OTL logfile created on: 5/16/2011 9:55:26 PM - Run 7
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Lauren\Desktop\Computer Maintainence
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 20.16 Gb Free Space | 18.07% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 15.32 Gb Free Space | 13.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LAUREN-PC
Current User Name: Lauren
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2011/04/30 21:02:23 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2011/02/23 09:16:28 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/02/15 01:00:00 | 002,068,832 | ---- | M] (Cerulean Studios) -- C:\Program Files\TrillianAstra\Trillian\trillian.exe
PRC - [2011/02/13 14:20:14 | 000,325,000 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010/09/21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010/09/18 17:13:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Desktop\Computer Maintainence\OTL.exe
PRC - [2010/08/25 20:45:38 | 000,179,224 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2010/07/20 09:34:11 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/05/06 20:09:06 | 000,415,638 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2010/05/06 19:59:36 | 000,516,216 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2009/10/26 01:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 21:35:06 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/18 10:43:20 | 000,173,352 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/10 16:02:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/29 21:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008/06/13 15:52:52 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/11 12:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/14 19:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/14 19:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/05/12 17:28:04 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008/04/25 19:44:06 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/04/06 23:42:36 | 000,034,040 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/04/06 23:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/04 04:03:14 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 13:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007/12/06 18:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/09/26 18:05:58 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
========== Modules (SafeList) ========== MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/09/18 17:13:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Desktop\Computer Maintainence\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/01/20 20:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/22 07:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011/02/18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/08/16 18:00:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/20 09:34:11 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/03/17 22:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/17 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/05/14 19:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/04/06 23:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/04 04:03:14 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 13:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/20 20:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007/12/06 18:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lauren\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/08/25 20:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/11/30 21:54:33 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/01 15:16:38 | 000,388,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2008/06/13 19:10:08 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/14 19:05:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/05/14 19:05:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/05/14 19:05:42 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/05/02 17:27:48 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/04/25 12:08:42 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/21 11:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/11 21:02:32 | 000,061,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/02/29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/21 03:55:00 | 000,299,008 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/01/30 19:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 19:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/20 20:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:32:49 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/01/20 20:32:48 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/20 20:32:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/20 20:32:48 | 000,521,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2008/01/20 20:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:32:48 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 20:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/20 20:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007/02/26 18:15:22 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/02/10 23:02:26 | 000,014,720 | ---- | M] (Redcl0ud) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xbcd.sys -- (XBCD+)
DRV - [2006/11/02 23:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...9&m=aspire_5335 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Lauren-PC_Guest\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://homepage.acer...9&m=aspire_5335IE - HKU\Lauren-PC_Guest\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Lauren-PC_Guest\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...9&m=aspire_5335IE - HKU\Lauren-PC_Guest\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/IE - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://www.msn.com/"FF - prefs.js..extensions.enabledItems: {89c9e067-2605-4f75-a608-f6ea31c9d085}:2.0.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - HKLM\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\PROGRAM FILES\Mozilla Firefox\components [2010/12/07 23:33:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\PROGRAM FILES\Mozilla Firefox\plugins [2011/04/23 11:26:20 | 000,000,000 | ---D | M]
[2009/07/11 01:53:33 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions
[2009/07/11 01:53:33 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions\
[email protected][2009/04/23 00:22:59 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions\
[email protected][2011/05/10 00:01:03 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions
[2011/02/27 10:01:35 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/05/08 20:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/07 22:22:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(68)
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/02/27 10:01:35 | 000,000,000 | ---D | M] (FFXI Helper) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{89c9e067-2605-4f75-a608-f6ea31c9d085}
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{89c9e067-2605-4f75-a608-f6ea31c9d087}
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/05/08 20:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/07 22:58:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(69)
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\eastasian@eunheui
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\
[email protected][2011/02/19 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\
[email protected][2011/02/19 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\
[email protected][2011/02/19 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\
[email protected]\__MACOSX
[2011/02/19 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\
[email protected]\chrome
[2011/02/15 21:56:34 | 000,002,556 | ---- | M] () -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\searchplugins\askcom.xml
[2011/03/23 23:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/27 09:47:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/23 23:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2011/02/23 00:06:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File not found
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\Lauren-PC_Guest\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKU\Lauren-PC_Guest..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Lauren-PC_Guest..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Lauren-PC_Guest\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3761143489-4144888808-3294341120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\Lauren-PC_Guest\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\Lauren-PC_Guest\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: D:\Pictures\Avatars\Victorian_Grunge_Wallpaper_by_Taboon1.jpg
O24 - Desktop BackupWallPaper: D:\Pictures\Avatars\Victorian_Grunge_Wallpaper_by_Taboon1.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2011/05/15 22:59:34 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\Acer Arcade Deluxe
[2011/05/08 21:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/05/06 09:13:08 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\Apple
[2011/05/05 15:02:09 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\Apple Computer
[2011/05/05 12:00:53 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\Adobe
