750 3152 dmload - ok
16:12:25.0765 3152 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:12:25.0765 3152 DMusic - ok
16:12:25.0781 3152 dpti2o - ok
16:12:25.0796 3152 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:12:25.0796 3152 drmkaud - ok
16:12:25.0859 3152 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:12:25.0859 3152 e1express - ok
16:12:25.0921 3152 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:12:25.0921 3152 Fastfat - ok
16:12:25.0968 3152 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:12:25.0968 3152 Fdc - ok
16:12:25.0968 3152 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:12:25.0968 3152 Fips - ok
16:12:25.0984 3152 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:12:25.0984 3152 Flpydisk - ok
16:12:26.0000 3152 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:12:26.0015 3152 FltMgr - ok
16:12:26.0046 3152 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:12:26.0046 3152 Fs_Rec - ok
16:12:26.0093 3152 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:12:26.0093 3152 Ftdisk - ok
16:12:26.0156 3152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:12:26.0156 3152 GEARAspiWDM - ok
16:12:26.0171 3152 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:12:26.0171 3152 Gpc - ok
16:12:26.0203 3152 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:12:26.0203 3152 HDAudBus - ok
16:12:26.0218 3152 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:12:26.0218 3152 hidusb - ok
16:12:26.0234 3152 hpn - ok
16:12:26.0296 3152 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:12:26.0296 3152 HPZid412 - ok
16:12:26.0359 3152 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:12:26.0375 3152 HPZipr12 - ok
16:12:26.0421 3152 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:12:26.0437 3152 HPZius12 - ok
16:12:26.0546 3152 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
16:12:26.0546 3152 HSFHWBS2 - ok
16:12:26.0640 3152 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:12:26.0671 3152 HSF_DP - ok
16:12:26.0750 3152 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:12:26.0750 3152 HTTP - ok
16:12:26.0765 3152 i2omgmt - ok
16:12:26.0765 3152 i2omp - ok
16:12:26.0812 3152 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
16:12:26.0812 3152 i8042prt - ok
16:12:26.0859 3152 iastor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:12:26.0859 3152 iastor - ok
16:12:26.0906 3152 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:12:26.0906 3152 Imapi - ok
16:12:26.0921 3152 ini910u - ok
16:12:26.0921 3152 IntelIde - ok
16:12:27.0000 3152 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:12:27.0000 3152 intelppm - ok
16:12:27.0031 3152 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:12:27.0031 3152 Ip6Fw - ok
16:12:27.0062 3152 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:12:27.0062 3152 IpFilterDriver - ok
16:12:27.0078 3152 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:12:27.0078 3152 IpInIp - ok
16:12:27.0125 3152 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:12:27.0125 3152 IpNat - ok
16:12:27.0140 3152 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:12:27.0140 3152 IPSec - ok
16:12:27.0187 3152 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:12:27.0187 3152 IRENUM - ok
16:12:27.0218 3152 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:12:27.0218 3152 isapnp - ok
16:12:27.0234 3152 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:12:27.0234 3152 Kbdclass - ok
16:12:27.0250 3152 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:12:27.0250 3152 kbdhid - ok
16:12:27.0281 3152 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:12:27.0281 3152 kmixer - ok
16:12:27.0312 3152 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:12:27.0312 3152 KSecDD - ok
16:12:27.0328 3152 lbrtfdc - ok
16:12:27.0375 3152 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
16:12:27.0375 3152 MBAMProtector - ok
16:12:27.0468 3152 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:12:27.0468 3152 mdmxsdk - ok
16:12:27.0531 3152 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:12:27.0531 3152 MHNDRV - ok
16:12:27.0625 3152 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:12:27.0625 3152 mnmdd - ok
16:12:27.0671 3152 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:12:27.0671 3152 Modem - ok
16:12:27.0718 3152 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
16:12:27.0718 3152 MODEMCSA - ok
16:12:27.0718 3152 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:12:27.0718 3152 Mouclass - ok
16:12:27.0765 3152 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:12:27.0765 3152 mouhid - ok
16:12:27.0781 3152 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:12:27.0781 3152 MountMgr - ok
16:12:27.0796 3152 mraid35x - ok
16:12:27.0812 3152 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:12:27.0812 3152 MRxDAV - ok
16:12:27.0906 3152 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:12:27.0906 3152 MRxSmb - ok
16:12:28.0000 3152 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:12:28.0000 3152 Msfs - ok
16:12:28.0046 3152 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:12:28.0046 3152 MSKSSRV - ok
