Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus or something [Solved]

Started by tjones813 , Jul 15 2013 12:53 PM

This topic is locked

#1
tjones813

Posted 15 July 2013 - 12:53 PM

Member

Member
10 posts

I think I have a virus on my computer or something. It is running rather slow. I've run malwarebytes a few times and nothing comes up. I also have norton installed as well and it says there is nothing as well. Every once in a while I receive phone calls from insurance agencies saying I filled out a form to request a insurance quote and I haven't. Any help would be greatly appreciated.
Thankyou

#2
maliprog

Posted 15 July 2013 - 11:07 PM

Trusted Helper

Malware Removal
6,172 posts

Hello tjones813 and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
You must reply within 3 days or your topic will be closed

Step 1

Please find another, clean, computer and change all your mail passwords. They may be compromised. After that let's check if you have anything on your system to remove.

Step 2

Download OTL to your Desktop

Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan/Fixes box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
dir C:\ /S /A:L /C
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 3

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "No", save the log and post back the results.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

OTL log
OTL Extras log
GMER log

It would be helpful if you could post each log in separate post using "Add Reply" button

#3
tjones813

Posted 16 July 2013 - 08:09 PM

Member

Topic Starter
Member
10 posts

OTL.Txt

OTL logfile created on: 7/16/2013 9:47:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracy\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.29 Gb Available Physical Memory | 54.91% Memory free
12.17 Gb Paging File | 9.60 Gb Available in Paging File | 78.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.32 Gb Total Space | 428.50 Gb Free Space | 73.46% Space Free | Partition Type: NTFS
Drive D: | 12.85 Gb Total Space | 1.80 Gb Free Space | 14.05% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Tracy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/16 21:44:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tracy\Downloads\OTL.exe
PRC - [2013/06/26 10:10:14 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/06/26 10:10:14 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013/06/26 10:10:14 | 000,152,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/12/23 23:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe
PRC - [2011/01/28 15:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/11/15 18:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/07/25 10:07:12 | 000,266,240 | ---- | M] () -- C:\Windows\SysWOW64\CSHelper.exe
PRC - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/12/15 19:15:16 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/26 10:10:14 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/06/26 10:10:14 | 000,521,392 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll
MOD - [2013/06/26 10:10:14 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\wincfi39.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/26 10:10:14 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013/06/23 16:51:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/10 11:17:49 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/31 07:19:28 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/01/28 15:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/25 10:07:12 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 22:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/16 13:29:16 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/26 10:10:14 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/05/23 01:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013/05/21 01:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/04 21:21:36 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2013/02/11 22:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/01/28 21:45:20 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403010.016\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012/07/22 21:34:24 | 000,455,840 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403010.016\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/10 07:53:40 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/11/10 07:52:52 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:64bit: - [2009/11/10 07:52:44 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:64bit: - [2009/09/30 21:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/02/26 19:46:34 | 010,276,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/01/06 13:51:08 | 000,028,144 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/02/26 13:18:00 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2005/09/19 14:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbVM31b.sys -- (DCamUSBVM)
DRV - [2013/05/31 12:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/05/21 23:17:38 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130716.017\ex64.sys -- (NAVEX15)
DRV - [2013/05/21 23:17:37 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130716.017\eng64.sys -- (NAVENG)
DRV - [2013/02/16 11:26:18 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130716.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/17 22:00:23 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/08 22:42:59 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/11/28 18:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/24 17:28:11] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-se...2E300248C7E0144
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{083368C3-5B72-4F1A-BE01-5F70570FD6E9}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...2E300248C7E0144
IE - HKCU\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\..\SearchScopes\{1F9F832A-605A-41F5-86AE-6BB407025F1A}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKCU\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte...y={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2013-06-26 10:10:30&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{BC6279F4-8629-4876-8CD6-12EAB8A0A069}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://tmq.bingstart...g=2-168-0-1kqDS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....rd&sg=0&sap=hp"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: infoatoms%40infoatoms.com:1.5.0.0
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.4.1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tracy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tracy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Tracy\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/23 19:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/07/16 13:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/02/19 21:19:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla FireFox\extensions\[email protected] [2013/06/10 11:17:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11 [2013/06/26 10:10:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/10 11:17:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/26 19:00:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/23 19:09:08 | 000,000,000 | ---D | M]

[2012/12/09 10:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions
[2009/09/15 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/06/26 10:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\g6a064b4.default\extensions
[2013/04/14 11:36:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\g6a064b4.default\extensions\[email protected]
[2013/06/26 10:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\g6a064b4.default\extensions\staged
[2013/04/14 11:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\extensions
[2013/04/14 11:35:59 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\extensions\[email protected]
[2013/04/14 11:36:04 | 000,001,294 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\searchplugins\delta.xml
[2013/03/19 10:55:00 | 000,009,948 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\searchplugins\Maps4PC_0c.xml
[2013/05/19 13:23:14 | 000,002,530 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\searchplugins\safesearch.xml
[2013/06/10 11:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/10 11:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/06/10 11:17:43 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/06/10 11:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/10 11:17:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/16 13:10:30 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN
[2013/02/19 21:19:47 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN
[2009/09/02 03:00:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/07 11:04:23 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/07 11:04:23 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2012/10/19 18:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 18:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/04/14 11:35:27 | 000,006,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/28 16:04:46 | 000,020,569 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://mysearch.avg....sa&d=2013-06-26 10:10:30&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.c...earchTerms}&o=1,
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\program files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\program files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\program files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\program files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Display Engine v2 (Enabled) = C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\NP0cStub.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Alexa Traffic Rank = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\3.1_0\
CHR - Extension: AdBlock = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: InfoAtoms = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.5.0.0_0\
CHR - Extension: Sunflowers = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iempnicmekabbnffhpbkdjkmelcpjlep\1.0_0\
CHR - Extension: Webcam Toy = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.4_0\
CHR - Extension: Norton Identity Protection = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\