[2011/04/26 22:07:57 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/26 22:07:55 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/26 22:06:52 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/24 21:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/04/22 14:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/22 14:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/22 14:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/01/06 19:43:08 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[5 C:\Users\Lauren\Desktop\*.tmp files -> C:\Users\Lauren\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/05/16 22:01:14 | 005,505,024 | -HS- | M] () -- C:\Users\Lauren\ntuser.dat
[2011/05/16 21:12:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 21:10:14 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 21:10:14 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 21:07:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3761143489-4144888808-3294341120-1000Core.job
[2011/05/16 21:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3761143489-4144888808-3294341120-1000UA.job
[2011/05/16 12:58:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/16 02:12:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/15 23:19:42 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011/05/15 23:19:42 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/15 23:19:42 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/15 23:10:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/05/15 23:10:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/05/15 23:09:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 23:09:53 | 2070,843,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/15 23:08:51 | 000,524,288 | -HS- | M] () -- C:\Users\Lauren\ntuser.dat{c9cb21ae-7928-11e0-98d0-001d72f0e0e1}.TMContainer00000000000000000001.regtrans-ms
[2011/05/15 23:08:51 | 000,065,536 | -HS- | M] () -- C:\Users\Lauren\ntuser.dat{c9cb21ae-7928-11e0-98d0-001d72f0e0e1}.TM.blf
[2011/05/13 17:02:43 | 003,639,225 | -H-- | M] () -- C:\Users\Lauren\AppData\Local\IconCache.db
[2011/05/13 00:03:18 | 000,002,051 | ---- | M] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/05/12 15:54:49 | 000,002,051 | ---- | M] () -- C:\Users\Lauren\Desktop\Google Chrome.lnk
[2011/05/12 15:54:49 | 000,002,013 | ---- | M] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/12 15:49:51 | 000,001,752 | ---- | M] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/08 20:46:09 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/08 20:45:24 | 000,524,288 | -HS- | M] () -- C:\Users\Lauren\ntuser.dat{c9cb21ae-7928-11e0-98d0-001d72f0e0e1}.TMContainer00000000000000000002.regtrans-ms
[2011/05/08 20:33:20 | 000,524,288 | -HS- | M] () -- C:\Users\Lauren\ntuser.dat{f8c7c0bf-3c30-11e0-afb4-c0e961b0486b}.TMContainer00000000000000000001.regtrans-ms
[2011/05/08 20:33:20 | 000,065,536 | -HS- | M] () -- C:\Users\Lauren\ntuser.dat{f8c7c0bf-3c30-11e0-afb4-c0e961b0486b}.TM.blf
[2011/05/02 19:24:25 | 000,079,360 | -H-- | M] () -- C:\Users\Lauren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/28 21:40:14 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2011/04/27 19:04:13 | 003,089,913 | ---- | M] () -- C:\Users\Lauren\Documents\LoaderBackup-(2011-04-27).ipd
[2011/04/23 11:27:27 | 000,001,668 | ---- | M] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/22 14:43:16 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[5 C:\Users\Lauren\Desktop\*.tmp files -> C:\Users\Lauren\Desktop\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/05/13 00:03:18 | 000,002,051 | ---- | C] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/05/12 15:54:49 | 000,002,051 | ---- | C] () -- C:\Users\Lauren\Desktop\Google Chrome.lnk
[2011/05/12 15:54:49 | 000,002,013 | ---- | C] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/12 15:49:51 | 000,001,752 | ---- | C] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/08 20:40:41 | 000,524,288 | -HS- | C] () -- C:\Users\Lauren\ntuser.dat{c9cb21ae-7928-11e0-98d0-001d72f0e0e1}.TMContainer00000000000000000002.regtrans-ms
[2011/05/08 20:40:41 | 000,524,288 | -HS- | C] () -- C:\Users\Lauren\ntuser.dat{c9cb21ae-7928-11e0-98d0-001d72f0e0e1}.TMContainer00000000000000000001.regtrans-ms
[2011/05/08 20:40:41 | 000,065,536 | -HS- | C] () -- C:\Users\Lauren\ntuser.dat{c9cb21ae-7928-11e0-98d0-001d72f0e0e1}.TM.blf
[2011/04/27 19:04:13 | 003,089,913 | ---- | C] () -- C:\Users\Lauren\Documents\LoaderBackup-(2011-04-27).ipd
[2011/04/23 11:27:27 | 000,001,668 | ---- | C] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/22 14:43:16 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/04 22:24:17 | 000,000,231 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\Rim.Desktop.Exception.log
[2011/01/04 22:22:30 | 000,003,343 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/07/27 09:24:54 | 000,323,584 | ---- | C] () -- C:\Windows\System32\FoxImager.dll
[2009/10/15 23:58:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/07 19:21:12 | 000,015,235 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\UserTile.png
[2009/09/11 02:18:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/22 21:17:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/10 15:41:55 | 000,003,534 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/02 18:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/17 17:16:21 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/07 02:58:50 | 000,007,052 | ---- | C] () -- C:\Users\Lauren\AppData\Local\d3d9caps.dat
[2009/03/31 19:39:07 | 000,002,990 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/03/31 19:02:45 | 000,079,360 | -H-- | C] () -- C:\Users\Lauren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/30 20:15:48 | 000,000,031 | ---- | C] () -- C:\Windows\wininit.ini
[2009/01/06 19:28:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2009/01/06 19:02:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2009/01/06 18:59:59 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/01/06 18:59:59 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/01/06 18:58:24 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/09/12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/05/14 23:50:47 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/05/14 23:47:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/05/14 23:47:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/05/14 06:48:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/14 06:48:14 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/05/14 06:48:14 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/05/14 06:48:13 | 000,000,045 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
========== LOP Check ========== [2008/05/14 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/05/14 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009/07/15 15:54:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Acer
[2008/05/14 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Acer GameZone Console
[2009/07/15 15:54:40 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Leadertech
[2009/10/25 10:29:46 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PowerCinema
[2009/10/25 10:42:09 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Trillian
[2009/03/30 21:36:50 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Acer
[2008/05/14 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Acer GameZone Console
[2010/03/07 11:24:01 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Auslogics
[2011/05/05 11:59:03 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\BitTorrent
[2009/11/13 22:29:35 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Canneverbe_Limited
[2009/04/19 14:11:12 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\FloodLightGames
[2009/04/17 18:32:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\IObit
[2009/03/30 21:36:44 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Leadertech
[2009/12/18 23:21:32 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\LimeWire
[2010/10/17 16:16:10 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\NCH Swift Sound
[2009/09/01 01:50:13 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Opera
[2009/10/07 19:21:11 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\PeerNetworking
[2009/08/10 16:37:50 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\PowerCinema
[2009/07/01 22:10:30 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Red Rune Software
[2011/01/04 22:24:31 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Research In Motion
[2009/07/15 21:12:20 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\SecondLife
[2009/10/07 18:27:01 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Trillian
[2009/08/11 00:39:55 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\VistaCodecs
[2011/01/24 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\WeatherBug
[2011/02/27 09:53:36 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\WinPatrol
[2009/10/25 10:49:04 | 000,000,000 | ---D | M] -- C:\Users\Lauren2\AppData\Roaming\Acer
[2008/05/14 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Lauren2\AppData\Roaming\Acer GameZone Console
[2009/10/25 10:48:45 | 000,000,000 | ---D | M] -- C:\Users\Lauren2\AppData\Roaming\Leadertech
[2009/10/25 10:48:46 | 000,000,000 | ---D | M] -- C:\Users\Lauren2\AppData\Roaming\PowerCinema
[2011/05/13 17:03:48 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 20:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >[2008/01/20 20:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 20:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 20:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/20 20:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 20:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 20:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 20:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/11/30 11:40:32 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/11/30 11:40:32 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/11/30 11:40:32 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES\Mozilla Firefox\firefox.exe [2009/11/30 11:40:21 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES\Mozilla Firefox\firefox.exe" -preferences [2009/11/30 11:40:21 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES\Mozilla Firefox\firefox.exe" -safe-mode [2009/11/30 11:40:21 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/14 07:09:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/14 07:09:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/14 07:09:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/14 07:09:36 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/04/14 07:09:36 | 000,748,336 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/11/30 11:40:32 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/11/30 11:40:32 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/11/30 11:40:32 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES\Mozilla Firefox\firefox.exe [2009/11/30 11:40:21 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES\Mozilla Firefox\firefox.exe" -preferences [2009/11/30 11:40:21 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES\Mozilla Firefox\firefox.exe" -safe-mode [2009/11/30 11:40:21 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/14 07:09:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/14 07:09:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/14 07:09:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/14 07:09:36 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/04/14 07:09:36 | 000,748,336 | ---- | M] (Microsoft Corporation)
========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:193426B4
< End of report >
OTL Extras logfile created on: 5/16/2011 9:55:26 PM - Run 7
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Lauren\Desktop\Computer Maintainence
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 20.16 Gb Free Space | 18.07% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 15.32 Gb Free Space | 13.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LAUREN-PC
Current User Name: Lauren
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\PROGRAM FILES\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3761143489-4144888808-3294341120-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\PROGRAM FILES\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\PROGRAM FILES\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078766F6-3D68-4F9B-934D-941B1DD0F2AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{166FD88E-808B-49CD-A67B-ACF804E6348B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{17C2957C-87B9-4C30-A228-DCEC96626C62}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18B89CA5-DC61-4100-BF36-219542DF3547}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1E7C7BE3-7ECE-4961-93B1-14E0CCDA2480}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1F99B413-0035-44F0-905F-9983C50D1344}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{22526858-EBAA-46A5-A60C-2A2613359FC0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{254843B6-EC10-4623-88A1-21D969060736}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{3F5D5CFD-1503-443E-847A-7C15F34B990F}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{4135F265-A81C-4046-859F-A1ED1BB5E7D2}" = lport=138 | protocol=17 | dir=in | app=system |
"{4B94E159-740E-4320-B9A1-74C2F5DF6D6C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4CD44403-02B6-46FC-B655-1BE1302FCE85}" = rport=137 | protocol=17 | dir=out | app=system |
"{4DFEE1C8-8F91-4E1C-9BD5-2D77D2FBC1E0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4E2D98B1-E130-4A2A-8353-A9B8BC4C9BC5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F77BC55-8C14-4053-A133-D25EF28B5DC3}" = rport=445 | protocol=6 | dir=out | app=system |
"{53A468E6-D1AB-4BE1-BC72-1C2BE8E9AE78}" = lport=445 | protocol=6 | dir=in | app=system |
"{5814E543-B9E3-4709-8A65-DADEA3DBBC87}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{5FB6D2C2-9F92-47EB-A071-3C6A4E7A45CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69F72B2F-1D66-4BAF-AA15-2477309FFA3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{74F6A1C9-E0F5-459C-B651-D030E073A487}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C993E7E-BCD3-4B01-96EE-CE99F94148B7}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{7D5F880D-0B46-4D05-9579-99DBAEEE5DFC}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{7E3BA4D9-1B7B-4DB9-AC11-EF45F5BEFD2F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{88118C52-7C61-4335-860C-B2CD5A129EF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{88882644-1908-491C-847E-7CDC2DA5FC6E}" = lport=139 | protocol=6 | dir=in | app=system |
"{8CE8E16B-EED8-44F7-AD88-DB62D8699A21}" = rport=139 | protocol=6 | dir=out | app=system |
"{9E7E6C01-BB54-48BA-9DD4-F25819955275}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0A579FD-9B4C-45F7-A053-4005F3B06B73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF17FE27-0F92-42D7-BB9C-9017CFCE5778}" = lport=137 | protocol=17 | dir=in | app=system |
"{B9CE07FB-2908-4316-9B4E-03DB5D38615A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CCA50B31-C243-4AD9-8FB4-9BDF52C0A478}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{CEFE3890-DA2D-4347-9D1F-644DEAAAAB72}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D23F3183-8299-476A-9BC0-848291EFAC62}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E10E8B5E-A7FA-48F5-944A-7F1E50C75615}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E796B7E9-16ED-4B83-8C97-5A6EDBF08EAB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EF97EB82-BAD5-407D-B82C-81A4E7A8CA07}" = rport=138 | protocol=17 | dir=out | app=system |
"{F02A1405-4A80-45D1-B44B-FEA367F31305}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F04C55-6B4C-43AB-A6D6-302F09A2EC80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{061EB00E-465F-4C2A-8602-0989A9EB942D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{08869828-FBB1-4BA9-B648-47B053F9F774}" = protocol=58 | dir=in |
[email protected],-28545 |
"{0C5F0186-D665-4F21-BD90-574522A58528}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10DA1F60-F0D9-47A0-83CF-35B844A648FB}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{11EC6CBF-AF90-435F-9039-A25C3BC7B0FA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{14A8BFAE-32A0-4FF3-A2F5-8E36C145A138}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{1794FF55-8334-4B75-AA9A-3932D6A778D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{18E5142B-260D-4EFA-8050-08DF9FB7844A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{18F84A0D-2545-49B5-84E8-E8B782DFE06A}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1954D06A-70BE-4083-A72D-81F91AFC7029}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{19D9964B-FA4F-4A67-A0B7-9BD330EBB1D1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1D206656-E269-4C3E-A26E-D94A117BB71E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{1DCFC2B7-2823-43F3-A1E6-FC9B7A68EF40}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{2346DB84-4DC5-4346-86C4-0B0DFA48234D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{238AC526-EA37-4C5E-BD21-C40007D9DF0F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{249E180A-4120-4E60-BDA5-EBDC6E7BCBDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{27480808-AC70-4095-8647-9F9FE9589456}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{2B60A6D4-D3F1-4A3B-8425-37931FDC1004}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{2B96FE96-251A-4DAB-904E-9BFAF0F46EB3}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{30FDCCDD-ED59-4293-AC2D-BE8225307FA2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{31698DBD-5CB6-46AD-9542-70BB526FE25A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{38ADA3D8-7DF2-44D6-A375-21ACC214140E}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{390A861B-F0DA-4C2E-B034-5AD19FDBEADB}" = protocol=1 | dir=out |
[email protected],-28544 |
"{3E14A432-0D12-40F1-A325-D652791133CC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{46CF3DE6-7CED-455F-BF34-3CB090160DC7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{490FB9C0-88F6-4D47-9D5F-61A16D848147}" = protocol=1 | dir=in |
[email protected],-28543 |
"{49F5BEA9-E966-442A-8017-C41A82ADCAF8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{50AC5A95-6595-4047-9032-2AF19D70E8C7}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{51E45692-7BBD-42EE-9B79-F161D2580145}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{547CCB09-6FFD-46C9-9298-4083E5018D18}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{55E33D24-517D-4B4A-872E-45AEE8001FCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66B6E957-A9CB-4F9D-BDA2-F3BF8BED2709}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{76DC0B3F-C13D-4577-AB56-0A1067E99BBD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{79C06551-1479-487B-BDC7-D6B50ED46F5A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{7D46DBAE-3F8A-4FED-A156-CC8102105AA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7EDAF3CA-96AA-4548-8910-931651F07191}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{83872E3B-59D8-4D5E-A010-3268E920390C}" = protocol=58 | dir=out |
[email protected],-28546 |
"{843A2515-75E5-43B9-A121-37CA3A716265}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{9757E8EB-4726-419A-840D-8142ABA407DC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{9AAC521E-278C-470D-9755-3E2B45AEE29F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9F920AB7-375E-4BA6-9C46-3C5709FEF058}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{A3A1C6E2-E91B-45A0-AB1E-DCBB48F66140}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A3C023BB-5F18-494D-AF9E-91B4DF434B39}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{A6357773-5F57-4B6A-8110-50F8DD0FE46C}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{A65026D8-2076-414D-9DDA-DFB9BE439339}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6B503EE-00DA-41D8-81F9-0F6C7C0CAB5C}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{AA7C73A0-EA34-421C-9A02-C4D8F518A848}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC3D0DC5-728C-41FE-9016-067D2DC68F64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACD9D790-55F4-42E0-9C4A-334295A00575}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{B39A49E9-AADB-4276-A93B-4A234B3D69D2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B6263C90-B011-42AE-A4CD-A7E338C8A773}" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"{B756C795-CA0A-478E-8AC2-9C0520C20DD9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{BA88D14D-BE54-4F48-B3F1-31DB3E3D3CBC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C363C8E6-2BB3-4A59-B221-7640DD2F6609}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C440B538-21A8-4860-9EA7-0FF7F6CC79F2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D0B41EFB-A7DC-4AB3-B75D-C35DC3859AF9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{D75970BD-036C-491C-99FD-1448D406D178}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{DAB94F21-6694-4F69-BBE3-DDD91C785EF6}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E1B27889-CAF0-445F-9F99-495A25E31047}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E33F187D-7E96-438E-B3FA-4620C8176E37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E655CDA7-308B-42D5-B913-72B7B42A086D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E6D5280C-2544-450D-A880-50DA828A30BF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{E7311DF9-1D8B-4369-A57E-82D249C73560}" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"{EABE284A-E223-4CF9-B0D4-1FB93A4E76BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EC4DFE77-4D0B-4D54-B42E-4CD171FDC5FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EFBA1C45-C917-4198-A96E-5F736F4402C3}" = protocol=6 | dir=out | app=system |
"{EFD8CCF8-A889-4C3F-AE64-2876A3905134}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F158F2D0-605A-4BD0-A632-7B1567DE160F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FEB73B1A-1A2C-4AAE-8618-67D5B4800700}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{FEE3C7B0-8A3C-4E7C-8F61-00303F837710}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"TCP Query User{12322479-A9E6-4C81-9DC0-6A0223DC0F96}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{20C1D4FA-8349-4D7F-B90F-15840E0EEF6B}C:\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\ffxi\squareenix\playonlineviewer\pol.exe |
"TCP Query User{2F851189-43CE-4940-95E2-72D0D3DE5C6D}D:\secondlife\slvoice.exe" = protocol=6 | dir=in | app=d:\secondlife\slvoice.exe |
"TCP Query User{3111CE0F-72DC-427C-B053-62ECDE8F39EF}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{31A48128-0B3A-476C-B15F-2A55FE843745}C:\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\ffxi\squareenix\playonlineviewer\pol.exe |
"TCP Query User{376CADA5-52BF-43B2-8F3C-0F4CD4581A2C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{583B76FB-AB2B-4A91-BE3B-C77DEAAAB2D3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{65EEDAB4-F5B2-45EC-A6ED-AEEA79BA41CE}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{81B0FDDF-95B5-48FA-A14A-3FCDEC8A0911}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{C8E71681-12B3-4645-8A82-3B9F23C40A14}C:\program files\trillianastra\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillianastra\trillian\trillian.exe |
"TCP Query User{CA267B40-C7B2-453A-BE00-649C8848C445}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{CC70C5CD-8333-4E80-806E-75B542ADC160}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{CF52282F-59B3-454B-8999-620529398325}C:\program files\trillianastra\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillianastra\trillian\trillian.exe |
"TCP Query User{DEB46F0D-0ACF-4DFB-9C92-B4C35F48C150}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{FD38AB49-107F-4478-BC5B-1300E8F895B1}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{0AD9D2F8-389F-4D03-9034-E0347A90A504}C:\program files\trillianastra\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillianastra\trillian\trillian.exe |
"UDP Query User{2659ACA7-0A43-42F9-9F16-32B86C4E0EC9}C:\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\ffxi\squareenix\playonlineviewer\pol.exe |
"UDP Query User{273BC786-1E40-44DA-8365-CBD5B1EB40A0}D:\secondlife\slvoice.exe" = protocol=17 | dir=in | app=d:\secondlife\slvoice.exe |
"UDP Query User{3079C929-9517-49EA-BCBF-C83274DBCC4D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3D3C6EE5-72E1-40CF-AD22-A7F6F46B1D64}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{454973D3-EBA7-4720-8E17-A9C1B776DE8F}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{56B6CECF-FAD2-44F8-BE95-E49D6711A0F7}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{7098100E-F943-4F19-A9AC-F0C5776F9D7D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{77BB2F05-1F19-48DA-803F-FD73D2910BCF}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{787CEC5D-6C1D-4CF5-9479-0D3F05A46DD9}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{7A34DADD-D152-482E-B125-9EF8FAB06DFB}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{85A62BDD-81AE-4D4F-AA0C-6B824853518D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B29BC020-94FB-4866-8390-FBB1E671BDC0}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{E55EB170-4A16-492F-BB87-C460FE037B04}C:\program files\trillianastra\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillianastra\trillian\trillian.exe |
"UDP Query User{FD13E9AD-397D-451F-A514-8D054DDFCC2B}C:\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\ffxi\squareenix\playonlineviewer\pol.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 24
"{2F672CD1-E546-49FB-AB44-A6340F79E216}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9800 smartphone
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5C47953E-BE36-482C-B77B-55E7E6A8581A}" = Exotic Keeper's Record
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.9.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5874895-A35A-4EF9-8720-8FA946AF842F}_is1" = 1.28
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDE773CD-9201-4655-87F3-4E051860D47D}" = Ralink Wireless LAN Installation Program for VISTA v2.0.8.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Autorun Eater_is1" = Autorun Eater v2.5
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD43_is1" = DVD43 v4.6.0
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"Guild Wars" = Guild Wars
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Revo Uninstaller" = Revo Uninstaller 1.92
"SignGATE EWS" = SignGATE EWS v3.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"Unlocker" = Unlocker 1.8.8
"VobSub" = VobSub v2.23 (Remove Only)
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"XBCD+" = XBCD+
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
"Zoo Tycoon 2" = Zoo Tycoon 2 Endangered Species
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3761143489-4144888808-3294341120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2
========== Last 10 Event Log Errors ========== [ Antivirus Events ]
Error - 7/30/2009 1:09:12 AM | Computer Name = Lauren-PC | Source = avast! | ID = 33554522
Description =
Error - 7/30/2009 1:33:09 AM | Computer Name = Lauren-PC | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 5/9/2011 12:17:47 AM | Computer Name = Lauren-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 5/9/2011 12:22:03 AM | Computer Name = Lauren-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 5/10/2011 1:47:53 AM | Computer Name = Lauren-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 14b0 Start Time: 01cc0ea4c09cf351 Termination Time: 64
Error - 5/12/2011 5:46:50 PM | Computer Name = Lauren-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 17b0 Start Time: 01cc10a451baa2a1 Termination Time: 71
Error - 5/13/2011 3:49:10 AM | Computer Name = Lauren-PC | Source = VSS | ID = 12297
Description =
Error - 5/13/2011 7:03:11 PM | Computer Name = Lauren-PC | Source = MsiInstaller | ID = 11719
Description =
Error - 5/13/2011 11:48:23 PM | Computer Name = Lauren-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/14/2011 12:40:00 AM | Computer Name = Lauren-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: dcc Start Time: 01cc11f08137f8a8 Termination Time: 39
Error - 5/14/2011 12:59:35 AM | Computer Name = Lauren-PC | Source = Application Error | ID = 1000
Description = Faulting application WinPatrol.exe, version 20.0.2011.0, time stamp
0x4d583cc5, faulting module RPCRT4.dll, version 6.0.6002.18024, time stamp 0x49f05bcc,
exception code 0xc0000005, fault offset 0x0005895d, process id 0xf7c, application
start time 0x01cc11e9caac85c8.
Error - 5/16/2011 1:10:30 AM | Computer Name = Lauren-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 5/15/2011 1:24:54 AM | Computer Name = Lauren-PC | Source = DCOM | ID = 10010
Description =
Error - 5/15/2011 7:46:38 PM | Computer Name = Lauren-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.4 for the Network Card with network
address 00242B33B5CD has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 5/15/2011 7:46:37 PM | Computer Name = Lauren-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.4
with the system having network hardware address 1C-65-9D-3C-52-24. Network operations
on this system may be disrupted as a result.
Error - 5/16/2011 1:09:44 AM | Computer Name = Lauren-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 5/16/2011 1:10:09 AM | Computer Name = Lauren-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:08:33 PM on 5/15/2011 was unexpected.
Error - 5/16/2011 1:09:51 AM | Computer Name = Lauren-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 5/16/2011 1:10:11 AM | Computer Name = Lauren-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 5/16/2011 1:10:32 AM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 5/16/2011 1:10:32 AM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 5/16/2011 1:10:40 AM | Computer Name = Lauren-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.3. The computer with the IP address 192.168.0.6 did not
allow the name to be claimed by this computer.
< End of report >
GMER 1.0.15.15627 -
http://www.gmer.netRootkit scan 2011-05-17 07:23:39
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-22ZCT0 rev.11.01A11
Running: gmer.exe; Driver: C:\Users\Lauren\AppData\Local\Temp\kgdirpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DFA39CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DFA5EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DFA5F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DFA601A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DFA5E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8DFA5F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DFA5E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DFA5FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DFA39EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DFA37B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DFA3A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DFA6412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DFA44AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DFA5EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DFA5F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DFA6044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DFA5E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DFA5F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DFA5E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DFA5FF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DFA4370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DFA3A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DFA3A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DFA3812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DFA394E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DFA392A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DFA3972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DFA3A7E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E4F08DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 832C9890 4 Bytes [CA, 39, FA, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1D1 832C9954 8 Bytes [AC, 5E, FA, 8D, 04, 5F, FA, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 832C9960 4 Bytes [1A, 60, FA, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1F5 832C9978 4 Bytes [02, 5E, FA, 8D]
.text ntkrnlpa.exe!KeSetEvent + 215 832C9998 8 Bytes [54, 5F, FA, 8D, 56, 5E, FA, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 833F45C7 5 Bytes JMP 8E4EC29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 8344D4F3 5 Bytes JMP 8E4EDD38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 83456E18 4 Bytes CALL 8DFA4E3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8345AA8C 4 Bytes CALL 8DFA4E51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 834AEDAE 7 Bytes JMP 8E4F08E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xAE72E41C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xAE72F000, 0x1000, 0xE0000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000700A8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000700E4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00070120
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00070030
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0007006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0008006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000800A8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000801D4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000800E4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00080120
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0008015C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00080198
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[444] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00080030
.text C:\Windows\system32\agrsmsvc.exe[464] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00080030
.text C:\Windows\system32\agrsmsvc.exe[464] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0008006C
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000A006C
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000A00A8
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000A01D4
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000A00E4
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000A0120
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000A015C
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000A0198
.text C:\Windows\system32\agrsmsvc.exe[464] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000A0030
.text C:\Windows\system32\agrsmsvc.exe[464] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000C00A8
.text C:\Windows\system32\agrsmsvc.exe[464] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000C00E4
.text C:\Windows\system32\agrsmsvc.exe[464] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000C0120
.text C:\Windows\system32\agrsmsvc.exe[464] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000C0030
.text C:\Windows\system32\agrsmsvc.exe[464] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000C006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[508] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Program Files\Bonjour\mDNSResponder.exe[528] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00140030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0014006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0016006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001600A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001601D4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001600E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00160120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0016015C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00160198
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00160030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[540] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Windows\system32\wininit.exe[592] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00030030
.text C:\Windows\system32\wininit.exe[592] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0003006C
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00050120
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0005015C
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00050198
.text C:\Windows\system32\wininit.exe[592] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00050030
.text C:\Windows\system32\wininit.exe[592] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000600A8
.text C:\Windows\system32\wininit.exe[592] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\wininit.exe[592] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00060120
.text C:\Windows\system32\wininit.exe[592] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\wininit.exe[592] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0006006C
.text C:\Windows\system32\winlogon.exe[632] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00030030
.text C:\Windows\system32\winlogon.exe[632] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0003006C
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00050120
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0005015C
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00050198
.text C:\Windows\system32\winlogon.exe[632] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00050030
.text C:\Windows\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000600A8
.text C:\Windows\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\winlogon.exe[632] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00060120
.text C:\Windows\system32\winlogon.exe[632] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\winlogon.exe[632] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0006006C
.text C:\Windows\system32\services.exe[680] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\services.exe[680] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\services.exe[680] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\services.exe[680] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\services.exe[680] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\services.exe[680] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\services.exe[680] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\services.exe[680] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\lsass.exe[692] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\lsass.exe[692] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\lsass.exe[692] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\lsass.exe[692] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\lsass.exe[692] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\lsass.exe[692] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\lsass.exe[692] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\lsass.exe[692] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00140030
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0014006C
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0016006C
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001600A8
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001601D4
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001600E4
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00160120
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0016015C
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00160198
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00160030
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[696] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Windows\system32\lsm.exe[700] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00090030
.text C:\Windows\system32\lsm.exe[700] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0009006C
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\lsm.exe[700] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\igfxext.exe[828] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Windows\system32\igfxext.exe[828] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\igfxext.exe[828] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Windows\system32\igfxext.exe[828] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Windows\system32\igfxext.exe[828] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Windows\system32\igfxext.exe[828] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Windows\system32\igfxext.exe[828] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Windows\system32\igfxext.exe[828] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[864] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 003100A8
.text C:\Windows\system32\svchost.exe[864] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 003100E4
.text C:\Windows\system32\svchost.exe[864] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00310120
.text C:\Windows\system32\svchost.exe[864] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00310030
.text C:\Windows\system32\svchost.exe[864] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0031006C
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00090030
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0009006C
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\svchost.exe[968] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001900A8
.text C:\Windows\system32\svchost.exe[968] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001900E4
.text C:\Windows\system32\svchost.exe[968] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00190120
.text C:\Windows\system32\svchost.exe[968] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00190030
.text C:\Windows\system32\svchost.exe[968] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0019006C
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00090030
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0009006C
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 009A00A8
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 009A00E4
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 009A0120
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 009A0030
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 009A006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1072] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Windows\System32\svchost.exe[1092] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00090030
.text C:\Windows\System32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0009006C
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00A400A8
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00A400E4
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00A40120
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00A40030
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 00A4006C
.text C:\Program Files\Autorun Eater\billy.exe[1124] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Autorun Eater\billy.exe[1124] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 003F006C
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 003F00A8
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 003F01D4
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 003F00E4
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 003F0120
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 003F015C
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 003F0198
.text C:\Program Files\Autorun Eater\billy.exe[1124] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 003F0030
.text C:\Program Files\Autorun Eater\billy.exe[1124] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 008C00A8
.text C:\Program Files\Autorun Eater\billy.exe[1124] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 008C00E4
.text C:\Program Files\Autorun Eater\billy.exe[1124] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 008C0120
.text C:\Program Files\Autorun Eater\billy.exe[1124] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 008C0030
.text C:\Program Files\Autorun Eater\billy.exe[1124] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 008C006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00040030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0004006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0006006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000600A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000601D4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000600E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00060120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0006015C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00060198
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00060030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000700A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000700E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00070120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00070030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1128] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1164] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1164] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWindowsHookExA 760A6322 3 Bytes JMP 009600A8
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWindowsHookExA + 4 760A6326 1 Byte [8A]
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWindowsHookExW 760A87AD 3 Bytes JMP 009600E4
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWindowsHookExW + 4 760A87B1 1 Byte [8A]
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00960120
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWinEventHook 760A9F3A 3 Bytes JMP 00960030
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWinEventHook + 4 760A9F3E 1 Byte [8A]
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0096006C
.text C:\Windows\system32\svchost.exe[1176] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 003C00A8
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 003C00E4
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 003C0120
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 003C0030
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 003C006C
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1312] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1312] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002400A8
.text C:\Windows\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002400E4
.text C:\Windows\system32\svchost.exe[1312] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00240120
.text C:\Windows\system32\svchost.exe[1312] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00240030
.text C:\Windows\system32\svchost.exe[1312] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0024006C
.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0008006C
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000800A8
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000801D4
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000800E4
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00080120
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0008015C
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00080198
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00080030
.text C:\Windows\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000E00A8
.text C:\Windows\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000E00E4
.text C:\Windows\system32\svchost.exe[1416] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000E0120
.text C:\Windows\system32\svchost.exe[1416] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000E0030
.text C:\Windows\system32\svchost.exe[1416] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000E006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001900A8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001900E4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00190120
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00190030
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0019006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 001A006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001A00A8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001A01D4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001A00E4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 001A0120
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 001A015C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 001A0198
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1444] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 001A0030
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1588] kernel32.dll!SetUnhandledExceptionFilter 7561A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\spoolsv.exe[1980] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Windows\System32\spoolsv.exe[1980] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Windows\System32\spoolsv.exe[1980] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Windows\System32\spoolsv.exe[1980] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Windows\System32\spoolsv.exe[1980] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Windows\system32\svchost.exe[2004] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2004] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002400A8
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002400E4
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00240120
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00240030
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0024006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2040] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Windows\System32\svchost.exe[2092] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[2092] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[2092] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00BC00A8
.text C:\Windows\System32\svchost.exe[2092] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00BC00E4
.text C:\Windows\System32\svchost.exe[2092] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00BC0120
.text C:\Windows\System32\svchost.exe[2092] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00BC0030
.text C:\Windows\System32\svchost.exe[2092] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 00BC006C
.text C:\Windows\System32\igfxpers.exe[2108] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Windows\System32\igfxpers.exe[2108] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Windows\System32\igfxpers.exe[2108] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Windows\System32\igfxpers.exe[2108] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Windows\System32\igfxpers.exe[2108] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Windows\System32\igfxpers.exe[2108] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Windows\System32\igfxpers.exe[2108] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0029006C
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002900A8
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002901D4
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002900E4
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00290120
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0029015C
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00290198
.text C:\Windows\System32\igfxpers.exe[2108] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00290030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0028006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002800A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002801D4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002800E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00280120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0028015C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00280198
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00280030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002900A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002900E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00290120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00290030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2128] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0029006C
.text C:\Windows\System32\hkcmd.exe[2200] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Windows\System32\hkcmd.exe[2200] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Windows\System32\hkcmd.exe[2200] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Windows\System32\hkcmd.exe[2200] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Windows\System32\hkcmd.exe[2200] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Windows\System32\hkcmd.exe[2200] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Windows\System32\hkcmd.exe[2200] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0019006C
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001900A8
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001901D4
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001900E4
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00190120
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0019015C
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00190198
.text C:\Windows\System32\hkcmd.exe[2200] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00190030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00140030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0014006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001600A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001600E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00160120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00160030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0016006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2260] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00140030
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0014006C
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0016006C
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001600A8
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001601D4
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001600E4
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00160120
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0016015C
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00160198
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00160030
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2272] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00090030
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0009006C
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000F00A8
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000F00E4
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000F0120
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000F0030
.text C:\Windows\system32\svchost.exe[2296] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000F006C
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002700A8
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002700E4
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00270120
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00270030
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0027006C
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0028006C
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002800A8
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002801D4
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002800E4
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00280120
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0028015C
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00280198
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2324] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00280030
.text C:\Windows\system32\svchost.exe[2352] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2352] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\igfxsrvc.exe[2368] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Windows\system32\igfxsrvc.exe[2368] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\igfxsrvc.exe[2368] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Windows\system32\igfxsrvc.exe[2368] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Windows\system32\igfxsrvc.exe[2368] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Windows\system32\igfxsrvc.exe[2368] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Windows\system32\igfxsrvc.exe[2368] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Windows\system32\igfxsrvc.exe[2368] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Windows\System32\svchost.exe[2384] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[2384] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[2384] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0009006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000900A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000901D4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000900E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00090120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0009015C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00090198
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00090030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000A00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000A00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000A0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000A0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2408] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000A006C
.text C:\Windows\system32\SearchIndexer.exe[2528] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\SearchIndexer.exe[2528] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\SearchIndexer.exe[2528] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\SearchIndexer.exe[2528] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\SearchIndexer.exe[2528] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\SearchIndexer.exe[2528] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\SearchIndexer.exe[2528] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\SearchIndexer.exe[2528] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00090030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0009006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 001B006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001B00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001B01D4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001B00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 001B0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 001B015C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 001B0198
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 001B0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001C00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001C00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 001C0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001C0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001C006C
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0097006C
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 009700A8
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 009701D4
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 009700E4
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00970120
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0097015C
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00970198
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00970030
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 009800A8
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 009800E4
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00980120
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00980030
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0098006C
.text C:\Windows\system32\Dwm.exe[3056] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\Dwm.exe[3056] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\Dwm.exe[3056] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\Dwm.exe[3056] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\Dwm.exe[3056] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\Dwm.exe[3056] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\Dwm.exe[3056] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\Dwm.exe[3056] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\igfxsrvc.exe[3076] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Windows\system32\igfxsrvc.exe[3076] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\igfxsrvc.exe[3076] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002800A8
.text C:\Windows\system32\igfxsrvc.exe[3076] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002800E4
.text C:\Windows\system32\igfxsrvc.exe[3076] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00280120
.text C:\Windows\system32\igfxsrvc.exe[3076] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00280030
.text C:\Windows\system32\igfxsrvc.exe[3076] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0028006C
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0029006C
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002900A8
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002901D4
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002900E4
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00290120
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0029015C
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00290198
.text C:\Windows\system32\igfxsrvc.exe[3076] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00290030
.text C:\Windows\system32\taskeng.exe[3080] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[3080] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[3080] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[3080] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\taskeng.exe[3080] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[3080] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[3080] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[3080] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00060030
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0006006C
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3096] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\wmiprvse.exe[3108] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\unsecapp.exe[3116] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\unsecapp.exe[3116] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\unsecapp.exe[3116] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\unsecapp.exe[3116] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\unsecapp.exe[3116] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\unsecapp.exe[3116] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Windows\Explorer.EXE[3124] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\Explorer.EXE[3124] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\Explorer.EXE[3124] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\Explorer.EXE[3124] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\Explorer.EXE[3124] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\Explorer.EXE[3124] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\Explorer.EXE[3124] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\Explorer.EXE[3124] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Windows\Explorer.EXE[3124] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 761FB37C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}
.text C:\Windows\Explorer.EXE[3124] SHELL32.dll!SHFileOperationW 762068E8 5 Bytes JMP 03C21102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00140030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0014006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001600A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001600E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00160120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00160030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0016006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3352] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3372] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Windows\RtHDVCpl.exe[3388] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Windows\RtHDVCpl.exe[3388] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Windows\RtHDVCpl.exe[3388] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Windows\RtHDVCpl.exe[3388] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Windows\RtHDVCpl.exe[3388] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Windows\RtHDVCpl.exe[3388] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Windows\RtHDVCpl.exe[3388] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Windows\RtHDVCpl.exe[3388] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Windows\PLFSetI.exe[3404] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00140030
.text C:\Windows\PLFSetI.exe[3404] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0014006C
.text C:\Windows\PLFSetI.exe[3404] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001600A8
.text C:\Windows\PLFSetI.exe[3404] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001600E4
.text C:\Windows\PLFSetI.exe[3404] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00160120
.text C:\Windows\PLFSetI.exe[3404] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00160030
.text C:\Windows\PLFSetI.exe[3404] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0016006C
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Windows\PLFSetI.exe[3404] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3476] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002B00A8
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002B00E4
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 002B0120
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 002B0030
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 002B006C
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 002C006C
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002C00A8
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002C01D4
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002C00E4
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 002C0120
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 002C015C
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 002C0198
.text C:\Program Files\TrillianAstra\Trillian\trillian.exe[3492] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 002C0030
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3516] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 003F006C
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 003F00A8
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 003F01D4
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 003F00E4
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 003F0120
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 003F015C
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 003F0198
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 003F0030
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 008D00A8
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 008D00E4
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 008D0120
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 008D0030
.text C:\Program Files\Autorun Eater\oldmcdonald.exe[3556] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 008D006C
.text C:\Windows\System32\mobsync.exe[3572] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\System32\mobsync.exe[3572] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\mobsync.exe[3572] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\mobsync.exe[3572] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\System32\mobsync.exe[3572] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\System32\mobsync.exe[3572] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\System32\mobsync.exe[3572] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\System32\mobsync.exe[3572] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe[3588] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00160030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0016006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0027006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002700A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002701D4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002700E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00270120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0027015C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00270198
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00270030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002900A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002900E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00290120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00290030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3624] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0029006C
.text C:\Program Files\Launch Manager\LManager.exe[3832] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Launch Manager\LManager.exe[3832] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Launch Manager\LManager.exe[3832] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002200A8
.text C:\Program Files\Launch Manager\LManager.exe[3832] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002200E4
.text C:\Program Files\Launch Manager\LManager.exe[3832] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00220120
.text C:\Program Files\Launch Manager\LManager.exe[3832] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00220030
.text C:\Program Files\Launch Manager\LManager.exe[3832] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0022006C
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0023006C
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002300A8
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002301D4
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002300E4
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00230120
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0023015C
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00230198
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00230030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 00C2006C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 00C200A8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 00C201D4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 00C200E4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00C20120
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 00C2015C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00C20198
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00C20030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00C300A8
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00C300E4
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00C30120
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00C30030
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3840] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 00C3006C
.text C:\Windows\system32\taskeng.exe[3904] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[3904] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[3904] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[3904] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\taskeng.exe[3904] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[3904] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[3904] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[3904] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\taskeng.exe[3944] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[3944] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[3944] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[3944] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\taskeng.exe[3944] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[3944] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[3944] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[3944] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 002900A8
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 002900E4
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00290120
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00290030
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0029006C
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 002A006C
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002A00A8
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002A01D4
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002A00E4
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 002A0120
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 002A015C
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 002A0198
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3964] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 002A0030
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0019006C
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001900A8
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001901D4
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001900E4
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00190120
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0019015C
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00190198
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00190030
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001A00A8
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001A00E4
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 001A0120
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001A0030
.text C:\Users\Lauren\AppData\Local\Temp\Rar$EX00.877\gmer.exe[4024] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001A006C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00140030
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0014006C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001600A8
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001600E4
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00160120
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00160030
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0016006C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[4044] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4052] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000700A8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000700E4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00070120
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00070030
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0007006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0008006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000800A8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000801D4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000800E4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00080120
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0008015C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00080198
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4080] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00080030
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0028006C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 002800A8
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 002801D4
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 002800E4
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00280120
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0028015C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00280198
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[4088] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00280030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00070030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0007006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtCreateFile + 6 76F8422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtCreateFile + B 76F8422F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtMapViewOfSection + 6 76F8497A 1 Byte [28]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtMapViewOfSection + 6 76F8497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtMapViewOfSection + B 76F8497F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenFile + 6 76F84A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenFile + B 76F84A0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcess + 6 76F84A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcess + B 76F84A8F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcessToken + 6 76F84A9A 4 Bytes CALL 75F850A0 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcessToken + B 76F84A9F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcessTokenEx + 6 76F84AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenProcessTokenEx + B 76F84AAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThread + 6 76F84AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThread + B 76F84AFF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThreadToken + 6 76F84B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThreadToken + B 76F84B0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThreadTokenEx + 6 76F84B1A 4 Bytes CALL 75F85121 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtOpenThreadTokenEx + B 76F84B1F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtQueryAttributesFile + 6 76F84BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtQueryAttributesFile + B 76F84BAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtQueryFullAttributesFile + 6 76F84C5A 4 Bytes CALL 75F8525F C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtQueryFullAttributesFile + B 76F84C5F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtSetInformationFile + 6 76F8513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtSetInformationFile + B 76F8513F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtSetInformationThread + 6 76F8518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtSetInformationThread + B 76F8518F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 1 Byte [68]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ntdll.dll!NtUnmapViewOfSection + B 76F8542F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000A00A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000A00E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000A0120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000A0030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000A006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4148] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00070030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0007006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtCreateFile + 6 76F8422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtCreateFile + B 76F8422F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + 6 76F8497A 1 Byte [28]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + 6 76F8497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + B 76F8497F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenFile + 6 76F84A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenFile + B 76F84A0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcess + 6 76F84A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcess + B 76F84A8F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessToken + 6 76F84A9A 4 Bytes CALL 75F850A0 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessToken + B 76F84A9F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessTokenEx + 6 76F84AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessTokenEx + B 76F84AAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThread + 6 76F84AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThread + B 76F84AFF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadToken + 6 76F84B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadToken + B 76F84B0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadTokenEx + 6 76F84B1A 4 Bytes CALL 75F85121 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadTokenEx + B 76F84B1F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryAttributesFile + 6 76F84BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryAttributesFile + B 76F84BAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryFullAttributesFile + 6 76F84C5A 4 Bytes CALL 75F8525F C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryFullAttributesFile + B 76F84C5F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationFile + 6 76F8513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationFile + B 76F8513F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationThread + 6 76F8518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationThread + B 76F8518F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 1 Byte [68]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + B 76F8542F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000F00A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000F00E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000F0120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000F0030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000F006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0010006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001000A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001001D4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001000E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00100120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0010015C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00100198
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4244] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00100030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00070030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0007006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtCreateFile + 6 76F8422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtCreateFile + B 76F8422F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtMapViewOfSection + 6 76F8497A 1 Byte [28]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtMapViewOfSection + 6 76F8497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtMapViewOfSection + B 76F8497F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenFile + 6 76F84A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenFile + B 76F84A0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenProcess + 6 76F84A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenProcess + B 76F84A8F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenProcessToken + 6 76F84A9A 4 Bytes CALL 75F850A0 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenProcessToken + B 76F84A9F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenProcessTokenEx + 6 76F84AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenProcessTokenEx + B 76F84AAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenThread + 6 76F84AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenThread + B 76F84AFF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenThreadToken + 6 76F84B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenThreadToken + B 76F84B0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenThreadTokenEx + 6 76F84B1A 4 Bytes CALL 75F85121 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtOpenThreadTokenEx + B 76F84B1F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtQueryAttributesFile + 6 76F84BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtQueryAttributesFile + B 76F84BAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtQueryFullAttributesFile + 6 76F84C5A 4 Bytes CALL 75F8525F C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtQueryFullAttributesFile + B 76F84C5F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtSetInformationFile + 6 76F8513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtSetInformationFile + B 76F8513F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtSetInformationThread + 6 76F8518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtSetInformationThread + B 76F8518F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 1 Byte [68]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ntdll.dll!NtUnmapViewOfSection + B 76F8542F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000A00A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000A00E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000A0120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000A0030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000A006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4260] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] user32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] user32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] user32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] user32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] user32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4440] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Windows\notepad.exe[4564] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\notepad.exe[4564] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0017006C
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001700A8
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001701D4
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001700E4
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00170120
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0017015C
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00170198
.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00170030
.text C:\Windows\notepad.exe[4564] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001800A8
.text C:\Windows\notepad.exe[4564] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001800E4
.text C:\Windows\notepad.exe[4564] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180120
.text C:\Windows\notepad.exe[4564] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00180030
.text C:\Windows\notepad.exe[4564] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0018006C
.text C:\Windows\notepad.exe[4588] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\notepad.exe[4588] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\notepad.exe[4588] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\notepad.exe[4588] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\notepad.exe[4588] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\notepad.exe[4588] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\notepad.exe[4588] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\notepad.exe[4588] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00150030
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0015006C
.text C:\Program Files\Skype\Phone\Skype.exe[4608] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001700A8
.text C:\Program Files\Skype\Phone\Skype.exe[4608] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001700E4
.text C:\Program Files\Skype\Phone\Skype.exe[4608] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170120
.text C:\Program Files\Skype\Phone\Skype.exe[4608] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00170030
.text C:\Program Files\Skype\Phone\Skype.exe[4608] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0017006C
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Program Files\Skype\Phone\Skype.exe[4608] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00060030
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0006006C
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe[4624] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\unsecapp.exe[4748] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\unsecapp.exe[4748] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\unsecapp.exe[4748] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\unsecapp.exe[4748] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\unsecapp.exe[4748] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\unsecapp.exe[4748] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0008006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00070030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0007006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtCreateFile + 6 76F8422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtCreateFile + B 76F8422F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtMapViewOfSection + 6 76F8497A 1 Byte [28]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtMapViewOfSection + 6 76F8497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtMapViewOfSection + B 76F8497F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenFile + 6 76F84A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenFile + B 76F84A0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcess + 6 76F84A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcess + B 76F84A8F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcessToken + 6 76F84A9A 4 Bytes CALL 75F850A0 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcessToken + B 76F84A9F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcessTokenEx + 6 76F84AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcessTokenEx + B 76F84AAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThread + 6 76F84AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThread + B 76F84AFF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThreadToken + 6 76F84B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThreadToken + B 76F84B0F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThreadTokenEx + 6 76F84B1A 4 Bytes CALL 75F85121 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThreadTokenEx + B 76F84B1F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtQueryAttributesFile + 6 76F84BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtQueryAttributesFile + B 76F84BAF 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtQueryFullAttributesFile + 6 76F84C5A 4 Bytes CALL 75F8525F C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtQueryFullAttributesFile + B 76F84C5F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtSetInformationFile + 6 76F8513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtSetInformationFile + B 76F8513F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtSetInformationThread + 6 76F8518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtSetInformationThread + B 76F8518F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 1 Byte [68]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtUnmapViewOfSection + 6 76F8542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtUnmapViewOfSection + B 76F8542F 1 Byte [E2]
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000A00A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000A00E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000A0120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000A0030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000A006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 000B006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000B00A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000B01D4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000B00E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 000B0120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 000B015C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 000B0198
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\rundll32.exe[5216] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00060030
.text C:\Windows\system32\rundll32.exe[5216] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0006006C
.text C:\Windows\system32\rundll32.exe[5216] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000700A8
.text C:\Windows\system32\rundll32.exe[5216] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000700E4
.text C:\Windows\system32\rundll32.exe[5216] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00070120
.text C:\Windows\system32\rundll32.exe[5216] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00070030
.text C:\Windows\system32\rundll32.exe[5216] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0007006C
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0008006C
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000800A8
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000801D4
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000800E4
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00080120
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0008015C
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00080198
.text C:\Windows\system32\rundll32.exe[5216] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00080030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000700A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000700E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00070120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00070030
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0007006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0008006C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000800A8
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000801D4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000800E4
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00080120
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0008015C
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00080198
.text C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe[5284] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00080030
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0018006C
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 001800A8
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00180120
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0018015C
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00180198
.text C:\Program Files\iPod\bin\iPodService.exe[5360] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00180030
.text C:\Program Files\iPod\bin\iPodService.exe[5360] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001900A8
.text C:\Program Files\iPod\bin\iPodService.exe[5360] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001900E4
.text C:\Program Files\iPod\bin\iPodService.exe[5360] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00190120
.text C:\Program Files\iPod\bin\iPodService.exe[5360] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 00190030
.text C:\Program Files\iPod\bin\iPodService.exe[5360] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 0019006C
.text C:\Windows\system32\svchost.exe[6100] ntdll.dll!LdrLoadDll 76F493A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[6100] ntdll.dll!LdrUnloadDll 76F5B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!CreateServiceW 75979EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!DeleteService 7597A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!SetServiceObjectSecurity 759B6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!ChangeServiceConfigA 759B6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!ChangeServiceConfigW 759B6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!ChangeServiceConfig2A 759B7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!ChangeServiceConfig2W 759B71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[6100] ADVAPI32.dll!CreateServiceA 759B72A1 5 Bytes JMP 00070030
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----