16:12:28.0062 3152 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:12:28.0062 3152 MSPCLOCK - ok
16:12:28.0093 3152 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:12:28.0093 3152 MSPQM - ok
16:12:28.0140 3152 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:12:28.0140 3152 mssmbios - ok
16:12:28.0171 3152 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:12:28.0171 3152 Mup - ok
16:12:28.0234 3152 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:12:28.0234 3152 NDIS - ok
16:12:28.0296 3152 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:12:28.0296 3152 NdisTapi - ok
16:12:28.0312 3152 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:12:28.0312 3152 Ndisuio - ok
16:12:28.0328 3152 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:12:28.0328 3152 NdisWan - ok
16:12:28.0359 3152 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:12:28.0375 3152 NDProxy - ok
16:12:28.0375 3152 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:12:28.0375 3152 NetBIOS - ok
16:12:28.0421 3152 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:12:28.0421 3152 NetBT - ok
16:12:28.0453 3152 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:12:28.0453 3152 Npfs - ok
16:12:28.0468 3152 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:12:28.0500 3152 Ntfs - ok
16:12:28.0562 3152 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:12:28.0562 3152 Null - ok
16:12:28.0921 3152 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:12:29.0140 3152 nv - ok
16:12:29.0203 3152 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:12:29.0203 3152 NwlnkFlt - ok
16:12:29.0218 3152 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:12:29.0218 3152 NwlnkFwd - ok
16:12:29.0265 3152 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:12:29.0265 3152 Parport - ok
16:12:29.0265 3152 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:12:29.0281 3152 PartMgr - ok
16:12:29.0312 3152 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:12:29.0312 3152 ParVdm - ok
16:12:29.0328 3152 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:12:29.0328 3152 PCI - ok
16:12:29.0328 3152 PCIDump - ok
16:12:29.0343 3152 PCIIde - ok
16:12:29.0359 3152 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:12:29.0375 3152 Pcmcia - ok
16:12:29.0375 3152 PDCOMP - ok
16:12:29.0390 3152 PDFRAME - ok
16:12:29.0390 3152 PDRELI - ok
16:12:29.0406 3152 PDRFRAME - ok
16:12:29.0406 3152 perc2 - ok
16:12:29.0421 3152 perc2hib - ok
16:12:29.0468 3152 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:12:29.0468 3152 PptpMiniport - ok
16:12:29.0515 3152 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:12:29.0515 3152 PSched - ok
16:12:29.0531 3152 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:12:29.0531 3152 Ptilink - ok
16:12:29.0546 3152 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:12:29.0546 3152 PxHelp20 - ok
16:12:29.0546 3152 ql1080 - ok
16:12:29.0562 3152 Ql10wnt - ok
16:12:29.0562 3152 ql12160 - ok
16:12:29.0578 3152 ql1240 - ok
16:12:29.0578 3152 ql1280 - ok
16:12:29.0625 3152 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:12:29.0625 3152 RasAcd - ok
16:12:29.0703 3152 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:12:29.0703 3152 Rasl2tp - ok
16:12:29.0703 3152 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:12:29.0718 3152 RasPppoe - ok
16:12:29.0718 3152 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:12:29.0718 3152 Raspti - ok
16:12:29.0734 3152 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:12:29.0750 3152 Rdbss - ok
16:12:29.0765 3152 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:12:29.0765 3152 RDPCDD - ok
16:12:29.0796 3152 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:12:29.0812 3152 rdpdr - ok
16:12:29.0843 3152 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:12:29.0843 3152 RDPWD - ok
16:12:29.0890 3152 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:12:29.0890 3152 redbook - ok
16:12:30.0015 3152 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:12:30.0015 3152 SASDIFSV - ok
16:12:30.0093 3152 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:12:30.0093 3152 SASKUTIL - ok
16:12:30.0140 3152 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:12:30.0156 3152 Secdrv - ok
16:12:30.0218 3152 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:12:30.0218 3152 Serial - ok
16:12:30.0265 3152 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:12:30.0265 3152 Sfloppy - ok
16:12:30.0281 3152 Simbad - ok
16:12:30.0296 3152 Sparrow - ok
16:12:30.0312 3152 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:12:30.0312 3152 splitter - ok
16:12:30.0359 3152 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:12:30.0359 3152 sr - ok
16:12:30.0437 3152 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:12:30.0453 3152 Srv - ok
16:12:30.0546 3152 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
16:12:30.0578 3152 STHDA - ok
16:12:30.0640 3152 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:12:30.0640 3152 swenum - ok
16:12:30.0703 3152 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:12:30.0718 3152 swmidi - ok
16:12:30.0718 3152 symc810 - ok