O1 HOSTS File: ([2013/03/19 18:18:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (no name) - {ac3eb537-a86d-4a88-802a-79918db4abe7} - No CLSID value found.
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - {d76689d9-6555-42ee-a94f-ba89fb29ceb1} - No CLSID value found.
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {32bfba07-b1fc-4764-bc21-4af8c6188ca5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE (Microsoft)
O4 - HKLM..\Run: [Photobucket Backup] C:\Program Files (x86)\Photobucket Backup\Photobucket.App.exe (Photobucket)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [cdloader] C:\Users\Tracy\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54BD3F87-83EC-4960-AD4D-DB99C4117E05}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4F02821-54EB-4101-9E5B-DE4D9B945C85}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Tracy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tracy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/07/14 14:34:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/06/26 10:13:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AppData
[2013/06/26 10:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All in one Cleaner
[2013/06/26 10:13:02 | 000,544,833 | ---- | C] (Stardock) -- C:\Windows\SysWow64\wbocx.ocx
[2013/06/26 10:13:02 | 000,050,688 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\SysWow64\wbhelp2.dll
[2013/06/26 10:13:02 | 000,028,160 | ---- | C] (Neil Banfield) -- C:\Windows\SysWow64\anim.dll
[2013/06/26 10:13:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\All in one Cleaner
[2013/06/26 10:11:28 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2013/06/26 10:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/06/26 10:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\We-Care Reminder
[2013/06/26 10:10:46 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Local\AVG SafeGuard toolbar
[2013/06/26 10:10:27 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/06/26 10:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/06/26 10:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/06/26 10:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/06/23 13:25:01 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\Photobucket
[2013/06/23 13:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photobucket Backup
[2013/06/23 13:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photobucket Backup
[2013/04/11 10:18:30 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Tracy\AppData\Local\BcsKtYcHW.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Tracy\Desktop\*.tmp files -> C:\Users\Tracy\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/16 21:07:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 21:07:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 20:46:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/16 20:36:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1953429275-1861937841-2176962007-1000UA.job
[2013/07/16 20:36:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/07/16 20:32:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/16 19:36:33 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2013/07/16 18:32:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/16 13:36:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1953429275-1861937841-2176962007-1000Core.job
[2013/07/16 13:29:16 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/07/16 13:29:16 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/07/16 13:29:16 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/07/16 13:07:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/15 11:40:39 | 000,006,852 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\wklnhst.dat
[2013/07/14 23:42:43 | 000,725,840 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/14 23:42:43 | 000,607,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/14 23:42:43 | 000,105,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/14 22:39:38 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/14 10:34:46 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2013/07/13 11:35:03 | 000,000,005 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\WBPU-TTL.DAT
[2013/07/12 23:35:24 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/10 11:09:32 | 005,071,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/09 23:47:35 | 000,723,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/04 03:34:28 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\isolate.ini
[2013/06/29 15:18:01 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTracy.job
[2013/06/27 23:36:57 | 000,024,379 | ---- | M] () -- C:\Users\Tracy\Desktop\PicMonkey Collage2.png
[2013/06/27 12:40:49 | 000,000,258 | RHS- | M] () -- C:\Users\Tracy\ntuser.pol
[2013/06/26 22:01:40 | 000,013,769 | ---- | M] () -- C:\Users\Tracy\Desktop\2210.jpg
[2013/06/26 10:13:04 | 000,000,829 | ---- | M] () -- C:\Users\Tracy\Desktop\All in one Cleaner.lnk
[2013/06/26 10:11:29 | 000,000,888 | ---- | M] () -- C:\Users\Tracy\Desktop\MyPC Backup.lnk
[2013/06/26 10:10:58 | 000,033,958 | ---- | M] () -- C:\ProgramData\uninstaller.exe
[2013/06/26 10:10:35 | 000,003,726 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/06/26 10:10:14 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/06/23 13:25:01 | 000,000,104 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/06/23 10:04:23 | 002,162,416 | ---- | M] (Catalina Marketing Corp) -- C:\Users\Tracy\AppData\Local\BcsKtYcHW.dll
[2013/06/23 10:04:23 | 000,893,239 | ---- | M] () -- C:\Users\Tracy\AppData\Local\a.zip
[2013/06/20 08:24:06 | 000,000,883 | ---- | M] () -- C:\Users\Tracy\Desktop\button.jpg
[2013/06/19 13:53:46 | 000,009,111 | ---- | M] () -- C:\Users\Tracy\Desktop\wall-pops-logo.png
[2013/06/17 11:26:12 | 000,012,288 | ---- | M] () -- C:\Users\Tracy\Desktop\DavidAJones.wps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Tracy\Desktop\*.tmp files -> C:\Users\Tracy\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/27 23:15:04 | 000,024,379 | ---- | C] () -- C:\Users\Tracy\Desktop\PicMonkey Collage2.png
[2013/06/26 22:01:38 | 000,013,769 | ---- | C] () -- C:\Users\Tracy\Desktop\2210.jpg
[2013/06/26 10:13:04 | 000,000,829 | ---- | C] () -- C:\Users\Tracy\Desktop\All in one Cleaner.lnk
[2013/06/26 10:11:29 | 000,000,888 | ---- | C] () -- C:\Users\Tracy\Desktop\MyPC Backup.lnk
[2013/06/26 10:10:58 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/26 10:10:18 | 000,003,726 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/06/23 16:51:17 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/23 13:25:01 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/06/20 08:24:05 | 000,000,883 | ---- | C] () -- C:\Users\Tracy\Desktop\button.jpg
[2013/06/19 13:53:46 | 000,009,111 | ---- | C] () -- C:\Users\Tracy\Desktop\wall-pops-logo.png
[2013/06/14 11:35:05 | 000,000,005 | ---- | C] () -- C:\Users\Tracy\AppData\Roaming\WBPU-TTL.DAT
[2013/05/22 11:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/04/11 10:18:28 | 000,893,239 | ---- | C] () -- C:\Users\Tracy\AppData\Local\a.zip
[2013/03/11 22:21:22 | 000,000,258 | RHS- | C] () -- C:\Users\Tracy\ntuser.pol
[2012/12/23 21:42:50 | 000,114,730 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpABBEY.JPG
[2012/01/29 15:36:37 | 000,000,680 | ---- | C] () -- C:\Users\Tracy\AppData\Local\d3d9caps.dat
[2011/04/10 15:34:25 | 264,076,312 | ---- | C] () -- C:\Users\Tracy\100_0367.AVI
[2011/04/09 14:27:52 | 131,092,216 | ---- | C] () -- C:\Users\Tracy\100_0357.AVI
[2011/03/27 15:28:59 | 008,379,428 | ---- | C] () -- C:\Users\Tracy\01 Guilty As Charged (feat. Estelle).m4a
[2011/03/05 16:12:44 | 000,757,431 | ---- | C] () -- C:\Users\Tracy\AppData\Local\census.cache
[2011/03/05 16:11:24 | 000,189,478 | ---- | C] () -- C:\Users\Tracy\AppData\Local\ars.cache
[2011/03/05 14:35:59 | 000,000,036 | ---- | C] () -- C:\Users\Tracy\AppData\Local\housecall.guid.cache
[2011/01/04 18:16:08 | 000,001,940 | ---- | C] () -- C:\Users\Tracy\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/21 22:41:46 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 22:01:54 | 000,036,970 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpRANDI.JPG
[2010/08/25 22:01:54 | 000,034,964 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpRANDI.0
[2010/07/26 10:12:18 | 000,006,548 | ---- | C] () -- C:\Users\Tracy\.recently-used.xbel
[2010/05/10 00:22:31 | 000,024,049 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp24127_1344211615746_1544934352_31140848_8112699_N.JPG
[2010/05/10 00:22:31 | 000,023,533 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp24127_1344211615746_1544934352_31140848_8112699_N.0
[2010/04/22 17:47:02 | 000,000,552 | ---- | C] () -- C:\Users\Tracy\AppData\Local\d3d8caps.dat
[2009/12/28 13:23:45 | 000,101,492 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp15771412.0
[2009/12/28 13:23:45 | 000,086,908 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp15771412.JPG
[2009/08/21 13:45:04 | 000,019,550 | ---- | C] () -- C:\Users\Tracy\AppData\Local\slot1.mm1
[2009/05/29 13:25:08 | 000,006,852 | ---- | C] () -- C:\Users\Tracy\AppData\Roaming\wklnhst.dat
[2009/05/27 01:45:01 | 000,079,872 | ---- | C] () -- C:\Users\Tracy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2010/07/03 15:39:16 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2010/05/15 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Acoustica
[2009/08/07 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Aisle 5 Games, Inc
[2011/02/13 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Alawar
[2012/03/18 22:03:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AlawarEntertainment
[2010/07/05 08:23:24 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Artogon
[2013/03/14 17:28:13 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AVG
[2011/02/20 10:43:00 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Awem
[2009/12/02 14:27:52 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Azuaz Games
[2013/04/14 11:35:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Babylon
[2010/10/15 12:12:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Big Fish Games
[2012/12/31 23:17:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Big Top Games
[2013/03/19 21:52:13 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\BitTorrent
[2010/06/20 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Boomzap
[2010/02/06 08:04:47 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\casanova
[2010/09/15 14:11:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Casual Mechanics
[2010/09/08 08:33:27 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Catalina Marketing Corp
[2013/04/11 10:18:26 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Catalina – Print Savings
[2011/02/18 17:27:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\cerasus.media
[2012/02/04 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/13 08:56:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/14 10:33:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Curious Sense
[2010/06/19 19:10:25 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/05/06 09:08:32 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRoseSE_RA
[2010/05/08 11:26:48 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRose_iWin
[2010/02/22 12:21:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Dekovir
[2013/04/14 11:35:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Delta
[2013/04/14 11:35:19 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DSite
[2009/12/01 20:18:40 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\E-centives
[2010/01/26 18:18:25 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\ElementalsTheMagicKey
[2010/09/30 14:44:06 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enki Games
[2010/08/28 18:40:37 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enlightenus2SE_BFG
[2010/01/22 16:22:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enlightenus_Real
[2010/04/05 11:08:32 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\EscapeTheMuseum2
[2009/10/11 11:46:34 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Eyeblaster
[2010/04/23 10:47:41 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\FinalMediaPlayer
[2009/06/21 07:06:20 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\FloodLightGames
[2013/04/01 11:14:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Foxit Software
[2011/02/11 21:21:27 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Friday's games
[2013/06/26 10:26:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\FrostWire
[2009/12/21 08:42:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Fuel Industries
[2010/07/13 10:03:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Fugazo
[2013/01/30 19:45:45 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\funkitron
[2010/04/25 19:29:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHouse
[2009/09/05 11:52:42 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHouse 3 Days Zoo Mystery
[2010/06/30 06:39:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHousev1000
[2009/12/06 10:29:37 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHousev1001
[2010/01/09 23:41:13 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gamelab
[2010/10/14 11:39:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gamers Digital
[2010/01/28 02:14:56 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GetRightToGo
[2011/05/27 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gogii
[2010/01/14 11:57:56 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gold Casual Games
[2009/07/16 17:11:34 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GOL_byHasbro
[2009/06/30 19:33:52 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GSC 2.00
[2010/06/28 06:39:00 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\gtk-2.0
[2010/05/14 13:30:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\HdO Adventure
[2010/02/22 23:20:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\InfraRecorder
[2010/07/14 20:39:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\KranX Productions
[2010/06/21 13:38:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Lazy Turtle Games
[2009/09/15 13:48:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Leadertech
[2010/07/26 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\LolClient
[2010/03/28 00:20:05 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/06/11 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Ludia
[2009/11/02 09:47:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Magic Academy 2
[2009/12/08 10:12:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MastersOfMystery2
[2009/08/20 16:19:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Meridian93
[2010/09/25 15:16:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Merscom
[2010/06/22 22:38:53 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\mjusbsp
[2011/01/19 02:34:26 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MusicNet
[2010/07/08 17:57:46 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mutant Arcade
[2011/05/03 10:51:41 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mystery of Mortlake Mansion
[2009/12/25 10:37:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MysteryStudio
[2009/11/15 08:38:42 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mysteryville2
[2011/07/03 13:27:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\NetMedia Providers
[2010/06/24 09:02:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Oberon Media
[2013/02/19 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\OpenOffice.org
[2012/07/12 11:31:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PDAppFlex
[2011/02/10 12:18:20 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Phantasmat_bf_se1
[2013/06/23 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Photobucket
[2009/05/26 12:10:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PictureMover
[2012/07/15 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PlayFirst
[2011/02/28 09:49:55 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PlayPond
[2009/11/16 17:29:43 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Playrix Entertainment
[2010/01/09 22:15:39 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PoBros
[2010/01/21 16:26:22 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Princess Isabella
[2011/07/02 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Publish Providers
[2011/02/28 11:30:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\QB9
[2010/06/29 16:15:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Quirky Games
[2009/11/21 09:51:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Righteous Kill
[2010/04/11 15:26:22 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Settlement. Colossus
[2010/07/05 18:11:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SevenSails
[2010/03/30 10:53:31 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Silverback Productions
[2010/08/15 13:26:07 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Sky Bros
[2013/06/20 23:34:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SoftGrid Client
[2013/03/18 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Sony
[2010/09/02 12:01:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Specialbit
[2009/08/20 09:18:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SpinTop
[2009/08/20 09:18:40 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SpinTop Games
[2012/02/06 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/09/24 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Stamps.com Internet Postage
[2013/06/11 08:19:30 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SumatraPDF
[2011/03/13 01:33:01 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SynthMaker
[2011/10/18 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Temp
[2009/05/29 13:26:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Template
[2010/01/21 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TheFixerUpper
[2010/06/05 16:40:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Tific
[2010/02/02 13:02:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TitanicMystery
[2009/11/19 14:42:31 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TMInc
[2009/12/14 12:46:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Total Eclipse
[2011/05/01 19:37:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TP
[2013/03/14 13:50:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TuneUp Software
[2011/09/27 20:43:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Unity
[2009/07/20 07:31:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\V-Games
[2010/06/09 19:03:33 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\VampireSaga
[2011/11/28 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Visan
[2011/07/08 08:50:58 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Vogat Interactive
[2010/01/20 02:12:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WeatherBug
[2012/07/15 17:03:41 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WildTangent
[2010/07/01 12:10:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WildTangentv1000
[2009/06/24 17:25:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WinBatch
[2013/05/17 22:42:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Yontoo
[2011/05/01 19:38:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/04/06 20:19:29 | 003,079,680 | ---- | M] (Microsoft Corporation) MD5=513619A8ABBF19F34D4308E91D1EC89D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.20610_none_b038be1d4865a6ca\explorer.exe
[2009/04/06 20:19:29 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=5EF11AC92B68B4B8058A3A4F037F26CE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.20610_none_ba8d686f7cc668c5\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\erdnt\cache86\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SERVICES.EXE >
[2008/01/20 22:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\erdnt\cache64\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 22:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache86\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\erdnt\cache64\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache86\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\erdnt\cache64\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< dir C:\ /S /A:L /C >
Volume in drive C is HP
Volume Serial Number is 02E3-F964
Directory of C:\
11/02/2006 11:42 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 11:42 AM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 11:42 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 11:42 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 11:42 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 11:42 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 11:42 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 11:42 AM <SYMLINKD> All Users [C:\ProgramData]
11/02/2006 11:42 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 11:42 AM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 11:42 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 11:42 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 11:42 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 11:42 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 11:42 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 11:42 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
11/02/2006 11:42 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
11/02/2006 11:42 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
11/02/2006 11:42 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006 11:42 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006 11:42 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006 11:42 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006 11:42 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006 11:42 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 11:42 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
11/02/2006 11:42 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006 11:42 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 11:42 AM <JUNCTION> My Music [C:\Users\Default\Music]
11/02/2006 11:42 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
11/02/2006 11:42 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 11:42 AM <JUNCTION> My Music [C:\Users\Public\Music]
11/02/2006 11:42 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
11/02/2006 11:42 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Tracy
05/26/2009 11:57 AM <JUNCTION> Application Data [C:\Users\Tracy\AppData\Roaming]
05/26/2009 11:57 AM <JUNCTION> Cookies [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Cookies]
05/26/2009 11:57 AM <JUNCTION> Local Settings [C:\Users\Tracy\AppData\Local]
05/26/2009 11:57 AM <JUNCTION> My Documents [C:\Users\Tracy\Documents]
05/26/2009 11:57 AM <JUNCTION> NetHood [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/26/2009 11:57 AM <JUNCTION> PrintHood [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/26/2009 11:57 AM <JUNCTION> Recent [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Recent]
05/26/2009 11:57 AM <JUNCTION> SendTo [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\SendTo]
05/26/2009 11:57 AM <JUNCTION> Start Menu [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu]
05/26/2009 11:57 AM <JUNCTION> Templates [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Tracy\AppData\Local
05/26/2009 11:57 AM <JUNCTION> Application Data [C:\Users\Tracy\AppData\Local]
05/26/2009 11:57 AM <JUNCTION> History [C:\Users\Tracy\AppData\Local\Microsoft\Windows\History]
05/26/2009 11:57 AM <JUNCTION> Temporary Internet Files [C:\Users\Tracy\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Tracy\AppData\LocalLow
09/14/2010 06:36 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Tracy\Documents
05/26/2009 11:57 AM <JUNCTION> My Music [C:\Users\Tracy\Music]
05/26/2009 11:57 AM <JUNCTION> My Pictures [C:\Users\Tracy\Pictures]
05/26/2009 11:57 AM <JUNCTION> My Videos [C:\Users\Tracy\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 459,323,826,176 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:D37966A8
@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:68FB0053
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:2AFE59F2
@Alternate Data Stream - 256 bytes -> C:\ProgramData\Temp:D086B88D
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:AFB24B00
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:F69BB936
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:8908BDEA
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:922DA2DB
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:F3572D79
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:88A44CC1
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:FC70A22A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:B7E2DE81
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:689E7F7D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A5584049
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4F7FE589
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:3BA734DE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F5BB3657
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:4D551822
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:02E56DC6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:88C0A705
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:489F57C3
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0BBF232A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:A4AF8D0D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:97C6B915
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:599BCADA
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FC836199
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6F3094D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6D6E537
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5CE91C67
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A5241382
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5080697C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1B389835
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:C0A9B815
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:80EA2EA3
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:6BFA43EB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4A448DB2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CADE3CFB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:68B61847
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:61AF2B29
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:109734F6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:08390D61
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2BFCDF84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DD311F1E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:B741B2C2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5BBAFAAC
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:7631EA83
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:6017A808
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:E411AA0D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:0353F880
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:CA0CE093
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:95DD2596
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:0C13C008
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:ED9B661E
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:45912F61
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:FA3C0A0A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:58D2A680
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:73C25840
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:7C60A173
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:CA4300C6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:7F7562E0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:BAC8C0F7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:B3A1E064
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:8BB2EC84
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:4303A637
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:99F81364
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:AABCC5A7

< End of report >

#4
tjones813

Posted 16 July 2013 - 08:10 PM

Member

Topic Starter
Member
10 posts

Extras.txt

OTL Extras logfile created on: 7/16/2013 9:47:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracy\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.29 Gb Available Physical Memory | 54.91% Memory free
12.17 Gb Paging File | 9.60 Gb Available in Paging File | 78.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.32 Gb Total Space | 428.50 Gb Free Space | 73.46% Space Free | Partition Type: NTFS
Drive D: | 12.85 Gb Total Space | 1.80 Gb Free Space | 14.05% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Tracy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 93 6B 3A F4 BE 12 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022700E4-C3AA-47CE-9064-0DA284A1069D}" = lport=8371 | protocol=6 | dir=in | name=league of legends launcher |
"{02B07793-F2E3-4736-B70A-849C06750676}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{05ABA71E-A39E-485C-AB25-3F163A727CA4}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
"{07728343-016F-4665-8526-24448A5DD282}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{20165D07-8C71-4C2A-8802-F55EE915C63D}" = lport=137 | protocol=17 | dir=in | app=system |
"{2E951453-720A-4249-9586-05D7AA4727B7}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{3A4F6A3F-BF41-4CC5-9A62-8B6C6FEB2237}" = rport=137 | protocol=17 | dir=out | app=system |
"{4C8A3050-1BCF-40CA-88F7-D661D8574826}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{5F5571BF-7784-4DD2-A62E-AA7E6F4F997A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{68E381D1-3048-49AB-93AA-D5484AFBE1BF}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{6CBD6722-9D6F-4FE4-87EF-9BD830111370}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{83F46227-0988-420F-BBF4-C8825C7DF139}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
"{8E606540-D504-4C38-BCAD-58C2484B3B85}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9123154A-33DD-46AE-81F3-C4DA2252E732}" = rport=139 | protocol=6 | dir=out | app=system |
"{928511F3-B73E-451C-BD91-69BBD006055A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97D3829D-418C-4F3F-B146-EEABFA7CD53C}" = lport=138 | protocol=17 | dir=in | app=system |
"{A1A4655B-AED0-49FF-94A3-E9ED072EB07B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B2484551-66BB-44DE-B03C-DC072C9C9099}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B4BC3A86-3241-42E2-9594-17FFFC1CF457}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{B6D58AD9-F690-405C-97A3-C7F44311ECBB}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher |
"{BED21D73-DAD4-42E5-92CE-41A741AA704C}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF347618-1D11-4A54-9DF1-0483AEEE40C2}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1881663-3440-4B3A-BBDF-8A04EC062FC7}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{D9D0546E-2AE9-4DB6-B1A7-2C50811443EF}" = lport=8371 | protocol=17 | dir=in | name=league of legends launcher |
"{DF6299E0-1133-48C9-86C4-0E949F4EB961}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E05E59A8-EC9E-43C5-A3C4-4B37E736FD7A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E7FF0742-5E15-43F4-AAEB-A666E946C452}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{E9FAFCC6-959C-4A5C-8405-5CC1C62F6DD3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EC2F3F3F-02D5-4C2D-939B-5C3E8B813430}" = lport=445 | protocol=6 | dir=in | app=system |
"{EF3E6CE9-3C6D-46EA-B5CA-301D9F88699C}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{F34EE361-3696-48D9-8F77-B0BF37004ECC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F4B8ADE0-A2AF-4DF5-8774-CA4AA5DCE99D}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher |
"{F5523455-8AE3-44F3-B329-AC389FF83254}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FCE6175C-7C39-45C2-B171-7F9E1B69A76D}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A6718A-8E09-4CA1-B8B5-A4C0044A7758}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{01BC55B3-328C-4F2A-A108-ABBFE63C8F69}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{01FF8286-39C6-4FE0-947D-244AA268C7D3}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{024213FA-3AA4-4D2F-883D-8C6B41C5557C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{03B87268-8026-4964-AB74-9442A9527DD3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{03F0A393-423E-44EF-A0BE-EF8AEF115BE6}" = protocol=1 | dir=in | [email protected],-28543 |
"{0512BC72-EB54-4FA7-97B3-C23E6FC60423}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{07DB9B34-D3D1-4219-BE38-0D85CDA5DB4A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0BC4327E-A702-4730-8DB0-F5FA0A346E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{10C51848-1D42-419E-B183-C2CBB90157CC}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{12258B35-15E9-470A-BBFC-A635CB5409EB}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{130C89D7-9708-4AA3-B83A-A0685C1DE471}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{167BAC5F-66F1-496E-83FE-FEC1BBECD937}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{19B38282-0574-4BD4-AC87-977594D7427A}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{1AA0F2F2-94E2-4504-885E-D3869579E666}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{219B88B5-8CF7-44FC-BF8E-0F4B14B47A3F}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{2269EF80-7F0A-420E-9296-E1C90C21F06F}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{24900319-4DF6-452B-A7B8-0E6CC326E400}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{28FF4D64-F878-4127-B93D-D44969ED30CD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{290A621F-B02E-4B9F-B49F-C0A4D520BB86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{299968B8-AC3A-41FD-890E-D9F01DC9916D}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{29C06FFF-141B-4984-A985-333831B5C6C3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{2A96866F-DDCA-45B1-AAB1-7B72761C51BB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{2B9065E4-B38A-4B2E-95FE-85B9D17C4F26}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{2E8905DE-ABEA-470B-A959-3A8C1B226F2F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{2F5AB145-62E8-499E-9A61-01F50FF90186}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3296C788-A0B8-4E65-B1F5-EC49A46E940D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{338FDA43-648D-4155-934B-361D659E3100}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{351991C6-9C1B-465E-B4D8-0428FDDF5A8C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{38D50BD5-ED1F-4846-BDA4-483A328E5418}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{3AF51FA2-B88F-428F-9E02-E9CA3ECCEE85}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{3B0C5432-6F40-4547-82F8-DC3789AD5A94}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{3B589690-2BBF-48C7-848C-92DDB873E450}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{3BEA67E9-4868-4976-B2A3-36AD9BCC73E8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{40E22F0C-86DC-4D45-809F-9B0AF2C978B4}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{4105241A-5238-49F2-B4C7-D7CBCFDC29E4}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{4192A315-A563-4E1B-AE59-D9A4E3A8B7BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4317138B-437F-49BD-8192-28813CD80D6E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{45E03FD5-D6DB-4C3A-AC2D-8A62323D38C1}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{46583094-2E15-4760-806C-F67B4631FD35}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{4BE629F0-2CE7-411F-98C9-D180DF40F454}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{500E9717-D26C-4264-87DE-3CBC217C565A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{51045EF8-309A-46FB-8969-AD2B2F59526B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{546DFAA5-E74F-4E4B-AE14-D4AFF06AF8A9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{561FED2D-11D0-4C97-AC96-970D18D1F9AE}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{57B2F6AF-126A-4221-9FE3-BBCC11331CD4}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{57FCFD95-FA80-41B1-9D3D-F09B6C1CFE52}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{59E43124-7209-4202-A50D-7DA2F8934855}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{611FE97C-92B7-45D4-B3DB-603B9F4D4BC0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{64E2D6B5-49E9-4772-9F86-229FBD1166C3}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{64FC7C2C-2796-443A-A29A-04D3D21CF502}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{66905D88-9026-4726-9994-B6897723AD45}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{6918E4AE-D8FC-49E8-91AF-97584B62BE41}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{6974B65A-A961-411A-9250-58AEA79B446E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{73703FB0-8C6A-4149-B0D9-6E68B5193BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe |
"{77E6B2DC-097D-47A2-93F3-13502B8B59E1}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{7EB78C91-089F-4FD2-A41A-FC1F38C8A075}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{7F3023F6-E0BE-481B-93E5-A1858C22A94A}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{84C9FDA6-8C7C-422F-8743-1A042290B5A6}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{88FED118-615F-438B-B92D-3F3D0BE98FBF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{8D0EAA2F-3BE0-4A95-9BE3-EE96942FBADA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{921A0520-0EF5-4431-8C05-923A682FB78A}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe |
"{92B91EDE-1B5A-47EC-A9EA-34ABBA2D18CA}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{96898CE9-192A-4DEA-B9EB-D737DB37C694}" = protocol=58 | dir=out | [email protected],-28546 |
"{997E864A-F5DD-4B95-BCA5-6F2FB3D33FBA}" = protocol=58 | dir=in | [email protected],-28545 |
"{9C5ADA5A-8B26-40CD-B8FA-07ED6C8D8CF0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{A439F425-25C3-4E98-9300-579C2E95554D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{A5C5E630-7261-4BF8-B147-EEEF3A825593}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{A7EC8AC5-3F0A-4A61-B7B2-15E90C427E78}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{AA019790-B637-4C83-B635-A4602D759294}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{AD5FF138-1CB5-4A97-8D6B-12451183F058}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{ADCA02ED-AE0E-4D6C-8533-B84090B1E19F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe |
"{B65DBA5B-6B96-4AD2-9D91-B146DC30B1E4}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{B92EE5DB-2620-4683-9577-7517B5BC7BAC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{BA155227-44B7-4386-996C-9A88B8FFD130}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{BB185B0F-AED3-4E5F-BD81-228FAFB2E219}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{BDF03952-A3C8-4CEC-9FDA-54CEB244E348}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{BE1AFBA7-8F6A-4EBF-B6D4-49236EE74A7C}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{BF588ABB-0221-4544-9974-D3881871A742}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{C2387B47-1B9C-41D9-9042-0ACF2A82BB74}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe |
"{C50D73B4-EF90-4012-876B-3393A9073292}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CB4D2707-9791-4F0C-B05B-50FEAD7CD5E5}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{CF04C498-25F7-4A19-B546-171C583091C9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{CF4CA510-FA3E-4102-A0C2-EC3764938F5B}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{D46994EA-3A54-47B7-AE59-DE7B013C8BDA}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{D962BC8C-1854-4CE3-9D2B-6D998B9BE5DD}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{DA9B1FE2-C828-4A42-A306-886B312D12FF}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{DC13E10A-C998-4B67-ABB7-C1608E9D64F1}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{DCE125B2-5753-4128-8EE8-7ACF983E1C7E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{E0271837-E16C-4B23-9DEC-B4C0CA15EFC7}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{E0DF3D7B-6F0A-4FD8-B6B3-4917F26B388A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{E2A8918E-0706-4D0D-897C-DE4BE52C029A}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{E9286A07-14A7-43D5-BDF0-BCE89E081C8A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{EB8C4488-8AC6-432A-84B3-8578D785BE7F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{EC2E83AF-3A3F-4761-8BFC-30EDADB7838E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{ED2D3C4E-68D9-42FA-B8A1-5A02B0B6D4DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{F1AEF8F4-51BB-4FBC-A126-0B21719AE75F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{F29005AF-F1B1-46E6-8810-03E7863B917A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{F2EE4088-C1B5-4937-B3A0-D865AF5EB620}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{F60A8697-5934-4B99-8CB7-E8385A75229D}" = protocol=1 | dir=out | [email protected],-28544 |
"{FD86B81B-18DA-4C73-8385-F2C6F109B509}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"TCP Query User{039F517F-0782-46AC-B000-DDB9E751F000}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe |
"TCP Query User{28F9E780-56A0-479B-8894-2E566D489E71}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe |
"TCP Query User{4C21DCA0-69C1-4787-A868-6F2639EB1A86}C:\users\tracy\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tracy\appdata\roaming\spotify\spotify.exe |
"TCP Query User{AD30FB7C-FDF2-471A-8E12-7D9F8465EAB7}C:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{C7B2F589-F065-4E50-8024-E9323CB53785}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{ED7E4D2E-86AF-4D38-A669-2686885AE235}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{7C391D61-79DA-4269-BF1D-1E58FCF70FFE}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe |
"UDP Query User{89BE46D5-9B35-4B57-BC15-967C0648A4E4}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe |
"UDP Query User{91B0F4CF-9036-4230-BBFC-49B53C02F927}C:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{9BC50BF9-B1C6-4378-A712-08C0EBEB3525}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F0D7A2EE-9E4B-4A2E-BA3A-B8409DE580F0}C:\users\tracy\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tracy\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F40146ED-C932-4F28-83BD-373CDC7D090A}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5848A26C-E4BC-4A13-AA8D-810BA344475A}" = HP Deskjet 1050 J410 series Product Improvement Study
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB94D541-A747-4A5D-B0ED-72FA5C158EA5}" = HP Deskjet 1050 J410 series Basic Device Software
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MyPC Backup" = MyPC Backup
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"SP6" = Logitech SetPoint 6.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}" = Microsoft Office Word 2007 Get Started Tab
"{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}" = Google Talk Plugin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{98813202-6C6E-4ABE-A128-6E8FB3368BE0}" = Photobucket Backup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6174060-52D9-4886-8DBF-4EBF7C1CBCAA}" = MSRedx64
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}" = ASPCA Reminder by We-Care.com v4.1.22.1
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All in one Cleaner_is1" = All in one Cleaner ver.1.0
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"BFGC" = Big Fish Games: Game Manager
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
"DivX Setup.divx.com" = DivX Setup
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"GSC 2.00" = GSC 2.00
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"HP Photo Creations" = HP Photo Creations
"InfoAtoms" = InfoAtoms [Uninstall]
"InfraRecorder" = InfraRecorder
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton Security Suite
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PrintProjects" = PrintProjects
"PROR" = Microsoft Office Professional 2007 Trial
"pywin32-py2.6" = Python 2.6 pywin32-212
"RCA Updater_is1" = RCA Updater 1.0.4.0
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Revo Uninstaller" = Revo Uninstaller 1.94
"WildTangent hp Master Uninstall" = HP Games
"WTA-13297198-2c1c-4ec0-8289-e63254350512" = Jet Set Go
"WTA-1a4acc6b-ec1c-4ea0-a54b-d0f13aba37f0" = SpongeBob Diner Dash 2
"WTA-1a5b80a7-02fa-4742-ac34-2af303dd1a3f" = House of 1000 Doors: The Palm of Zoroaster
"WTA-3c469a7b-2118-4c08-8a5b-3fbbd1ed9c8e" = Dream Day True Love
"WTA-468cad6f-2ea2-40c5-9454-9f271b2eed67" = SpongeBob: Clash of Triton
"WTA-8a3db7d7-8fa9-4f29-9807-ae62361d9dee" = Fiction Fixers Adventures in Wonderland
"WTA-d48cc8be-0369-4390-9a62-50a418bea6a7" = Mystery of Mortlake Mansion
"WTA-e261a836-8501-4e28-9bf9-dd27358d328c" = Dora the Explorer - Swiper's Big Adventure

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DSite" = Update for PDF Reader
"PDF Reader" = PDF Reader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/15/2013 4:36:55 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1061

Error - 7/15/2013 9:04:03 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/15/2013 9:04:03 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1139

Error - 7/15/2013 9:04:03 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1139

Error - 7/15/2013 9:04:04 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/15/2013 9:04:04 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2200

Error - 7/15/2013 9:04:04 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2200

Error - 7/16/2013 1:07:41 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 17 4.1.168.192.in-addr.arpa.
PTR Home-PC-2.local.

Error - 7/16/2013 1:07:41 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 15 4.1.168.192.in-addr.arpa.
PTR Home-PC.local.

Error - 7/16/2013 1:08:21 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 5/19/2012 3:55:28 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/19/2012 5:57:41 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 1:31:59 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 12:04:33 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 2:27:30 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 12:21:48 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 1:38:59 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 12:01:48 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 12:58:13 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 3:40:15 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 7/16/2013 1:15:13 PM | Computer Name = Home-PC | Source = DCOM | ID = 10005
Description =

Error - 7/16/2013 1:15:13 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/16/2013 1:15:13 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/16/2013 1:15:51 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/16/2013 1:16:25 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/16/2013 1:16:25 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/16/2013 1:18:21 PM | Computer Name = Home-PC | Source = DCOM | ID = 10005
Description =

Error - 7/16/2013 1:18:21 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/16/2013 1:18:21 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/16/2013 1:20:29 PM | Computer Name = Home-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

< End of report >

#5
tjones813

Posted 16 July 2013 - 08:27 PM

Member

Topic Starter
Member
10 posts

GMER log

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-16 22:24:26
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.1AA0 596.17GB
Running: s34du9nb.exe; Driver: C:\Users\Tracy\AppData\Local\Temp\kwldipow.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600014f700 3 bytes [40, 83, 02]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 4 fffff9600014f704 3 bytes [C1, BB, FA]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 000000010008020c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 0000000100070930
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 0000000100070bd6
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 0000000100070d9a
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001000802ee
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001000803d0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 0000000100070a12
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 0000000100080048
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 0000000100070f5e
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 0000000100070cb8
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 0000000100070e7c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 000000010008012a
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 0000000100070af4
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 0000000100070768
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 0000000100070210
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 000000010007012c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 000000010007084c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 00000001000703d8
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 0000000100070048
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 0000000100070684
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 00000001000704bc
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001000702f4
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes {JS 0xffffffffffffff8b; JMP 0xfffffffffffffffd}
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 00000001000804b2
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 000000010039020c
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 0000000100380930
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 0000000100380bd6
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 0000000100380d9a
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001003902ee
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001003903d0
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010003004c
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 0000000100380a12
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 0000000100390048
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 0000000100380f5e
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 0000000100380cb8
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 0000000100380e7c
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 000000010039012a
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 0000000100380af4
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 00000001003904b2
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 0000000100380768
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 0000000100380210
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 000000010038012c
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 000000010038084c
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 00000001003803d8
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 0000000100380048
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 0000000100380684
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 00000001003804bc
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001003802f4
.text C:\Windows\SysWOW64\CSHelper.exe[1840] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes [A9, 89, EB, F9]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 000000010020020c
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 00000001001f0930
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 00000001001f0bd6
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 00000001001f0d9a
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001002002ee
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001002003d0
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 00000001001f0a12
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 0000000100200048
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 00000001001f0f5e
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 00000001001f0cb8
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 00000001001f0e7c
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 000000010020012a
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 00000001001f0af4
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 00000001001f0768
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 00000001001f0210
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 00000001001f012c
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 00000001001f084c
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 3 bytes JMP 00000001001f03d8
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 147 00000000768e662d 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 3 bytes JMP 00000001001f0048
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 274 00000000768e6740 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 3 bytes JMP 00000001001f0684
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 255 00000000768e6dd8 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 3 bytes JMP 00000001001f04bc
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 423 00000000768e6f80 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001001f02f4
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 191 00000000768e72a0 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1900] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 0000000100200594
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 000000010008020c
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 0000000100070930
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 0000000100070bd6
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 0000000100070d9a
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001000802ee
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001000803d0
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 0000000100070a12
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 0000000100080048
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 0000000100070f5e
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 0000000100070cb8
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 0000000100070e7c
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 000000010008012a
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 0000000100070af4
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 0000000100080594
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 0000000100070768
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 0000000100070210
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 000000010007012c
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 000000010007084c
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 00000001000703d8
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 0000000100070048
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 0000000100070684
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 00000001000704bc
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001000702f4
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes {JS 0xffffffffffffff8b; JMP 0xfffffffffffffffd}
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 00000001002a020c
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 0000000100290930
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 0000000100290bd6
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 0000000100290d9a
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001002a02ee
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001002a03d0
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 00000001001b004c
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 0000000100290a12
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 00000001002a0048
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 0000000100290f5e
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 0000000100290cb8
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 0000000100290e7c
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 00000001002a012a
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 0000000100290af4
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 0000000100290768
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 000000010029084c
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 0000000100290048
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 0000000100290684
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 00000001002904bc
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes [9A, 89, EB, F9]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1156] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 00000001002a0594
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 0000000100a7020c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 0000000100a60930
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 0000000100a60bd6
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 0000000100a60d9a
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 0000000100a702ee
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 0000000100a703d0
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010007004c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 0000000100a60a12
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 0000000100a70048
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 0000000100a60f5e
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 0000000100a60cb8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 0000000100a60e7c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 0000000100a7012a
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 0000000100a60af4
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 0000000100a70594
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 0000000100a60768
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 0000000100a60210
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 0000000100a6012c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 0000000100a6084c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 0000000100a603d8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 0000000100a60048
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 0000000100a60684
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 0000000100a604bc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 0000000100a602f4
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes [17, 8A, EB, F9]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 00000001000f020c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 00000001000a0930
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 00000001000a0bd6
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 00000001000a0d9a
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001000f02ee
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001000f03d0
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010008004c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 00000001000a0a12
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 00000001000f0048
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 00000001000a0f5e
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 00000001000a0cb8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 00000001000a0e7c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 00000001000f012a
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 00000001000a0af4
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 00000001000a0768
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 00000001000a0210
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 00000001000a012c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 00000001000a084c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 00000001000a03d8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 00000001000a0048
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 00000001000a0684
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 00000001000a04bc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001000a02f4
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes {JNP 0xffffffffffffff8b; JMP 0xfffffffffffffffd}
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2080] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 00000001000f0594
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 000000010020020c
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 00000001001f0930
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 00000001001f0bd6
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 00000001001f0d9a
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001002002ee
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001002003d0
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 00000001001f0a12
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 0000000100200048
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 00000001001f0f5e
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 00000001001f0cb8
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 00000001001f0e7c
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 000000010020012a
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 00000001001f0af4
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 00000001002004b2
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 00000001001f0768
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 00000001001f0210
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 00000001001f012c
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 00000001001f084c
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 3 bytes JMP 00000001001f03d8
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 147 00000000768e662d 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 3 bytes JMP 00000001001f0048
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 274 00000000768e6740 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 3 bytes JMP 00000001001f0684
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 255 00000000768e6dd8 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 3 bytes JMP 00000001001f04bc
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 423 00000000768e6f80 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001001f02f4
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2716] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 191 00000000768e72a0 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 00000001001c020c
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 00000001001b0930
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 00000001001b0bd6
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 00000001001b0d9a
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001001c02ee
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001001c03d0
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 00000001001b0a12
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 00000001001c0048
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 00000001001b0f5e
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 00000001001b0cb8
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 00000001001b0e7c
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 00000001001c012a
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 00000001001b0af4
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 00000001001c04b2
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 00000001001b0768
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 00000001001b0210
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 3 bytes JMP 00000001001b012c
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 259 00000000768a9fb7 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 3 bytes JMP 00000001001b084c
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 197 00000000768aa07d 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 00000001001b03d8
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 00000001001b0048
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 00000001001b0684
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 00000001001b04bc
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001001b02f4
.text C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2732] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes [8C, 89, EB, F9]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 00000001000c020c
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 0000000100060930
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 0000000100060bd6
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 0000000100060d9a
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001000c02ee
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001000c03d0
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 0000000100060a12
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 00000001000c0048
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 0000000100060f5e
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 0000000100060cb8
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 0000000100060e7c
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 00000001000c012a
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 0000000100060af4
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 00000001000c0758
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 0000000100060768
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 0000000100060210
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 000000010006012c
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 000000010006084c
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 00000001000603d8
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 0000000100060048
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 0000000100060684
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 00000001000604bc
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001000602f4
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[2772] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes {JA 0xffffffffffffff8b; JMP 0xfffffffffffffffd}
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 00000001001f020c
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 00000001001e0930
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 00000001001e0bd6
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 00000001001e0d9a
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001001f02ee
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001001f03d0
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 00000001001e0a12
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 00000001001f0048
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 00000001001e0f5e
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 00000001001e0cb8
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 00000001001e0e7c
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 00000001001f012a
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 00000001001e0af4
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 3 bytes JMP 00000001001f0594
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 878 00000000758eab56 3 bytes [8A, EB, F9]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 00000001001e0768
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 00000001001e0210
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 00000001001e012c
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 00000001001e084c
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 00000001001e03d8
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 00000001001e0048
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 00000001001e0684
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 00000001001e04bc
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001001e02f4
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3044] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes [8F, 89, EB, F9]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 000000010021020c
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 0000000100200930
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 0000000100200bd6
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 0000000100200d9a
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001002102ee
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001002103d0
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 0000000100200a12
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 0000000100210048
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 0000000100200f5e
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 0000000100200cb8
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 0000000100200e7c
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 000000010021012a
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 0000000100200af4
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 0000000100200768
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 0000000100200210
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 000000010020012c
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 000000010020084c
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 00000001002003d8
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 0000000100200048
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 0000000100200684
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 00000001002004bc
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001002002f4
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes [91, 89, EB, F9]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3244] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 00000001002104b2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 00000001000a020c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 0000000100090930
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 0000000100090bd6
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 0000000100090d9a
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001000a02ee
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001000a03d0
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010007004c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 0000000100090a12
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 00000001000a0048
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 0000000100090f5e
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 0000000100090cb8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 0000000100090e7c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 00000001000a012a
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 0000000100090af4
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 0000000100090768
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 0000000100090210
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 000000010009012c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 000000010009084c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 00000001000903d8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 0000000100090048
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 0000000100090684
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 00000001000904bc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001000902f4
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes {JP 0xffffffffffffff8b; JMP 0xfffffffffffffffd}
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3344] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 00000001000a0594
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 000000010033020c
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 0000000100320930
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 0000000100320bd6
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 0000000100320d9a
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001003302ee
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001003303d0
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 0000000100320a12
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 0000000100330048
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 0000000100320f5e
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 0000000100320cb8
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 0000000100320e7c
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 000000010033012a
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 0000000100320af4
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 0000000100330594
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 0000000100320768
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 0000000100320210
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 000000010032012c
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 000000010032084c
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 00000001003203d8
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 0000000100320048
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 0000000100320684
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 00000001003204bc
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001003202f4
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3524] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes [A3, 89, EB, F9]
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 00000001001c020c
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 00000001001b0930
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 00000001001b0bd6
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 00000001001b0d9a
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001001c02ee
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001001c03d0
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 00000001001b0a12
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 00000001001c0048
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 00000001001b0f5e
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 00000001001b0cb8
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 00000001001b0e7c
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 00000001001c012a
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 00000001001b0af4
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 00000001001c0758
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 00000001001b0768
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 00000001001b0210
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 3 bytes JMP 00000001001b012c
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 259 00000000768a9fb7 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 3 bytes JMP 00000001001b084c
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 197 00000000768aa07d 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 00000001001b03d8
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 00000001001b0048
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 00000001001b0684
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 00000001001b04bc
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001001b02f4
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[4572] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes [8C, 89, EB, F9]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 000000010020020c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 00000001001a0930
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 00000001001a0bd6
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 00000001001a0d9a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001002002ee
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001002003d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 00000001001a0a12
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 0000000100200048
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 00000001001a0f5e
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 00000001001a0cb8
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 00000001001a0e7c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 000000010020012a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 00000001001a0af4
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 00000001001a0768
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 00000001001a0210
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 00000001001a012c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 00000001001a084c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 00000001001a03d8
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 00000001001a0048
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 00000001001a0684
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 00000001001a04bc
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001001a02f4
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes [8B, 89, EB, F9]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 0000000100200758
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 000000010008020c
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 0000000100070930
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 0000000100070bd6
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 0000000100070d9a
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001000802ee
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001000803d0
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 0000000100070a12
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 0000000100080048
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 0000000100070f5e
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 0000000100070cb8
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 0000000100070e7c
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 000000010008012a
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 0000000100070af4
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 0000000100080758
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 0000000100070768
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 0000000100070210
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 000000010007012c
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 000000010007084c
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 00000001000703d8
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 0000000100070048
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 0000000100070684
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 7 bytes JMP 00000001000704bc
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001000702f4
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4988] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 00000000768e729f 4 bytes {JS 0xffffffffffffff8b; JMP 0xfffffffffffffffd}
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 000000010020020c
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 00000001001f0930
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 00000001001f0bd6
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 00000001001f0d9a
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001002002ee
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 00000001002003d0
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 00000001001f0a12
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 0000000100200048
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 00000001001f0f5e
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 00000001001f0cb8
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 00000001001f0e7c
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 000000010020012a
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 00000001001f0af4
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 0000000100200594
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 00000001001f0768
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 00000001001f0210
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 00000001001f012c
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 00000001001f084c
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 3 bytes JMP 00000001001f03d8
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 147 00000000768e662d 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 3 bytes JMP 00000001001f0048
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 274 00000000768e6740 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 3 bytes JMP 00000001001f0684
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 255 00000000768e6dd8 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 3 bytes JMP 00000001001f04bc
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 423 00000000768e6f80 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 2 bytes JMP 00000001001f02f4
.text C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe[4528] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 191 00000000768e72a0 3 bytes [89, EB, F9]
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c09758 5 bytes JMP 000000010027091c
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c098a8 5 bytes JMP 0000000100270048
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c09938 5 bytes JMP 00000001002702ee
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c09a88 5 bytes JMP 00000001002704b2
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c09ab8 5 bytes JMP 00000001002709fe
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c09ae8 5 bytes JMP 0000000100270ae0
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c09b00 5 bytes JMP 000000010002004c
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c0a208 5 bytes JMP 000000010027012a
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c0a2e0 5 bytes JMP 0000000100270758
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c0a2f8 5 bytes JMP 0000000100270676
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c0a7d0 5 bytes JMP 00000001002703d0
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c0b24c 5 bytes JMP 0000000100270594
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c0b4d4 5 bytes JMP 000000010027083a
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077c0b624 5 bytes JMP 000000010027020c
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000076882eb8 7 bytes JMP 00000001002802f4
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 000000007688834f 7 bytes JMP 0000000100270d8a
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 00000000768a9fb3 7 bytes JMP 0000000100270ca6
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 00000000768aa079 7 bytes JMP 00000001002803d8
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 00000000768e6629 7 bytes JMP 0000000100270f52
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 00000000768e673c 7 bytes JMP 0000000100270bc2
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 00000000768e6dd4 7 bytes JMP 0000000100280210
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 00000000768e6f7c 2 bytes JMP 0000000100280048
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 422 00000000768e6f7f 4 bytes [99, 89, EB, F9]
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 00000000768e729c 7 bytes JMP 0000000100270e6e
.text C:\Users\Tracy\Downloads\s34du9nb.exe[3908] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000758eab52 7 bytes JMP 00000001002804bc

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f63b073b-d2dd-4d34-af17-db5224912fb9}@Dhcpv6State 0

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

#6
maliprog

Posted 16 July 2013 - 11:24 PM

Trusted Helper

Malware Removal
6,172 posts

Hi tjones813,

Step 1

Download the adwCleaner

Run the Tool
(Windows Vista and Windows 7 users: right click in the adwCleaner.exe and select the Run as Administrator option)
Select the Delete button.
When the scan completes, it will open a notepad windows.
Please, copy the content of this file in your next reply.

Step 2

We need to remove AVG from your system. Please download AVG Remover for your version and run it in order to remove AVG.

Step 3

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2013/04/11 10:18:30 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Tracy\AppData\Local\BcsKtYcHW.dll
[2013/06/23 10:04:23 | 000,893,239 | ---- | M] () -- C:\Users\Tracy\AppData\Local\a.zip
[2009/12/28 13:23:45 | 000,101,492 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp15771412.0
[2009/12/28 13:23:45 | 000,086,908 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp15771412.JPG
@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:D37966A8
@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:68FB0053
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:2AFE59F2
@Alternate Data Stream - 256 bytes -> C:\ProgramData\Temp:D086B88D
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:AFB24B00
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:F69BB936
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:8908BDEA
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:922DA2DB
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:F3572D79
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:88A44CC1
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:FC70A22A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:B7E2DE81
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:689E7F7D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A5584049
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4F7FE589
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:3BA734DE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F5BB3657
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:4D551822
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:02E56DC6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:88C0A705
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:489F57C3
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0BBF232A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:A4AF8D0D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:97C6B915
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:599BCADA
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FC836199
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6F3094D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6D6E537
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5CE91C67
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A5241382
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5080697C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1B389835
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:C0A9B815
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:80EA2EA3
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:6BFA43EB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4A448DB2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CADE3CFB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:68B61847
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:61AF2B29
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:109734F6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:08390D61
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2BFCDF84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DD311F1E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:B741B2C2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5BBAFAAC
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:7631EA83
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:6017A808
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:E411AA0D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:0353F880
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:CA0CE093
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:95DD2596
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:0C13C008
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:ED9B661E
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:45912F61
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:FA3C0A0A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:58D2A680
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:73C25840
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:7C60A173
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:CA4300C6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:7F7562E0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:BAC8C0F7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:B3A1E064
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:8BB2EC84
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:4303A637
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:99F81364
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:AABCC5A7

:Commands
[purity]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 4

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 5

Please don't forget to include these items in your reply:

OTL fix log
Malwarebytes log

It would be helpful if you could post each log in separate post using "Add Reply" button

#7
tjones813

Posted 17 July 2013 - 07:02 AM

Member

Topic Starter
Member
10 posts

Posted something twice, disregard

Edited by tjones813, 17 July 2013 - 07:05 AM.

#8
tjones813

Posted 17 July 2013 - 07:26 AM

Member

Topic Starter
Member
10 posts

OTL fix log

========== OTL ==========
File C:\Users\Tracy\AppData\Local\BcsKtYcHW.dll not found.
File C:\Users\Tracy\AppData\Local\a.zip not found.
C:\Users\Tracy\AppData\Local\tmp15771412.0 moved successfully.
C:\Users\Tracy\AppData\Local\tmp15771412.JPG moved successfully.
ADS C:\ProgramData\Temp:D37966A8 deleted successfully.
ADS C:\ProgramData\Temp:68FB0053 deleted successfully.
ADS C:\ProgramData\Temp:2AFE59F2 deleted successfully.
ADS C:\ProgramData\Temp:D086B88D deleted successfully.
ADS C:\ProgramData\Temp:AFB24B00 deleted successfully.
ADS C:\ProgramData\Temp:F84B8DB5 deleted successfully.
ADS C:\ProgramData\Temp:260575F1 deleted successfully.
ADS C:\ProgramData\Temp:F69BB936 deleted successfully.
ADS C:\ProgramData\Temp:8908BDEA deleted successfully.
ADS C:\ProgramData\Temp:922DA2DB deleted successfully.
ADS C:\ProgramData\Temp:F3572D79 deleted successfully.
ADS C:\ProgramData\Temp:88A44CC1 deleted successfully.
ADS C:\ProgramData\Temp:FC70A22A deleted successfully.
ADS C:\ProgramData\Temp:B7E2DE81 deleted successfully.
ADS C:\ProgramData\Temp:689E7F7D deleted successfully.
ADS C:\ProgramData\Temp:A5584049 deleted successfully.
ADS C:\ProgramData\Temp:4F7FE589 deleted successfully.
ADS C:\ProgramData\Temp:3BA734DE deleted successfully.
ADS C:\ProgramData\Temp:F5BB3657 deleted successfully.
ADS C:\ProgramData\Temp:4D551822 deleted successfully.
ADS C:\ProgramData\Temp:02E56DC6 deleted successfully.
ADS C:\ProgramData\Temp:88C0A705 deleted successfully.
ADS C:\ProgramData\Temp:489F57C3 deleted successfully.
ADS C:\ProgramData\Temp:0BBF232A deleted successfully.
ADS C:\ProgramData\Temp:A4AF8D0D deleted successfully.
ADS C:\ProgramData\Temp:97C6B915 deleted successfully.
ADS C:\ProgramData\Temp:599BCADA deleted successfully.
ADS C:\ProgramData\Temp:FC836199 deleted successfully.
ADS C:\ProgramData\Temp:A6F3094D deleted successfully.
ADS C:\ProgramData\Temp:A6D6E537 deleted successfully.
ADS C:\ProgramData\Temp:C76CFF82 deleted successfully.
ADS C:\ProgramData\Temp:5CE91C67 deleted successfully.
ADS C:\ProgramData\Temp:A5241382 deleted successfully.
ADS C:\ProgramData\Temp:5080697C deleted successfully.
ADS C:\ProgramData\Temp:1B389835 deleted successfully.
ADS C:\ProgramData\Temp:C0A9B815 deleted successfully.
ADS C:\ProgramData\Temp:80EA2EA3 deleted successfully.
ADS C:\ProgramData\Temp:206470A5 deleted successfully.
ADS C:\ProgramData\Temp:6BFA43EB deleted successfully.
ADS C:\ProgramData\Temp:4A448DB2 deleted successfully.
ADS C:\ProgramData\Temp:CADE3CFB deleted successfully.
ADS C:\ProgramData\Temp:68B61847 deleted successfully.
ADS C:\ProgramData\Temp:61AF2B29 deleted successfully.
ADS C:\ProgramData\Temp:109734F6 deleted successfully.
ADS C:\ProgramData\Temp:08390D61 deleted successfully.
ADS C:\ProgramData\Temp:2BFCDF84 deleted successfully.
ADS C:\ProgramData\Temp:DD311F1E deleted successfully.
ADS C:\ProgramData\Temp:B741B2C2 deleted successfully.
ADS C:\ProgramData\Temp:5BBAFAAC deleted successfully.
ADS C:\ProgramData\Temp:7631EA83 deleted successfully.
ADS C:\ProgramData\Temp:6017A808 deleted successfully.
ADS C:\ProgramData\Temp:E411AA0D deleted successfully.
ADS C:\ProgramData\Temp:0353F880 deleted successfully.
ADS C:\ProgramData\Temp:CA0CE093 deleted successfully.
ADS C:\ProgramData\Temp:95DD2596 deleted successfully.
ADS C:\ProgramData\Temp:0C13C008 deleted successfully.
ADS C:\ProgramData\Temp:ED9B661E deleted successfully.
ADS C:\ProgramData\Temp:45912F61 deleted successfully.
ADS C:\ProgramData\Temp:FA3C0A0A deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\Temp:58D2A680 deleted successfully.
ADS C:\ProgramData\Temp:73C25840 deleted successfully.
ADS C:\ProgramData\Temp:7C60A173 deleted successfully.
ADS C:\ProgramData\Temp:CA4300C6 deleted successfully.
ADS C:\ProgramData\Temp:7F7562E0 deleted successfully.
ADS C:\ProgramData\Temp:BAC8C0F7 deleted successfully.
ADS C:\ProgramData\Temp:B3A1E064 deleted successfully.
ADS C:\ProgramData\Temp:8BB2EC84 deleted successfully.
ADS C:\ProgramData\Temp:4303A637 deleted successfully.
ADS C:\ProgramData\Temp:99F81364 deleted successfully.
ADS C:\ProgramData\Temp:AABCC5A7 deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 07172013_090557

#9
tjones813

Posted 17 July 2013 - 07:37 AM

Member

Topic Starter
Member
10 posts

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.17.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Tracy :: HOME-PC [administrator]

7/17/2013 9:29:00 AM
mbam-log-2013-07-17 (09-29-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231191
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10
maliprog

Posted 17 July 2013 - 11:02 PM

Trusted Helper

Malware Removal
6,172 posts

Hi tjones813,

How is your system now? Any improvements?

#11
tjones813

Posted 18 July 2013 - 10:10 AM

Member

Topic Starter
Member
10 posts

It seems to be running a little faster.

#12
tjones813

Posted 18 July 2013 - 12:24 PM

Member

Topic Starter
Member
10 posts

Did I have something on my system?

#13
maliprog

Posted 18 July 2013 - 11:18 PM

Trusted Helper

Malware Removal
6,172 posts

Hi tjones813,

Yes you did. We removed it now. Let's try to speed your PC for a little bit more. Let me know results after this two steps.

Step 1

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

Run the tool and it will disable all unnecessary sturtup entries.
Click on Continue button to save changes.

Step 2

Download and run Puran Disc Defragmenter

NOTE: If it ask you to install and toolbar or any other software Skip the offer

Click on Boot Time Defrag button and choose Restart-Defrag-Restart

Posted Image

#14
tjones813

Posted 19 July 2013 - 09:18 AM

Member

Topic Starter
Member
10 posts

Running much faster.

#15
maliprog

Posted 21 July 2013 - 11:01 PM

Trusted Helper

Malware Removal
6,172 posts

Hi tjones813,

Glad to hear that. Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Commands
[purity]
[emptytemp]
[resethosts]
[clearallrestorepoints]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.