16:12:30.0734 3152 symc8xx - ok
16:12:30.0734 3152 sym_hi - ok
16:12:30.0750 3152 sym_u3 - ok
16:12:30.0781 3152 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:12:30.0796 3152 sysaudio - ok
16:12:30.0875 3152 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:12:30.0906 3152 Tcpip - ok
16:12:30.0953 3152 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:12:30.0953 3152 TDPIPE - ok
16:12:30.0968 3152 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:12:30.0968 3152 TDTCP - ok
16:12:31.0015 3152 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:12:31.0015 3152 TermDD - ok
16:12:31.0031 3152 TosIde - ok
16:12:31.0078 3152 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:12:31.0093 3152 Udfs - ok
16:12:31.0093 3152 ultra - ok
16:12:31.0171 3152 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:12:31.0187 3152 Update - ok
16:12:31.0234 3152 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:12:31.0234 3152 USBAAPL - ok
16:12:31.0328 3152 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:12:31.0328 3152 usbccgp - ok
16:12:31.0343 3152 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:12:31.0343 3152 usbehci - ok
16:12:31.0421 3152 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:12:31.0421 3152 usbhub - ok
16:12:31.0468 3152 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:12:31.0484 3152 usbprint - ok
16:12:31.0500 3152 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:12:31.0500 3152 usbscan - ok
16:12:31.0515 3152 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:12:31.0515 3152 usbstor - ok
16:12:31.0562 3152 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:12:31.0562 3152 usbuhci - ok
16:12:31.0609 3152 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:12:31.0625 3152 VgaSave - ok
16:12:31.0625 3152 ViaIde - ok
16:12:31.0687 3152 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:12:31.0687 3152 VolSnap - ok
16:12:31.0750 3152 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:12:31.0750 3152 Wanarp - ok
16:12:31.0765 3152 WDICA - ok
16:12:31.0812 3152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:12:31.0828 3152 wdmaud - ok
16:12:31.0906 3152 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:12:31.0937 3152 winachsf - ok
16:12:32.0015 3152 WMP11V27 (f7c6cc420c21eb1a73f6a73bfec96f2c) C:\WINDOWS\system32\DRIVERS\WMP11V27.sys
16:12:32.0015 3152 WMP11V27 - ok
16:12:32.0078 3152 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:12:32.0078 3152 WS2IFSL - ok
16:12:32.0125 3152 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:12:32.0125 3152 WudfPf - ok
16:12:32.0140 3152 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:12:32.0140 3152 WudfRd - ok
16:12:32.0156 3152 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:12:32.0250 3152 \Device\Harddisk0\DR0 - ok
16:12:32.0250 3152 Boot (0x1200) (6cc6d96da77ea587e0ba7e9996ddc5ec) \Device\Harddisk0\DR0\Partition0
16:12:32.0250 3152 \Device\Harddisk0\DR0\Partition0 - ok
16:12:32.0250 3152 ============================================================
16:12:32.0250 3152 Scan finished
16:12:32.0250 3152 ============================================================
16:12:32.0250 3632 Detected object count: 0
16:12:32.0250 3632 Actual detected object count: 0
  • 0

#8
pipeman

pipeman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-07 16:15:15
-----------------------------
16:15:15.609 OS Version: Windows 5.1.2600 Service Pack 3
16:15:15.609 Number of processors: 2 586 0xF06
16:15:15.609 ComputerName: D35SJ8C1 UserName:
16:15:17.187 Initialize success
16:15:17.812 AVAST engine defs: 11100700
16:16:00.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:16:00.265 Disk 0 Vendor: WDC_WD25 10.0 Size: 238418MB BusType: 3
16:16:00.296 Disk 0 MBR read successfully
16:16:00.296 Disk 0 MBR scan
16:16:00.296 Disk 0 Windows XP default MBR code
16:16:00.312 Disk 0 scanning sectors +488263545
16:16:00.421 Disk 0 scanning C:\WINDOWS\system32\drivers
16:16:23.828 Service scanning
16:16:24.890 Modules scanning
16:16:42.484 Disk 0 trace - called modules:
16:16:42.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:16:42.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86655ab8]
16:16:42.515 3 CLASSPNP.SYS[f7604fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86f51030]
16:16:42.890 AVAST engine scan C:\WINDOWS
16:17:02.671 AVAST engine scan C:\WINDOWS\system32
16:18:56.031 AVAST engine scan C:\WINDOWS\system32\drivers
16:19:12.312 AVAST engine scan C:\Documents and Settings\Candace Wrzesinski
16:29:35.531 AVAST engine scan C:\Documents and Settings\All Users
16:32:31.546 Scan finished successfully
17:25:29.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Candace Wrzesinski\Desktop\MBR.dat"
17:25:29.406 The log file has been saved successfully to "C:\Documents and Settings\Candace Wrzesinski\Desktop\aswMBR.txt"
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi pipeman,

Your logs and system are clean. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#10
pipeman

pipeman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
I completed everything in your last post. I want to thank you for your help.
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP