HELP Glacial Pace Computer

Question

PetersonMe 0 Newbie Poster

12 Years Ago

My son clicked on a link that turned out to be an "adult" site, got caught in the endless
popup thing - turned off the computer and now everything is hanging
and running at a glacial pace. Also, I notice that I have 2 unknown
devices in my device manager - one is a Base System Device with this
under details "PCI\VEN_1180&DEV_0843&SUBSYS_01F51028&REV_01\4&B216F0A&0&09A4"
and one is an SM Bus Controller with this
"PCI\VEN_1002&DEV_4385&SUBSYS_01F51028&REV_14\3&2411E6FE&0&A0"

I followed the instructions on the "before you post." Here are the
logs, and THANK YOU SO MUCH FOR ANY HELP YOU CAN GIVE ME!

--Melissa

ps it won't let me add the logs :-( every time I do it won't post! should I add them one at a time?

windows-virus

Edited 12 Years Ago by PetersonMe because: n/a

2 Contributors
18 Replies
176 Views
3 Days Discussion Span
Latest Post 12 Years Ago Latest Post by crunchie

All 18 Replies

crunchie 990 Most Valuable Poster

12 Years Ago

Hi and welcome to Daniweb forums :).

====

Try adding them one at a time.

crunchie 990 Most Valuable Poster

12 Years Ago

I see you are running 2 anti-virus programs. You need to disable/uninstall one of them as they will cause conflicts and slow down your PC.

==

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

=================

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

You will need to use Internet Explorer to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner • Panda Active Scan • Trend Micro HouseCall • F-Secure Online Virus Scanner

crunchie 990 Most Valuable Poster

12 Years Ago

You missed one of the OTL logs.

crunchie 990 Most Valuable Poster

12 Years Ago

No worries :).

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKCU..\Run: [doubleTwist] File not found

:Commands
[purity]
[emptyflash]
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post log from this run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

crunchie 990 Most Valuable Poster

12 Years Ago

If you go into Device Manager and then into the properties of the devices with no drivers, you should be able to select the option to update the driver(s).
Let it search online for the driver and hopefully that will solve that problem :).

I am seeing no sign of malware on your pc after having run those tools.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

PetersonMe 0 Newbie Poster · Answer 1 · 2011-08-03T07:37:29+00:00

Hi and welcome to Daniweb forums :).
====
Try adding them one at a time.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7359

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/2/2011 3:46:59 PM
mbam-log-2011-08-02 (15-46-59).txt

Scan type: Full scan (C:\|)
Objects scanned: 254616
Time elapsed: 1 hour(s), 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

PetersonMe 0 Newbie Poster · Answer 2 · 2011-08-03T07:38:22+00:00

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-02 11:52:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 ->
\Device\Ide\IdeDeviceP0T0L0-3 ST9120822AS rev.3.CDD
Running: khpppwg7.exe; Driver: C:\DOCUME~1\MBRAKS~1\LOCALS~1\Temp\pfryqfog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast!
Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB0739026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast!
Virtualization Driver/AVAST Software) ZwEnumerateValueKey
[0xB0738E91]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self
protection module/AVAST Software) ZwCreateProcessEx [0xB07828DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self
protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self
protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs
aswSP.SYS (avast! self protection
module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs
aswMon2.SYS (avast! File System Filter
Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs
aswMon2.SYS (avast! File System Filter
Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip
SYMTDI.SYS (Network Dispatch
Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip
aswRdr.SYS (avast! TDI RDR
Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip
aswTdi.SYS (avast! TDI Filter
Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp
aswTdi.SYS (avast! TDI Filter
Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp
SYMTDI.SYS (Network Dispatch
Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp
aswRdr.SYS (avast! TDI RDR
Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp
aswTdi.SYS (avast! TDI Filter
Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp
SYMTDI.SYS (Network Dispatch
Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp
aswRdr.SYS (avast! TDI RDR
Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp
aswTdi.SYS (avast! TDI Filter
Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp
SYMTDI.SYS (Network Dispatch
Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0
SynTP.sys (Synaptics Touchpad
Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1
SynTP.sys (Synaptics Touchpad
Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

PetersonMe 0 Newbie Poster · Answer 3 · 2011-08-03T07:51:16+00:00

GMER 1.0.15.15641 - [url]http://www.gmer.net[/url]
Rootkit scan 2011-08-02 14:26:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 ->
\Device\Ide\IdeDeviceP0T0L0-3 ST9120822AS rev.3.CDD
Running: khpppwg7.exe; Driver: C:\DOCUME~1\MBRAKS~1\LOCALS~1\Temp\pfryqfog.sys


---- System - GMER 1.0.15 ----

SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwAddBootEntry [0xB07189CA]
SSDT   8A1B5D80

ZwAlertResumeThread
SSDT   8A1B5E00

ZwAlertThread
SSDT   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection
module/AVAST Software)
ZwAllocateVirtualMemory [0xB076DA68]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwClose [0xB0738AF5]
SSDT   8A200FB0

ZwConnectPort
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwCreateEvent [0xB071AEAC]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwCreateEventPair [0xB071AF04]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwCreateIoCompletion [0xB071B01A]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwCreateKey [0xB07384A9]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwCreateMutant [0xB071AE02]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwCreateSection [0xB071AF54]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwCreateSemaphore [0xB071AE56]
SSDT   8A2060D8

ZwCreateThread
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwCreateTimer [0xB071AFC8]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwDeleteBootEntry [0xB07189EE]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwDeleteKey [0xB07391BB]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwDeleteValueKey [0xB0739471]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwDuplicateObject [0xB071B29E]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwEnumerateKey [0xB0739026]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwEnumerateValueKey [0xB0738E91]
SSDT   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection
module/AVAST Software)
ZwFreeVirtualMemory [0xB076DB18]
SSDT   8A0C9048

ZwImpersonateAnonymousToken
SSDT   8A0C9008

ZwImpersonateThread
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwLoadDriver [0xB07187B8]
SSDT   8A15CE70

ZwMapViewOfSection
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwModifyBootEntry [0xB0718A12]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwNotifyChangeKey [0xB071B412]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwNotifyChangeMultipleKeys [0xB07194AA]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwOpenEvent [0xB071AEDC]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwOpenEventPair [0xB071AF2C]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwOpenIoCompletion [0xB071B044]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwOpenKey [0xB0738805]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwOpenMutant [0xB071AE2E]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwOpenProcess [0xB071B0D6]
SSDT   8A1CE4E0

ZwOpenProcessToken
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwOpenSection [0xB071AF94]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwOpenSemaphore [0xB071AE84]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwOpenThread [0xB071B1BA]
SSDT   8A0CF008

ZwOpenThreadToken
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwOpenTimer [0xB071AFF2]
SSDT   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection
module/AVAST Software)
ZwProtectVirtualMemory [0xB076DBB0]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwQueryKey [0xB0738D0C]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwQueryObject [0xB0719370]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwQueryValueKey [0xB0738B5E]
SSDT   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection
module/AVAST Software)
ZwRenameKey [0xB0775E26]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwRestoreKey [0xB0737B1C]
SSDT   8A1D6C50

ZwResumeThread
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwSetBootEntryOrder [0xB0718A36]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwSetBootOptions [0xB0718A5A]
SSDT   8A196868

ZwSetContextThread
SSDT   8A0D6008

ZwSetInformationProcess
SSDT   8A0CA080

ZwSetInformationThread
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwSetSystemInformation [0xB0718812]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwSetSystemPowerState [0xB071894E]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwSetValueKey [0xB07392C2]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwShutdownSystem [0xB071892A]
SSDT   8A0D1058

ZwSuspendProcess
SSDT   8A1B6BE8

ZwSuspendThread
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwSystemDebugControl [0xB0718972]
SSDT   8A1BD658

ZwTerminateProcess
SSDT   8A0CABE8

ZwTerminateThread
SSDT   8A1BF278

ZwUnmapViewOfSection
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
ZwVdmControl [0xB0718A7E]
SSDT   8A0C8080

ZwWriteVirtualMemory

Code   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection
module/AVAST Software)
ZwCreateProcessEx [0xB07828DE]
Code   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection
module/AVAST Software)
ObInsertObject
Code   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection
module/AVAST Software)
ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!ZwCallbackReturn + 2F30

805047CC 12 Bytes  [36, 8A, 71, B0, 5A, 8A, 71, ...]
.text  ntkrnlpa.exe!ZwCallbackReturn + 2FD8

80504874 12 Bytes  CALL F2DA63E4
PAGE   ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC

805A64A8 4 Bytes  CALL B0719E25
\SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization
Driver/AVAST Software)
PAGE   ntkrnlpa.exe!ObMakeTemporaryObject

805BC556 5 Bytes  JMP B077E29E \SystemRoot\System32\Drivers\aswSP.SYS
(avast! self protection module/AVAST Software)
PAGE   ntkrnlpa.exe!ObInsertObject

805C2FDA 5 Bytes  JMP B077FD38 \SystemRoot\System32\Drivers\aswSP.SYS
(avast! self protection module/AVAST Software)
PAGE   ntkrnlpa.exe!ZwCreateProcessEx

805D117A 7 Bytes  JMP B07828E2 \SystemRoot\System32\Drivers\aswSP.SYS
(avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\system32\svchost.exe[120] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes  JMP 00090030
.text  C:\WINDOWS\system32\svchost.exe[120] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes  JMP 0009006C
.text  C:\WINDOWS\system32\svchost.exe[120]
ADVAPI32.dll!SetServiceObjectSecurity
                       77E36D81 5 Bytes  JMP 002B01D4
.text  C:\WINDOWS\system32\svchost.exe[120]
ADVAPI32.dll!ChangeServiceConfigA
                       77E36E69 5 Bytes  JMP 002B00E4
.text  C:\WINDOWS\system32\svchost.exe[120]
ADVAPI32.dll!ChangeServiceConfigW
                       77E37001 5 Bytes  JMP 002B0120
.text  C:\WINDOWS\system32\svchost.exe[120]
ADVAPI32.dll!ChangeServiceConfig2A
                       77E37101 5 Bytes  JMP 002B015C
.text  C:\WINDOWS\system32\svchost.exe[120]
ADVAPI32.dll!ChangeServiceConfig2W
                       77E37189 5 Bytes  JMP 002B0198
.text  C:\WINDOWS\system32\svchost.exe[120]
ADVAPI32.dll!CreateServiceA
                       77E37211 5 Bytes  JMP 002B0030
.text  C:\WINDOWS\system32\svchost.exe[120]
ADVAPI32.dll!CreateServiceW
                       77E373A9 5 Bytes  JMP 002B006C
.text  C:\WINDOWS\system32\svchost.exe[120] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes  JMP 002B00A8
.text  C:\WINDOWS\system32\svchost.exe[120]
USER32.dll!SetWindowsHookExW
                       7E42820F 5 Bytes  JMP 002C00E4
.text  C:\WINDOWS\system32\svchost.exe[120]
USER32.dll!UnhookWindowsHookEx
                       7E42D5F3 5 Bytes  JMP 002C0120
.text  C:\WINDOWS\system32\svchost.exe[120]
USER32.dll!SetWindowsHookExA
                       7E431211 5 Bytes  JMP 002C00A8
.text  C:\WINDOWS\system32\svchost.exe[120] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes  JMP 002C0030
.text  C:\WINDOWS\system32\svchost.exe[120] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes  JMP 002C006C
.text  C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes  JMP 00090030
.text  C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes  JMP 0009006C
.text  C:\WINDOWS\system32\svchost.exe[220]
ADVAPI32.dll!SetServiceObjectSecurity
                       77E36D81 5 Bytes  JMP 002B01D4
.text  C:\WINDOWS\system32\svchost.exe[220]
ADVAPI32.dll!ChangeServiceConfigA
                       77E36E69 5 Bytes  JMP 002B00E4
.text  C:\WINDOWS\system32\svchost.exe[220]
ADVAPI32.dll!ChangeServiceConfigW
                       77E37001 5 Bytes  JMP 002B0120
.text  C:\WINDOWS\system32\svchost.exe[220]
ADVAPI32.dll!ChangeServiceConfig2A
                       77E37101 5 Bytes  JMP 002B015C
.text  C:\WINDOWS\system32\svchost.exe[220]
ADVAPI32.dll!ChangeServiceConfig2W
                       77E37189 5 Bytes  JMP 002B0198
.text  C:\WINDOWS\system32\svchost.exe[220]
ADVAPI32.dll!CreateServiceA
                       77E37211 5 Bytes  JMP 002B0030
.text  C:\WINDOWS\system32\svchost.exe[220]
ADVAPI32.dll!CreateServiceW
                       77E373A9 5 Bytes  JMP 002B006C
.text  C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes  JMP 002B00A8
.text  C:\WINDOWS\system32\svchost.exe[220]
USER32.dll!SetWindowsHookExW
                       7E42820F 5 Bytes  JMP 002C00E4
.text  C:\WINDOWS\system32\svchost.exe[220]
USER32.dll!UnhookWindowsHookEx
                       7E42D5F3 5 Bytes  JMP 002C0120
.text  C:\WINDOWS\system32\svchost.exe[220]
USER32.dll!SetWindowsHookExA
                       7E431211 5 Bytes  JMP 002C00A8
.text  C:\WINDOWS\system32\svchost.exe[220] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes  JMP 002C0030
.text  C:\WINDOWS\system32\svchost.exe[220] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes  JMP 002C006C
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
ntdll.dll!LdrLoadDll
7C91632D 5 Bytes  JMP 00090030
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes  JMP 0009006C
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes  JMP 002D01D4
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes  JMP 002D00E4
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes  JMP 002D0120
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes  JMP 002D015C
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes  JMP 002D0198
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes  JMP 002D0030
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes  JMP 002D006C
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes  JMP 002D00A8
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes  JMP 002E00E4
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes  JMP 002E0120
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes  JMP 002E00A8
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes  JMP 002E0030
.text  C:\Program Files\Common Files\Symantec Shared\ccApp.exe[292]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes  JMP 002E006C
.text  C:\WINDOWS\Explorer.EXE[344] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes  JMP 00090030
.text  C:\WINDOWS\Explorer.EXE[344] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes  JMP 0009006C
.text  C:\WINDOWS\Explorer.EXE[344]
ADVAPI32.dll!SetServiceObjectSecurity
                               77E36D81 5 Bytes  JMP 002C01D4
.text  C:\WINDOWS\Explorer.EXE[344] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes  JMP 002C00E4
.text  C:\WINDOWS\Explorer.EXE[344] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes  JMP 002C0120
.text  C:\WINDOWS\Explorer.EXE[344] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes  JMP 002C015C
.text  C:\WINDOWS\Explorer.EXE[344] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes  JMP 002C0198
.text  C:\WINDOWS\Explorer.EXE[344] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes  JMP 002C0030
.text  C:\WINDOWS\Explorer.EXE[344] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes  JMP 002C006C
.text  C:\WINDOWS\Explorer.EXE[344] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes  JMP 002C00A8
.text  C:\WINDOWS\Explorer.EXE[344] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes  JMP 002D00E4
.text  C:\WINDOWS\Explorer.EXE[344] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes  JMP 002D0120
.text  C:\WINDOWS\Explorer.EXE[344] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes  JMP 002D00A8
.text  C:\WINDOWS\Explorer.EXE[344] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes  JMP 002D0030
.text  C:\WINDOWS\Explorer.EXE[344] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes  JMP 002D006C
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
ntdll.dll!LdrLoadDll
        7C91632D 5 Bytes  JMP 00150030
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
ntdll.dll!LdrUnloadDll
        7C9171CD 5 Bytes  JMP 0015006C
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
USER32.dll!SetWindowsHookExW
        7E42820F 5 Bytes  JMP 00E200E4
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
USER32.dll!UnhookWindowsHookEx
        7E42D5F3 5 Bytes  JMP 00E20120
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
USER32.dll!SetWindowsHookExA
        7E431211 5 Bytes  JMP 00E200A8
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
USER32.dll!SetWinEventHook
        7E4317F7 5 Bytes  JMP 00E20030
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
USER32.dll!UnhookWinEvent
        7E4318AC 5 Bytes  JMP 00E2006C
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
ADVAPI32.dll!SetServiceObjectSecurity
        77E36D81 5 Bytes  JMP 00E301D4
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
ADVAPI32.dll!ChangeServiceConfigA
        77E36E69 5 Bytes  JMP 00E300E4
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
ADVAPI32.dll!ChangeServiceConfigW
        77E37001 5 Bytes  JMP 00E30120
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
ADVAPI32.dll!ChangeServiceConfig2A
        77E37101 5 Bytes  JMP 00E3015C
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
ADVAPI32.dll!ChangeServiceConfig2W
        77E37189 5 Bytes  JMP 00E30198
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
ADVAPI32.dll!CreateServiceA
        77E37211 5 Bytes  JMP 00E30030
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
ADVAPI32.dll!CreateServiceW
        77E373A9 5 Bytes  JMP 00E3006C
.text  C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe[392]
ADVAPI32.dll!DeleteService
        77E374B1 5 Bytes  JMP 00E300A8
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
ntdll.dll!LdrLoadDll
7C91632D 5 Bytes  JMP 00090030
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes  JMP 0009006C
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes  JMP 002D01D4
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes  JMP 002D00E4
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes  JMP 002D0120
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes  JMP 002D015C
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes  JMP 002D0198
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes  JMP 002D0030
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes  JMP 002D006C
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes  JMP 002D00A8
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes  JMP 002E00E4
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes  JMP 002E0120
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes  JMP 002E00A8
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes  JMP 002E0030
.text  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[416]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes  JMP 002E006C
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes  JMP 00140030
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes  JMP 0014006C
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508]
ADVAPI32.dll!SetServiceObjectSecurity
                      77E36D81 5 Bytes  JMP 003801D4
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508]
ADVAPI32.dll!ChangeServiceConfigA
                      77E36E69 5 Bytes  JMP 003800E4
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508]
ADVAPI32.dll!ChangeServiceConfigW
                      77E37001 5 Bytes  JMP 00380120
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508]
ADVAPI32.dll!ChangeServiceConfig2A
                      77E37101 5 Bytes  JMP 0038015C
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508]
ADVAPI32.dll!ChangeServiceConfig2W
                      77E37189 5 Bytes  JMP 00380198
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508]
ADVAPI32.dll!CreateServiceA
                      77E37211 5 Bytes  JMP 00380030
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508]
ADVAPI32.dll!CreateServiceW
                      77E373A9 5 Bytes  JMP 0038006C
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508]
ADVAPI32.dll!DeleteService
                      77E374B1 5 Bytes  JMP 003800A8
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508]
USER32.dll!SetWindowsHookExW
                      7E42820F 5 Bytes  JMP 003900E4
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508]
USER32.dll!UnhookWindowsHookEx
                      7E42D5F3 5 Bytes  JMP 00390120
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508]
USER32.dll!SetWindowsHookExA
                      7E431211 5 Bytes  JMP 003900A8
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508]
USER32.dll!SetWinEventHook
                      7E4317F7 5 Bytes  JMP 00390030
.text  C:\WINDOWS\System32\WLTRYSVC.EXE[508] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes  JMP 0039006C
.text  C:\WINDOWS\System32\bcmwltry.exe[572] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes  JMP 00140030
.text  C:\WINDOWS\System32\bcmwltry.exe[572] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes  JMP 0014006C
.text  C:\WINDOWS\System32\bcmwltry.exe[572]
ADVAPI32.dll!SetServiceObjectSecurity
                      77E36D81 5 Bytes  JMP 003B01D4
.text  C:\WINDOWS\System32\bcmwltry.exe[572]
ADVAPI32.dll!ChangeServiceConfigA
                      77E36E69 5 Bytes  JMP 003B00E4
.text  C:\WINDOWS\System32\bcmwltry.exe[572]
ADVAPI32.dll!ChangeServiceConfigW
                      77E37001 5 Bytes  JMP 003B0120
.text  C:\WINDOWS\System32\bcmwltry.exe[572]
ADVAPI32.dll!ChangeServiceConfig2A
                      77E37101 5 Bytes  JMP 003B015C
.text  C:\WINDOWS\System32\bcmwltry.exe[572]
ADVAPI32.dll!ChangeServiceConfig2W
                      77E37189 5 Bytes  JMP 003B0198
.text  C:\WINDOWS\System32\bcmwltry.exe[572]
ADVAPI32.dll!CreateServiceA
                      77E37211 5 Bytes  JMP 003B0030
.text  C:\WINDOWS\System32\bcmwltry.exe[572]
ADVAPI32.dll!CreateServiceW
                      77E373A9 5 Bytes  JMP 003B006C
.text  C:\WINDOWS\System32\bcmwltry.exe[572]
ADVAPI32.dll!DeleteService
                      77E374B1 5 Bytes  JMP 003B00A8
.text  C:\WINDOWS\System32\bcmwltry.exe[572]
USER32.dll!SetWindowsHookExW
                      7E42820F 5 Bytes  JMP 003C00E4
.text  C:\WINDOWS\System32\bcmwltry.exe[572]
USER32.dll!UnhookWindowsHookEx
                      7E42D5F3 5 Bytes  JMP 003C0120
.text  C:\WINDOWS\System32\bcmwltry.exe[572]
USER32.dll!SetWindowsHookExA
                      7E431211 5 Bytes  JMP 003C00A8
.text  C:\WINDOWS\System32\bcmwltry.exe[572]
USER32.dll!SetWinEventHook
                      7E4317F7 5 Bytes  JMP 003C0030
.text  C:\WINDOWS\System32\bcmwltry.exe[572] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes  JMP 003C006C
.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[620]
kernel32.dll!SetUnhandledExceptionFilter
    7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
ntdll.dll!LdrLoadDll
7C91632D 5 Bytes  JMP 00140030
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes  JMP 0014006C
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes  JMP 003800E4
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes  JMP 00380120
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes  JMP 003800A8
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes  JMP 00380030
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes  JMP 0038006C
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes  JMP 003901D4
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes  JMP 003900E4
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes  JMP 00390120
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes  JMP 0039015C
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes  JMP 00390198
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes  JMP 00390030
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes  JMP 0039006C
.text  C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[768]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes  JMP 003900A8
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
ntdll.dll!LdrLoadDll
              7C91632D 5 Bytes  JMP 00150030
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
ntdll.dll!LdrUnloadDll
              7C9171CD 5 Bytes  JMP 0015006C
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
USER32.dll!SetWindowsHookExW
              7E42820F 5 Bytes  JMP 003900E4
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
USER32.dll!UnhookWindowsHookEx
              7E42D5F3 5 Bytes  JMP 00390120
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
USER32.dll!SetWindowsHookExA
              7E431211 5 Bytes  JMP 003900A8
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
USER32.dll!SetWinEventHook
              7E4317F7 5 Bytes  JMP 00390030
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
USER32.dll!UnhookWinEvent
              7E4318AC 5 Bytes  JMP 0039006C
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
ADVAPI32.dll!SetServiceObjectSecurity
              77E36D81 5 Bytes  JMP 003A01D4
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
ADVAPI32.dll!ChangeServiceConfigA
              77E36E69 5 Bytes  JMP 003A00E4
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
ADVAPI32.dll!ChangeServiceConfigW
              77E37001 5 Bytes  JMP 003A0120
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
ADVAPI32.dll!ChangeServiceConfig2A
              77E37101 5 Bytes  JMP 003A015C
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
ADVAPI32.dll!ChangeServiceConfig2W
              77E37189 5 Bytes  JMP 003A0198
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
ADVAPI32.dll!CreateServiceA
              77E37211 5 Bytes  JMP 003A0030
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
ADVAPI32.dll!CreateServiceW
              77E373A9 5 Bytes  JMP 003A006C
.text  C:\Program Files\iTunes\iTunesHelper.exe[808]
ADVAPI32.dll!DeleteService
              77E374B1 5 Bytes  JMP 003A00A8
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] ntdll.dll!LdrLoadDll
                    7C91632D 5 Bytes  JMP 00150030
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] ntdll.dll!LdrUnloadDll
                    7C9171CD 5 Bytes  JMP 0015006C
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity
                    77E36D81 5 Bytes  JMP 003A01D4
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] ADVAPI32.dll!ChangeServiceConfigA
                    77E36E69 5 Bytes  JMP 003A00E4
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] ADVAPI32.dll!ChangeServiceConfigW
                    77E37001 5 Bytes  JMP 003A0120
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A
                    77E37101 5 Bytes  JMP 003A015C
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W
                    77E37189 5 Bytes  JMP 003A0198
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] ADVAPI32.dll!CreateServiceA
                    77E37211 5 Bytes  JMP 003A0030
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] ADVAPI32.dll!CreateServiceW
                    77E373A9 5 Bytes  JMP 003A006C
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] ADVAPI32.dll!DeleteService
                    77E374B1 5 Bytes  JMP 003A00A8
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] USER32.dll!SetWindowsHookExW
                    7E42820F 5 Bytes  JMP 003B00E4
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] USER32.dll!UnhookWindowsHookEx
                    7E42D5F3 5 Bytes  JMP 003B0120
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] USER32.dll!SetWindowsHookExA
                    7E431211 5 Bytes  JMP 003B00A8
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] USER32.dll!SetWinEventHook
                    7E4317F7 5 Bytes  JMP 003B0030
.text  C:\Program Files\Common Files\Java\Java
Update\jusched.exe[1028] USER32.dll!UnhookWinEvent
                    7E4318AC 5 Bytes  JMP 003B006C
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
ntdll.dll!LdrLoadDll
        7C91632D 5 Bytes  JMP 00140030
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
ntdll.dll!LdrUnloadDll
        7C9171CD 5 Bytes  JMP 0014006C
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
USER32.dll!SetWindowsHookExW
        7E42820F 5 Bytes  JMP 003800E4
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
USER32.dll!UnhookWindowsHookEx
        7E42D5F3 5 Bytes  JMP 00380120
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
USER32.dll!SetWindowsHookExA
        7E431211 5 Bytes  JMP 003800A8
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
USER32.dll!SetWinEventHook
        7E4317F7 5 Bytes  JMP 00380030
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
USER32.dll!UnhookWinEvent
        7E4318AC 5 Bytes  JMP 0038006C
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
ADVAPI32.dll!SetServiceObjectSecurity
        77E36D81 5 Bytes  JMP 003901D4
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
ADVAPI32.dll!ChangeServiceConfigA
        77E36E69 5 Bytes  JMP 003900E4
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
ADVAPI32.dll!ChangeServiceConfigW
        77E37001 5 Bytes  JMP 00390120
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
ADVAPI32.dll!ChangeServiceConfig2A
        77E37101 5 Bytes  JMP 0039015C
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
ADVAPI32.dll!ChangeServiceConfig2W
        77E37189 5 Bytes  JMP 00390198
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
ADVAPI32.dll!CreateServiceA
        77E37211 5 Bytes  JMP 00390030
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
ADVAPI32.dll!CreateServiceW
        77E373A9 5 Bytes  JMP 0039006C
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1156]
ADVAPI32.dll!DeleteService
        77E374B1 5 Bytes  JMP 003900A8
.text  C:\WINDOWS\system32\spoolsv.exe[1200] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes  JMP 00090030
.text  C:\WINDOWS\system32\spoolsv.exe[1200] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes  JMP 0009006C
.text  C:\WINDOWS\system32\spoolsv.exe[1200]
ADVAPI32.dll!SetServiceObjectSecurity
                      77E36D81 5 Bytes  JMP 002B01D4
.text  C:\WINDOWS\system32\spoolsv.exe[1200]
ADVAPI32.dll!ChangeServiceConfigA
                      77E36E69 5 Bytes  JMP 002B00E4
.text  C:\WINDOWS\system32\spoolsv.exe[1200]
ADVAPI32.dll!ChangeServiceConfigW
                      77E37001 5 Bytes  JMP 002B0120
.text  C:\WINDOWS\system32\spoolsv.exe[1200]
ADVAPI32.dll!ChangeServiceConfig2A
                      77E37101 5 Bytes  JMP 002B015C
.text  C:\WINDOWS\system32\spoolsv.exe[1200]
ADVAPI32.dll!ChangeServiceConfig2W
                      77E37189 5 Bytes  JMP 002B0198
.text  C:\WINDOWS\system32\spoolsv.exe[1200]
ADVAPI32.dll!CreateServiceA
                      77E37211 5 Bytes  JMP 002B0030
.text  C:\WINDOWS\system32\spoolsv.exe[1200]
ADVAPI32.dll!CreateServiceW
                      77E373A9 5 Bytes  JMP 002B006C
.text  C:\WINDOWS\system32\spoolsv.exe[1200]
ADVAPI32.dll!DeleteService
                      77E374B1 5 Bytes  JMP 002B00A8
.text  C:\WINDOWS\system32\spoolsv.exe[1200]
USER32.dll!SetWindowsHookExW
                      7E42820F 5 Bytes  JMP 002C00E4
.text  C:\WINDOWS\system32\spoolsv.exe[1200]
USER32.dll!UnhookWindowsHookEx
                      7E42D5F3 5 Bytes  JMP 002C0120
.text  C:\WINDOWS\system32\spoolsv.exe[1200]
USER32.dll!SetWindowsHookExA
                      7E431211 5 Bytes  JMP 002C00A8
.text  C:\WINDOWS\system32\spoolsv.exe[1200]
USER32.dll!SetWinEventHook
                      7E4317F7 5 Bytes  JMP 002C0030
.text  C:\WINDOWS\system32\spoolsv.exe[1200] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes  JMP 002C006C
.text  C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes  JMP 00090030
.text  C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes  JMP 0009006C
.text  C:\WINDOWS\system32\svchost.exe[1284]
ADVAPI32.dll!SetServiceObjectSecurity
                      77E36D81 5 Bytes  JMP 002B01D4
.text  C:\WINDOWS\system32\svchost.exe[1284]
ADVAPI32.dll!ChangeServiceConfigA
                      77E36E69 5 Bytes  JMP 002B00E4
.text  C:\WINDOWS\system32\svchost.exe[1284]
ADVAPI32.dll!ChangeServiceConfigW
                      77E37001 5 Bytes  JMP 002B0120
.text  C:\WINDOWS\system32\svchost.exe[1284]
ADVAPI32.dll!ChangeServiceConfig2A
                      77E37101 5 Bytes  JMP 002B015C
.text  C:\WINDOWS\system32\svchost.exe[1284]
ADVAPI32.dll!ChangeServiceConfig2W
                      77E37189 5 Bytes  JMP 002B0198
.text  C:\WINDOWS\system32\svchost.exe[1284]
ADVAPI32.dll!CreateServiceA
                      77E37211 5 Bytes  JMP 002B0030
.text  C:\WINDOWS\system32\svchost.exe[1284]
ADVAPI32.dll!CreateServiceW
                      77E373A9 5 Bytes  JMP 002B006C
.text  C:\WINDOWS\system32\svchost.exe[1284]
ADVAPI32.dll!DeleteService
                      77E374B1 5 Bytes  JMP 002B00A8
.text  C:\WINDOWS\system32\svchost.exe[1284]
USER32.dll!SetWindowsHookExW
                      7E42820F 5 Bytes  JMP 002C00E4
.text  C:\WINDOWS\system32\svchost.exe[1284]
USER32.dll!UnhookWindowsHookEx
                      7E42D5F3 5 Bytes  JMP 002C0120
.text  C:\WINDOWS\system32\svchost.exe[1284]
USER32.dll!SetWindowsHookExA
                      7E431211 5 Bytes  JMP 002C00A8
.text  C:\WINDOWS\system32\svchost.exe[1284]
USER32.dll!SetWinEventHook
                      7E4317F7 5 Bytes  JMP 002C0030
.text  C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes  JMP 002C006C
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] ntdll.dll!LdrLoadDll
           7C91632D 5 Bytes  JMP 00150030
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] ntdll.dll!LdrUnloadDll
           7C9171CD 5 Bytes  JMP 0015006C
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity
           77E36D81 5 Bytes  JMP 003901D4
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] ADVAPI32.dll!ChangeServiceConfigA
           77E36E69 5 Bytes  JMP 003900E4
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] ADVAPI32.dll!ChangeServiceConfigW
           77E37001 5 Bytes  JMP 00390120
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A
           77E37101 5 Bytes  JMP 0039015C
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W
           77E37189 5 Bytes  JMP 00390198
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] ADVAPI32.dll!CreateServiceA
           77E37211 5 Bytes  JMP 00390030
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] ADVAPI32.dll!CreateServiceW
           77E373A9 5 Bytes  JMP 0039006C
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] ADVAPI32.dll!DeleteService
           77E374B1 5 Bytes  JMP 003900A8
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] USER32.dll!SetWindowsHookExW
           7E42820F 5 Bytes  JMP 003A00E4
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] USER32.dll!UnhookWindowsHookEx
           7E42D5F3 5 Bytes  JMP 003A0120
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] USER32.dll!SetWindowsHookExA
           7E431211 5 Bytes  JMP 003A00A8
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] USER32.dll!SetWinEventHook
           7E4317F7 5 Bytes  JMP 003A0030
.text  C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe[1348] USER32.dll!UnhookWinEvent
           7E4318AC 5 Bytes  JMP 003A006C
.text  C:\WINDOWS\system32\winlogon.exe[1368] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes  JMP 00070030
.text  C:\WINDOWS\system32\winlogon.exe[1368] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes  JMP 0007006C
.text  C:\WINDOWS\system32\winlogon.exe[1368]
ADVAPI32.dll!SetServiceObjectSecurity
                     77E36D81 5 Bytes  JMP 002B01D4
.text  C:\WINDOWS\system32\winlogon.exe[1368]
ADVAPI32.dll!ChangeServiceConfigA
                     77E36E69 5 Bytes  JMP 002B00E4
.text  C:\WINDOWS\system32\winlogon.exe[1368]
ADVAPI32.dll!ChangeServiceConfigW
                     77E37001 5 Bytes  JMP 002B0120
.text  C:\WINDOWS\system32\winlogon.exe[1368]
ADVAPI32.dll!ChangeServiceConfig2A
                     77E37101 5 Bytes  JMP 002B015C
.text  C:\WINDOWS\system32\winlogon.exe[1368]
ADVAPI32.dll!ChangeServiceConfig2W
                     77E37189 5 Bytes  JMP 002B0198
.text  C:\WINDOWS\system32\winlogon.exe[1368]
ADVAPI32.dll!CreateServiceA
                     77E37211 5 Bytes  JMP 002B0030
.text  C:\WINDOWS\system32\winlogon.exe[1368]
ADVAPI32.dll!CreateServiceW
                     77E373A9 5 Bytes  JMP 002B006C
.text  C:\WINDOWS\system32\winlogon.exe[1368]
ADVAPI32.dll!DeleteService
                     77E374B1 5 Bytes  JMP 002B00A8
.text  C:\WINDOWS\system32\winlogon.exe[1368]
USER32.dll!SetWindowsHookExW
                     7E42820F 5 Bytes  JMP 002C00E4
.text  C:\WINDOWS\system32\winlogon.exe[1368]
USER32.dll!UnhookWindowsHookEx
                     7E42D5F3 5 Bytes  JMP 002C0120
.text  C:\WINDOWS\system32\winlogon.exe[1368]
USER32.dll!SetWindowsHookExA
                     7E431211 5 Bytes  JMP 002C00A8
.text  C:\WINDOWS\system32\winlogon.exe[1368]
USER32.dll!SetWinEventHook
                     7E4317F7 5 Bytes  JMP 002C0030
.text  C:\WINDOWS\system32\winlogon.exe[1368]
USER32.dll!UnhookWinEvent
                     7E4318AC 5 Bytes  JMP 002C006C
.text  C:\WINDOWS\system32\services.exe[1412] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes  JMP 00090030
.text  C:\WINDOWS\system32\services.exe[1412] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes  JMP 0009006C
.text  C:\WINDOWS\system32\services.exe[1412]
ADVAPI32.dll!SetServiceObjectSecurity
                     77E36D81 5 Bytes  JMP 002B01D4
.text  C:\WINDOWS\system32\services.exe[1412]
ADVAPI32.dll!ChangeServiceConfigA
                     77E36E69 5 Bytes  JMP 002B00E4
.text  C:\WINDOWS\system32\services.exe[1412]
ADVAPI32.dll!ChangeServiceConfigW
                     77E37001 5 Bytes  JMP 002B0120
.text  C:\WINDOWS\system32\services.exe[1412]
ADVAPI32.dll!ChangeServiceConfig2A
                     77E37101 5 Bytes  JMP 002B015C
.text  C:\WINDOWS\system32\services.exe[1412]
ADVAPI32.dll!ChangeServiceConfig2W
                     77E37189 5 Bytes  JMP 002B0198
.text  C:\WINDOWS\system32\services.exe[1412]
ADVAPI32.dll!CreateServiceA
                     77E37211 5 Bytes  JMP 002B0030
.text  C:\WINDOWS\system32\services.exe[1412]
ADVAPI32.dll!CreateServiceW
                     77E373A9 5 Bytes  JMP 002B006C
.text  C:\WINDOWS\system32\services.exe[1412]
ADVAPI32.dll!DeleteService
                     77E374B1 5 Bytes  JMP 002B00A8
.text  C:\WINDOWS\system32\services.exe[1412]
USER32.dll!SetWindowsHookExW
                     7E42820F 5 Bytes  JMP 002C00E4
.text  C:\WINDOWS\system32\services.exe[1412]
USER32.dll!UnhookWindowsHookEx
                     7E42D5F3 5 Bytes  JMP 002C0120
.text  C:\WINDOWS\system32\services.exe[1412]
USER32.dll!SetWindowsHookExA
                     7E431211 5 Bytes  JMP 002C00A8
.text  C:\WINDOWS\system32\services.exe[1412]
USER32.dll!SetWinEventHook
                     7E4317F7 5 Bytes  JMP 002C0030
.text  C:\WINDOWS\system32\services.exe[1412]
USER32.dll!UnhookWinEvent
                     7E4318AC 5 Bytes  JMP 002C006C
.text  C:\WINDOWS\system32\lsass.exe[1424] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes  JMP 00090030
.

PetersonMe 0 Newbie Poster · Answer 4 · 2011-08-03T07:52:46+00:00

7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\lsass.exe[1424] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[1424]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\lsass.exe[1424]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\lsass.exe[1424]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\lsass.exe[1424]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\lsass.exe[1424]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\lsass.exe[1424] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\lsass.exe[1424] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\lsass.exe[1424] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\lsass.exe[1424]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\lsass.exe[1424]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\lsass.exe[1424]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\lsass.exe[1424] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\lsass.exe[1424] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1596] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\Ati2evxx.exe[1596] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1596]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1596]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\Ati2evxx.exe[1596]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1596]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\Ati2evxx.exe[1596]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1596]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003901D4
.text C:\WINDOWS\system32\Ati2evxx.exe[1596]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1596]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\Ati2evxx.exe[1596]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 0039015C
.text C:\WINDOWS\system32\Ati2evxx.exe[1596]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 00390198
.text C:\WINDOWS\system32\Ati2evxx.exe[1596]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\Ati2evxx.exe[1596]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 0039006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1596]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1612]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1612]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1612]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1612]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1612]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1612]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1612]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1612]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1612]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1612]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1612]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1612]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1612] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644] ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644] ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644]
ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644]
ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644]
ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644]
ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644]
ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644] ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644] ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644] ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644]
USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644]
USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644]
USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644] USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe[1644] USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1720]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1720]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1720]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1720]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1720]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1720]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1720]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1720]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1720]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1720]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1720]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1720]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\svchost.exe[1760] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[1760] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[1760]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\svchost.exe[1760]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[1760]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[1760]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\svchost.exe[1760]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\svchost.exe[1760]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[1760]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[1760]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[1760]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\svchost.exe[1760]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\svchost.exe[1760]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[1760]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\svchost.exe[1760] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1808] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\Ati2evxx.exe[1808] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1808]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1808]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\Ati2evxx.exe[1808]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1808]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\Ati2evxx.exe[1808]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1808]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003901D4
.text C:\WINDOWS\system32\Ati2evxx.exe[1808]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1808]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\Ati2evxx.exe[1808]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 0039015C
.text C:\WINDOWS\system32\Ati2evxx.exe[1808]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 00390198
.text C:\WINDOWS\system32\Ati2evxx.exe[1808]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\Ati2evxx.exe[1808]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 0039006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1808]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868] ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868] ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 015301D4
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 015300E4
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 01530120
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 0153015C
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 01530198
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868] ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 01530030
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868] ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 0153006C
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868] ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 015300A8
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 015400E4
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 01540120
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 015400A8
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868] USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 01540030
.text C:\Program Files\Flip
Video\FlipShare\FlipShareService.exe[1868] USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 0154006C
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 008301D4
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 008300E4
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 00830120
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 0083015C
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 00830198
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 00830030
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 0083006C
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 008300A8
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 008400E4
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 00840120
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 008400A8
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 00840030
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Smc.exe[1900] USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 0084006C
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003800E4
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 00380120
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003800A8
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 00380030
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 0038006C
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 00390120
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 00390198
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 00390030
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\HP\Button Manager\BM.exe[1928]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988] ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988] ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988]
USER32.dll!SetWindowsHookExW 7E42820F
5 Bytes JMP 009C00E4
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988]
USER32.dll!UnhookWindowsHookEx 7E42D5F3
5 Bytes JMP 009C0120
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988]
USER32.dll!SetWindowsHookExA 7E431211
5 Bytes JMP 009C00A8
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988]
USER32.dll!SetWinEventHook 7E4317F7
5 Bytes JMP 009C0030
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988]
USER32.dll!UnhookWinEvent 7E4318AC
5 Bytes JMP 009C006C
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988]
ADVAPI32.dll!SetServiceObjectSecurity 77E36D81
5 Bytes JMP 009D01D4
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988]
ADVAPI32.dll!ChangeServiceConfigA 77E36E69
5 Bytes JMP 009D00E4
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988]
ADVAPI32.dll!ChangeServiceConfigW 77E37001
5 Bytes JMP 009D0120
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988]
ADVAPI32.dll!ChangeServiceConfig2A 77E37101
5 Bytes JMP 009D015C
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988]
ADVAPI32.dll!ChangeServiceConfig2W 77E37189
5 Bytes JMP 009D0198
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988]
ADVAPI32.dll!CreateServiceA 77E37211
5 Bytes JMP 009D0030
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988]
ADVAPI32.dll!CreateServiceW 77E373A9
5 Bytes JMP 009D006C
.text C:\Program Files\Flip
Video\FlipShareServer\FlipShareServer.exe[1988]
ADVAPI32.dll!DeleteService 77E374B1
5 Bytes JMP 009D00A8
.text C:\WINDOWS\system32\WLTRAY.exe[2096] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\WLTRAY.exe[2096] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\WLTRAY.exe[2096]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\WLTRAY.exe[2096]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\WLTRAY.exe[2096]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\WLTRAY.exe[2096] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\WLTRAY.exe[2096] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 0039006C
.text C:\WINDOWS\system32\WLTRAY.exe[2096]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003A01D4
.text C:\WINDOWS\system32\WLTRAY.exe[2096]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003A00E4
.text C:\WINDOWS\system32\WLTRAY.exe[2096]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 003A0120
.text C:\WINDOWS\system32\WLTRAY.exe[2096]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 003A015C
.text C:\WINDOWS\system32\WLTRAY.exe[2096]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 003A0198
.text C:\WINDOWS\system32\WLTRAY.exe[2096]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 003A0030
.text C:\WINDOWS\system32\WLTRAY.exe[2096]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\WLTRAY.exe[2096] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 003A00A8
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003D01D4
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003D00E4
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 003D0120
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 003D015C
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 003D0198
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 003D0030
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 003D006C
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003D00A8
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003E00E4
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 003E0120
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003E00A8
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 003E0030
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\SmcGui.exe[2260] USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 003E006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[2540]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003801D4
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003800E4
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 00380120
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 0038015C
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 00380198
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 00380030
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 0038006C
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003800A8
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE[2608] USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 0039006C
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 00390120
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 00390198
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 00390030
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe[2676]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704] ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 000D0030
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704] ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 000D006C
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704]
ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5
Bytes JMP 003301D4
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704]
ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5
Bytes JMP 003300E4
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704]
ADVAPI32.dll!ChangeServiceConfigW 77E37001 5
Bytes JMP 00330120
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704]
ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5
Bytes JMP 0033015C
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704]
ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5
Bytes JMP 00330198
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704]
ADVAPI32.dll!CreateServiceA 77E37211 5
Bytes JMP 00330030
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704]
ADVAPI32.dll!CreateServiceW 77E373A9 5
Bytes JMP 0033006C
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704]
ADVAPI32.dll!DeleteService 77E374B1 5
Bytes JMP 003300A8
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704]
USER32.dll!SetWindowsHookExW 7E42820F 5
Bytes JMP 003400E4
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704]
USER32.dll!UnhookWindowsHookEx 7E42D5F3 5
Bytes JMP 00340120
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704]
USER32.dll!SetWindowsHookExA 7E431211 5
Bytes JMP 003400A8
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704]
USER32.dll!SetWinEventHook 7E4317F7 5
Bytes JMP 00340030
.text C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2704] USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 0034006C
.text C:\WINDOWS\system32\HPZipm12.exe[2724] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\HPZipm12.exe[2724] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\HPZipm12.exe[2724]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003801D4
.text C:\WINDOWS\system32\HPZipm12.exe[2724]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\HPZipm12.exe[2724]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\HPZipm12.exe[2724]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 0038015C
.text C:\WINDOWS\system32\HPZipm12.exe[2724]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 00380198
.text C:\WINDOWS\system32\HPZipm12.exe[2724]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\HPZipm12.exe[2724]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\HPZipm12.exe[2724]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\HPZipm12.exe[2724]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\HPZipm12.exe[2724]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\HPZipm12.exe[2724]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\HPZipm12.exe[2724]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\HPZipm12.exe[2724]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 0039006C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 002C006C
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00150030
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0015006C
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 004701D4
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 004700E4
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 00470120
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 0047015C
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 00470198
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 00470030
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 0047006C
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 004700A8
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 004800E4
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 00480120
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 004800A8
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 00480030
.text C:\Program
Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2768]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 0048006C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 0039006C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003A01D4
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003A00E4
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 003A0120
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 003A015C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 003A0198
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 003A0030
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 003A006C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2860]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003A00A8
.text C:\Program Files\Microsoft SQL
Server\90\Shared\sqlbrowser.exe[2892] ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00090030
.text C:\Program Files\Microsoft SQL
Server\90\Shared\sqlbrowser.exe[2892] ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0009006C
.text C:\Program Files\Microsoft SQL
Server\90\Shared\sqlbrowser.exe[2892]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 002D01D4
.text C:\Program Files\Microsoft SQL
Server\90\Shared\sqlbrowser.exe[2892]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 002D00E4
.text C:\Program Files\Microsoft SQL
Server\90\Shared\sqlbrowser.exe[2892]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 002D0120
.text C:\Program Files\Microsoft SQL
Server\90\Shared\sqlbrowser.exe[2892]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 002D015C
.text C:\Program Files\Microsoft SQL
Server\90\Shared\sqlbrowser.exe[2892]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 002D0198
.text C:\Program Files\Microsoft SQL
Server\90\Shared\sqlbrowser.exe[2892] ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 002D0030
.text C:\Program Files\Microsoft SQL
Server\90\Shared\sqlbrowser.exe[2892] ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 002D006C
.text C:\Program Files\Microsoft SQL
Server\90\Shared\sqlbrowser.exe[2892] ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 002D00A8
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068] ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 000D0030
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068] ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 000D006C
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003101D4
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068] ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003100E4
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068] ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 00310120
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 0031015C
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 00310198
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068] ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 00310030
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068] ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 0031006C
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068] ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003100A8
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068] USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003200E4
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068] USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 00320120
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068] USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003200A8
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068] USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 00320030
.text c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe[3068] USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 0032006C
.text C:\WINDOWS\system32\svchost.exe[3084] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[3084] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[3084]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[3084]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[3084]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[3084]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[3084]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[3084]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[3084]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[3084]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[3084]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[3084]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[3084]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[3084]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[3084] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003B01D4
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003B00E4
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 003B0120
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 003B015C
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 003B0198
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 003B0030
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 003B006C
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003B00A8
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003C00E4
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 003C0120
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003C00A8
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 003C0030
.text C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\SWGVCSvc.exe[3148] USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 003C006C
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003B01D4
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003B00E4
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 003B0120
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 003B015C
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 003B0198
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 003B0030
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 003B006C
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003B00A8
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003C00E4
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 003C0120
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003C00A8
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 003C0030
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[3208]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 003C006C
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 007101D4
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 007100E4
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 00710120
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 0071015C
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 00710198
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 00710030
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 0071006C
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 007100A8
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 007200E4
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 00720120
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 007200A8
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 00720030
.text C:\Program Files\Symantec\Symantec Endpoint
Protection\Rtvscan.exe[3324] USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 0072006C
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
ntdll.dll!LdrLoadDll
7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
ntdll.dll!LdrUnloadDll
7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
USER32.dll!UnhookWinEvent
7E4318AC 5 Bytes JMP 0039006C
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 003A01D4
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 003A00E4
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 003A0120
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 003A015C
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 003A0198
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 003A0030
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 003A006C
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3464]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 003A00A8
.text C:\WINDOWS\System32\svchost.exe[3672] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[3672] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[3672]
ADVAPI32.dll!SetServiceObjectSecurity
77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\svchost.exe[3672]
ADVAPI32.dll!ChangeServiceConfigA
77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[3672]
ADVAPI32.dll!ChangeServiceConfigW
77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[3672]
ADVAPI32.dll!ChangeServiceConfig2A
77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\svchost.exe[3672]
ADVAPI32.dll!ChangeServiceConfig2W
77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\svchost.exe[3672]
ADVAPI32.dll!CreateServiceA
77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[3672]
ADVAPI32.dll!CreateServiceW
77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[3672]
ADVAPI32.dll!DeleteService
77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[3672]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\svchost.exe[3672]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\svchost.exe[3672]
USER32.dll!SetWindowsHookExA
7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[3672]
USER32.dll!SetWinEventHook
7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\svchost.exe[3672] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Internet Explorer\iexplore.exe[3772]
USER32.dll!DialogBoxParamW
7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll
(Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3772]
USER32.dll!SetWindowsHookExW
7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll
(Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3772]
USER32.dll!CallNextHookEx
7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll
(Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3772]
USER32.dll!CreateWindowExW
7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll
(Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3772]
USER32.dll!UnhookWindowsHookEx
7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll
(Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3772]
USER32.dll!DialogBoxIndirectParamW
7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll
(Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3772]
USER32.dll!MessageBoxIndirectA
7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll
(Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3772]
USER32.dll!DialogBoxParamA
7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll
(Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3772]
USER32.dll!MessageBoxExW

PetersonMe 0 Newbie Poster · Answer 5 · 2011-08-03T07:56:15+00:00

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by MBrakstad at 16:40:12 on 2011-08-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1126
[GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec Endpoint Protection *Enabled/Outdated*
{FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\a la mode\Sched\eSched.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
C:\Program Files\HP\Button Manager\BM.exe
C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z014&form=ZGAPHP
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -
c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} -
c:\program files\avast software\avast\aswWebRepIE.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Skype add-on for Internet Explorer:
{ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program
files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper:
{dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program
files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class:
{e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program
files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program
files\avast software\avast\aswWebRepIE.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [doubleTwist] c:\program files\doubletwist
2.0\DoubleTwist.DeviceHelper.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major
Audio\WDM\stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [dellsupportcenter] "c:\program files\dell support
center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ArcSoft Connection Service] c:\program files\common
files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [The Assistant] c:\program files\a la mode\sched\eSched.exe
mRun: [SonicWALLNetExtender] c:\program
files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI -clearReboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java
update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\camera~1.lnk
- c:\program files\pixela\everio mediabrowser hd
edition\MBCameraMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpbutt~1.lnk
- c:\program files\hp\button manager\BM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\magic-i.lnk
- c:\program files\arcsoft\magic-i 3\Magic-i.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program
files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program
files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} -
hxxp://picasaweb.google.com/s/v/61.07/uploader2.cab
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://24.43.243.2:4433/NELX.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} -
hxxp://tempo5.sandicor.com/5.1.01.9506/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} -
hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{247EEDB3-DFAC-4454-8F7F-ED5BED4466FE} :
DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8}
- c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mbrakstad\application
data\mozilla\firefox\profiles\njz0b7x9.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage -
hxxp://www.bing.com/?pc=Z014&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z014&form=ZGAADF&q=
FF - component: c:\program files\mozilla
firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program
files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox:
{AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla
firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -
c:\program files\mozilla
firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} -
c:\program files\mozilla
firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant:
{20a82645-c095-46ed-80e3-08825760534b} -
c:\windows\microsoft.net\framework\v3.5\windows presentation
foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program
files\java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast
software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant:
{20a82645-c095-46ed-80e3-08825760534b} -
%profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: GamePlayLabs Plugin: plugin@gameplaylabs.com -
%profile%\extensions\plugin@gameplaylabs.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-14 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-14 301528]
R1 SWIPsec;SonicWALL IPsec
Driver;c:\windows\system32\drivers\SWIPsec.sys [2010-4-5 87064]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-14 19544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common
files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-5
112688]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20071217.032\NAVENG.SYS
[2010-4-5 81232]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20071217.032\NAVEX15.SYS
[2010-4-5 865904]
R3 SSLDrv;SSL-VPN NetExtender
Adapter;c:\windows\system32\drivers\SSLDrv.sys [2009-2-23 20504]
S3 SWVNIC;SonicWALL Virtual
Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016]
S4 vsdatant;vsdatant;a --> a [?]
.
=============== Created Last 30 ================
.
2011-08-02 21:38:51 -------- d-----w- c:\documents and
settings\mbrakstad\application data\Malwarebytes
2011-08-02 21:38:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-02 21:38:25 -------- d-----w- c:\documents and settings\all
users\application data\Malwarebytes
2011-08-02 21:38:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 21:38:21 -------- d-----w- c:\program files\Malwarebytes'
Anti-Malware
.
==================== Find3M ====================
.
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:42:08.37 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/5/2010 8:27:54 AM
System Uptime: 8/2/2011 3:56:09 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0UW744
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53 | Socket
M2/S1G1 | 1695/200mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
AiO_Scan
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i 3
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
avast! Free Antivirus
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Cheetah DVD Burner
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Dell ResourceCD
Dell Support Center (Support Software)
Dell Wireless WLAN Card
Digital Photo Navigator 1.5
Everio MediaBrowser HD Edition
FirstClass® Client
FlipShare
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Button Manager
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Webcam User’s Guide
iSEEK AnswerWorks English Runtime
iTunes
Java Auto Updater
Java(TM) 6 Update 24
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ALAMODE)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
PDF-XChange 3
Picasa 3
PrimoPDF -- brought to you by Nitro PDF Software
QFolder
QuickSet
QuickTime
Scan
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Skype Toolbars
Skype™ 4.2
SonicWALL Global VPN Client
SonicWALL SSL-VPN NetExtender
Symantec Endpoint Protection
Synaptics Pointing Device Driver
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
8/2/2011 4:00:52 PM, error: Service Control Manager [7009] - Timeout
(30000 milliseconds) waiting for the LiveUpdate service to connect.
8/2/2011 4:00:52 PM, error: Service Control Manager [7000] - The
LiveUpdate service failed to start due to the following error: The
service did not respond to the start or control request in a timely
fashion.
8/2/2011 4:00:52 PM, error: DCOM [10005] - DCOM got error "%1053"
attempting to start the service LiveUpdate with arguments "" in order
to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
8/2/2011 12:08:51 PM, error: Service Control Manager [7011] - Timeout
(30000 milliseconds) waiting for a transaction response from the
Schedule service.
8/2/2011 12:02:01 PM, error: Service Control Manager [7011] - Timeout
(30000 milliseconds) waiting for a transaction response from the
W32Time service.
8/2/2011 11:54:12 AM, error: atapi [9] - The device,
\Device\Ide\IdePort0, did not respond within the timeout period.
8/1/2011 1:00:57 PM, error: Service Control Manager [7011] - Timeout
(30000 milliseconds) waiting for a transaction response from the SENS
service.
7/30/2011 10:41:30 AM, error: System Error [1003] - Error code
1000008e, parameter1 c0000005, parameter2 bf9552ca, parameter3
ac8e9c00, parameter4 00000000.
7/30/2011 10:22:24 AM, error: NETLOGON [5719] - No Domain Controller
is available for domain FPS due to the following: There are currently
no logon servers available to service the logon request. . Make sure
that the computer is connected to the network and try again. If the
problem persists, please contact your domain administrator.
7/29/2011 4:51:11 PM, error: BROWSER [8007] - The browser was unable
to update the service status bits. The data is the error.
7/28/2011 9:58:33 AM, error: Dhcp [1002] - The IP address lease
192.168.1.6 for the Network Card with network address 001BFCDE30A5 has
been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).
7/28/2011 1:28:10 PM, error: Dhcp [1002] - The IP address lease
192.168.1.110 for the Network Card with network address 001BFCDE30A5
has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a
DHCPNACK message).
7/28/2011 1:11:07 PM, error: Service Control Manager [7016] - The
MgiSvr service has reported an invalid current state 32.
7/28/2011 1:10:18 PM, error: Service Control Manager [7034] - The
FlipShare Service service terminated unexpectedly. It has done this 1
time(s).
7/27/2011 10:18:21 PM, error: Dhcp [1002] - The IP address lease
192.168.1.3 for the Network Card with network address 001BFCDE30A5 has
been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a
DHCPNACK message).
7/26/2011 10:15:42 AM, error: System Error [1003] - Error code
0000009c, parameter1 00000004, parameter2 8054e5f0, parameter3
b2000010, parameter4 00010c0f.
7/26/2011 10:09:44 AM, error: Service Control Manager [7024] - The
SQL Server (ALAMODE) service terminated with service-specific error
1814 (0x716).
7/26/2011 10:09:44 AM, error: Dhcp [1002] - The IP address lease
192.168.1.2 for the Network Card with network address 001BFCDE30A5 has
been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a
DHCPNACK message).
.
==== End Of File ===========================

PetersonMe 0 Newbie Poster · Answer 6 · 2011-08-03T07:57:04+00:00

PetersonMe 0 Newbie Poster

12 Years Ago

:)

PetersonMe 0 Newbie Poster · Answer 7 · 2011-08-04T09:08:44+00:00

OTL Extras logfile created on: 8/3/2011 7:39:35 PM - Run 1
Extras.txt log

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\mbrakstad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 64.07% Memory free
3.72 Gb Paging File | 3.10 Gb Available in Paging File | 83.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"24726:TCP" = 24726:TCP:*:Enabled:FlipShareServer
"24727:TCP" = 24727:TCP:*:Enabled:FlipShareServer

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe" = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe:*:Enabled:SonicWALL Global VPN Client -- (SonicWALL, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\a la mode\Sched\eSched.exe" = C:\Program Files\a la mode\Sched\eSched.exe:*:Enabled:a la mode Assistant -- (a la mode, inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ALAMODE)
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{40624553-811E-400E-B69B-38D8926A66BD}" = SonicWALL Global VPN Client
"{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}" = Everio MediaBrowser HD Edition
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CA634931-0CC3-4067-ABCC-7182E1DC23B7}" = HP Button Manager
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D31612BB-C6D7-4142-96AE-16DB062354CF}" = HP Webcam User’s Guide
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}" = ATI Catalyst Control Center
"{FAB046D7-C187-4648-A1A9-FC875F7E3FCE}" = ArcSoft Magic-i 3
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"HP Photo & Imaging" = HP Image Zone 4.7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"PDF-XChange 3_is1" = PDF-XChange 3
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"SonicWALL SSL-VPN NetExtender" = SonicWALL SSL-VPN NetExtender
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2009" = TurboTax 2009
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2011 3:35:33 PM | Computer Name = INSPIRON1501 | Source = Symantec AntiVirus | ID = 16711754
Description =

Error - 8/2/2011 6:57:31 PM | Computer Name = INSPIRON1501 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/2/2011 6:57:32 PM | Computer Name = INSPIRON1501 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/2/2011 6:57:36 PM | Computer Name = INSPIRON1501 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/2/2011 8:01:28 PM | Computer Name = INSPIRON1501 | Source = Symantec AntiVirus | ID = 16711754
Description =

Error - 8/3/2011 10:10:18 PM | Computer Name = INSPIRON1501 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/3/2011 10:21:45 PM | Computer Name = INSPIRON1501 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 8/3/2011 10:29:42 PM | Computer Name = INSPIRON1501 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/3/2011 10:29:42 PM | Computer Name = INSPIRON1501 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/3/2011 10:29:45 PM | Computer Name = INSPIRON1501 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ System Events ]
Error - 8/2/2011 8:00:17 PM | Computer Name = INSPIRON1501 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.

Error - 8/3/2011 10:10:15 PM | Computer Name = INSPIRON1501 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain FPS due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 8/3/2011 10:10:26 PM | Computer Name = INSPIRON1501 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/3/2011 10:10:28 PM | Computer Name = INSPIRON1501 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/3/2011 10:10:32 PM | Computer Name = INSPIRON1501 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/3/2011 10:13:46 PM | Computer Name = INSPIRON1501 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/3/2011 10:28:22 PM | Computer Name = INSPIRON1501 | Source = Service Control Manager | ID = 7016
Description = The MgiSvr service has reported an invalid current state 32.

Error - 8/3/2011 10:29:42 PM | Computer Name = INSPIRON1501 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain FPS due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 8/3/2011 10:31:19 PM | Computer Name = INSPIRON1501 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/3/2011 10:46:23 PM | Computer Name = INSPIRON1501 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

< End of report >

PetersonMe 0 Newbie Poster · Answer 8 · 2011-08-04T10:20:56+00:00

Last one - ESET log. AND THANK YOU SO VERY, VERY MUCH FOR YOUR TIME!

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=198198a4ae8c7240a77c81f5396fbc6d
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-04 04:10:41
# local_time=2011-08-03 09:10:41 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=73378
# found=0
# cleaned=0
# scan_time=3440

PetersonMe 0 Newbie Poster · Answer 9 · 2011-08-04T22:45:20+00:00

Sorry about that - here is the last log - and as always THANK YOU SO MUCH FOR YOUR TIME!

OTL logfile created on: 8/3/2011 7:38:52 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and

Settings\mbrakstad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 64.07% Memory free
3.72 Gb Paging File | 3.10 Gb Available in Paging File | 83.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

========== Processes (SafeList) ==========

PRC - [2011/08/03 19:37:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mbrakstad\Desktop\OTL.exe
PRC - [2011/02/23 07:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/25 16:05:18 | 000,304,976 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
PRC - [2009/03/25 16:05:16 | 000,710,480 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
PRC - [2009/03/05 23:57:56 | 000,227,352 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
PRC - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/11/13 14:06:30 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
PRC - [2008/06/17 19:04:42 | 000,249,856 | ---- | M] () -- C:\Program Files\HP\Button Manager\BM.exe
PRC - [2008/05/21 13:33:32 | 000,530,944 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/04/16 09:18:04 | 000,099,840 | ---- | M] (a la mode, inc.) -- C:\Program Files\a la mode\Sched\eSched.exe
PRC - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (SafeList) ==========

MOD - [2011/08/03 19:37:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mbrakstad\Desktop\OTL.exe
MOD - [2011/02/23 07:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/03/25 16:05:18 | 000,304,976 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe -- (SONICWALL_NetExtender)
SRV - [2009/03/05 23:57:56 | 000,227,352 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/02/23 06:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 06:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 06:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 06:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 06:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 06:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 06:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/03/05 23:58:12 | 000,087,064 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SWIPsec.sys -- (SWIPsec)
DRV - [2009/03/04 18:03:32 | 000,021,016 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWVNIC.sys -- (SWVNIC)
DRV - [2009/02/23 14:55:34 | 000,020,504 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/07/02 15:08:08 | 000,015,616 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/16 18:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/11 21:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 11:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z014&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 D3 A1 46 93 CF CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110209,16898,0,8,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z014&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: plugin@gameplaylabs.com:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z014&form=ZGAADF&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/14 12:38:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/16 23:37:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/29 09:40:42 | 000,000,000 | ---D | M]

[2010/07/17 09:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Extensions
[2010/07/17 09:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2011/05/11 09:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Firefox\Profiles\njz0b7x9.default\extensions
[2010/06/19 21:09:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Firefox\Profiles\njz0b7x9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/23 08:18:32 | 000,000,000 | ---D | M] (GamePlayLabs Plugin) -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Firefox\Profiles\njz0b7x9.default\extensions\plugin@gameplaylabs.com
[2011/02/23 08:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Firefox\Profilesnjz0b7x9.default\extensions
[2011/02/23 08:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Firefox\Profilesnjz0b7x9.default\extensions\plugin@gameplaylabs.com
[2011/02/23 08:18:45 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Firefox\Profiles\njz0b7x9.default\searchplugins\bing-zugo.xml
[2011/05/11 09:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/20 20:02:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/07 17:15:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/02/19 19:18:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/14 12:38:01 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/08/07 17:14:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKLM..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
O4 - HKCU..\Run: [doubleTwist] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camera Monitor HD.lnk = C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Button Manager.lnk = C:\Program Files\HP\Button Manager\BM.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Magic-i.lnk = C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe (ArcSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/61.07/uploader2.cab (UploadListView Class)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://24.43.243.2:4433/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://tempo5.sandicor.com/5.1.01.9506/Control/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://realist2.firstamres.com/mapviewer/mapviewer.cab (First American Res MapActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = francisparker.org
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mbrakstad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mbrakstad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/05 08:25:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{dc47171d-6dc8-11df-a3b3-001c2388666d}\Shell - "" = AutoRun
O33 - MountPoints2\{dc47171d-6dc8-11df-a3b3-001c2388666d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc47171d-6dc8-11df-a3b3-001c2388666d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\{f9648120-861a-11e0-a45b-001c2388666d}\Shell - "" = AutoRun
O33 - MountPoints2\{f9648120-861a-11e0-a45b-001c2388666d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9648120-861a-11e0-a45b-001c2388666d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 19:36:59 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mbrakstad\Desktop\OTL.exe
[2011/08/02 14:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mbrakstad\Application Data\Malwarebytes
[2011/08/02 14:38:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/02 14:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/02 14:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/02 14:38:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/02 14:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 11:48:54 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\mbrakstad\Desktop\mbam-setup-1.51.1.1800.exe
[2010/10/26 07:23:54 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\System32\alauploader.exe
[2010/10/26 07:23:54 | 000,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll
[2010/10/26 07:23:54 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/03 19:44:02 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{83A79C1E-4856-4D34-83AE-DC7220843E36}.job
[2011/08/03 19:43:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{97DAEB32-8ECC-4C56-A29F-48177D4991CD}.job
[2011/08/03 19:37:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mbrakstad\Desktop\OTL.exe
[2011/08/03 19:33:11 | 000,050,899 | ---- | M] () -- C:\WINDOWS\alaredun.ini
[2011/08/03 19:32:18 | 000,001,378 | ---- | M] () -- C:\WINDOWS\alamode.ini
[2011/08/03 19:31:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/03 19:29:47 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/03 19:29:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/02 16:53:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/02 14:38:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 11:49:08 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\mbrakstad\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/02 11:48:02 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\mbrakstad\Desktop\khpppwg7.exe
[2011/08/02 10:04:10 | 000,000,058 | ---- | M] () -- C:\Documents and Settings\mbrakstad\Desktop\GMER Rootkit Scanner.url
[2011/08/02 10:04:00 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\mbrakstad\Desktop\DDS by sUBs.url
[2011/08/02 10:03:51 | 000,000,071 | ---- | M] () -- C:\Documents and Settings\mbrakstad\Desktop\ATF-Cleaner.exe by Atribune.url
[2011/07/30 19:27:02 | 000,005,195 | ---- | M] () -- C:\Documents and Settings\mbrakstad\Desktop\Peterson_Boston Terrier Rescue.xml
[2011/07/30 13:42:39 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\mbrakstad\My Documents\Default.rdp
[2011/07/28 15:27:53 | 023,555,512 | ---- | M] () -- C:\Documents and Settings\mbrakstad\Desktop\9th History Summer Assignment.pdf
[2011/07/23 23:29:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/23 22:22:19 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/17 09:23:40 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/17 09:18:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/16 16:55:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/02 14:38:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 11:47:57 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\mbrakstad\Desktop\khpppwg7.exe
[2011/08/02 10:04:10 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\mbrakstad\Desktop\GMER Rootkit Scanner.url
[2011/08/02 10:04:00 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\mbrakstad\Desktop\DDS by sUBs.url
[2011/08/02 10:03:51 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\mbrakstad\Desktop\ATF-Cleaner.exe by Atribune.url
[2011/07/30 19:27:02 | 000,005,195 | ---- | C] () -- C:\Documents and Settings\mbrakstad\Desktop\Peterson_Boston Terrier Rescue.xml
[2011/07/28 15:27:51 | 023,555,512 | ---- | C] () -- C:\Documents and Settings\mbrakstad\Desktop\9th History Summer Assignment.pdf
[2011/07/24 00:29:27 | 000,050,899 | ---- | C] () -- C:\WINDOWS\alaredun.ini
[2011/04/26 12:04:31 | 000,221,696 | ---- | C] () -- C:\WINDOWS\System32\vid_conv2.dll
[2011/04/26 12:04:31 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\vid_core2.dll
[2011/04/26 12:04:29 | 006,088,192 | ---- | C] () -- C:\WINDOWS\System32\vid_trans2.dll
[2011/04/26 12:04:29 | 000,731,136 | ---- | C] () -- C:\WINDOWS\System32\vid_format2.dll
[2011/04/26 12:04:29 | 000,069,560 | ---- | C] () -- C:\WINDOWS\System32\vid_multi2.dll
[2011/04/26 12:04:28 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
[2011/04/26 12:04:27 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
[2011/04/26 12:04:26 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2011/04/26 12:04:26 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2011/04/26 12:04:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/04/26 12:04:26 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2011/04/26 12:04:26 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2011/04/26 12:04:26 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2010/10/26 13:04:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\SQLrepair.ini
[2010/10/26 07:46:58 | 000,000,092 | ---- | C] () -- C:\WINDOWS\MercuryWT.ini
[2010/10/26 07:46:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mercury.ini
[2010/10/26 07:23:59 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll
[2010/10/26 07:23:59 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\UnlockFile.exe
[2010/10/26 07:23:59 | 000,010,660 | ---- | C] () -- C:\WINDOWS\TECHHELP5.INI
[2010/10/26 07:23:58 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\SmaRTEng.dll
[2010/10/26 07:23:58 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2010/10/26 07:23:57 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll
[2010/10/26 07:23:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll
[2010/10/26 07:23:55 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFfpx7.dll
[2010/10/26 07:23:55 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKodak.dll
[2010/10/26 07:23:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\fmt_jb2.dll
[2010/10/26 07:23:55 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\fmt_xcx.dll
[2010/10/26 07:23:55 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\fmt_xmf.dll
[2010/10/26 07:23:55 | 000,000,313 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2010/10/26 07:23:54 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll
[2010/10/26 07:23:54 | 000,220,160 | ---- | C] () -- C:\WINDOWS\System32\Carcla30.dll
[2010/10/26 07:23:54 | 000,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll
[2010/10/26 07:23:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll
[2010/10/26 07:23:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll
[2010/10/26 07:23:54 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\alavistautils.dll
[2010/10/26 07:23:54 | 000,001,597 | ---- | C] () -- C:\WINDOWS\System32\alaUploader.exe.config
[2010/10/26 07:23:53 | 001,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll
[2010/10/26 07:23:53 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll
[2010/10/26 07:23:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch2.dll
[2010/10/26 07:23:53 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch.dll
[2010/10/26 07:23:52 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll
[2010/10/26 07:21:33 | 000,001,378 | ---- | C] () -- C:\WINDOWS\alamode.ini
[2010/10/20 13:37:29 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/09/21 14:45:08 | 000,161,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/18 17:22:03 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/18 15:23:25 | 000,056,932 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/20 20:21:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/07 14:43:43 | 000,068,300 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/06/07 14:43:43 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/04/27 09:14:54 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\mbrakstad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/05 11:14:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/05 10:47:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/05 10:40:35 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2010/04/05 10:21:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/05 10:13:43 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/04/05 10:13:42 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/04/05 10:12:23 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/04/05 10:12:21 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/04/05 10:12:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/04/05 08:28:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/05 08:21:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/05 01:15:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/05 01:14:22 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\missouri.dll
[2005/03/21 16:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 16:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,501,664 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,094,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/10/26 10:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2011/04/14 12:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/07/18 17:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2010/04/05 10:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2011/04/22 12:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/04/05 10:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/04/05 10:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/04/26 13:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2010/04/05 10:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/07/17 10:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/17 11:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/12 12:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mbrakstad\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/22 12:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mbrakstad\Application Data\Flip Video
[2010/07/18 14:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mbrakstad\Application Data\FreeAudioPack
[2010/07/18 17:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mbrakstad\Application Data\iCopyExpert
[2010/10/28 16:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mbrakstad\Application Data\PrimoPDF
[2010/07/17 09:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mbrakstad\Application Data\Songbird2
[2011/08/03 19:44:02 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{83A79C1E-4856-4D34-83AE-DC7220843E36}.job
[2011/08/03 19:43:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{97DAEB32-8ECC-4C56-A29F-48177D4991CD}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/04/05 09:03:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/04/05 09:03:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/04/05 09:03:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/04/05 09:03:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 03:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/02/21 15:44:30 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 17:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2006/03/16 17:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2010/04/05 01:13:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/04/05 01:13:30 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/04/05 01:13:30 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< End of report >

PetersonMe 0 Newbie Poster · Answer 10 · 2011-08-05T03:13:53+00:00

Log after run fix

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\doubleTwist deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 41941 bytes

User: All Users

User: Default User
->Flash cache emptied: 41620 bytes

User: LocalService

User: mbrakstad
->Flash cache emptied: 266211 bytes

User: NetworkService

User: ParkerTech

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 4042156 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: mbrakstad
->Temp folder emptied: 1395312258 bytes
->Temporary Internet Files folder emptied: 39356254 bytes
->Java cache emptied: 2926868 bytes
->FireFox cache emptied: 76321651 bytes
->Google Chrome cache emptied: 44509962 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: ParkerTech
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 2832913 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50385 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 106075451 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,596.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 08042011_135453

Files\Folders moved on Reboot...
C:\Documents and Settings\mbrakstad\Local Settings\Temporary Internet Files\Content.IE5\L2M2YD28\like[1].htm moved successfully.
C:\Documents and Settings\mbrakstad\Local Settings\Temporary Internet Files\Content.IE5\L2M2YD28\like[2].htm moved successfully.
C:\Documents and Settings\mbrakstad\Local Settings\Temporary Internet Files\Content.IE5\L2M2YD28\like[3].htm moved successfully.
C:\Documents and Settings\mbrakstad\Local Settings\Temporary Internet Files\Content.IE5\KD57KK8S\page2[1].htm moved successfully.
C:\Documents and Settings\mbrakstad\Local Settings\Temporary Internet Files\Content.IE5\9AEV0RP4\fastbutton[2].htm moved successfully.
C:\Documents and Settings\mbrakstad\Local Settings\Temporary Internet Files\Content.IE5\9AEV0RP4\ziffdavis-dest[1].htm moved successfully.
File move failed. C:\Documents and Settings\mbrakstad\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_3e0.dat not found!

Registry entries deleted on Reboot...

PetersonMe 0 Newbie Poster · Answer 11 · 2011-08-05T03:28:14+00:00

2 things - on reboot I still have those 2 devices that don't have drivers, and I forgot to tell you that I did uninstall Norton (again).

Log after quick scan:

OTL logfile created on: 8/4/2011 2:07:38 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\mbrakstad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 67.34% Memory free
3.72 Gb Paging File | 3.12 Gb Available in Paging File | 83.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

========== Processes (SafeList) ==========

PRC - [2011/08/03 19:37:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mbrakstad\Desktop\OTL.exe
PRC - [2011/02/23 07:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/25 16:05:18 | 000,304,976 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
PRC - [2009/03/25 16:05:16 | 000,710,480 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
PRC - [2009/03/05 23:57:56 | 000,227,352 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
PRC - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/11/13 14:06:30 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
PRC - [2008/06/17 19:04:42 | 000,249,856 | ---- | M] () -- C:\Program Files\HP\Button Manager\BM.exe
PRC - [2008/05/21 13:33:32 | 000,530,944 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/04/16 09:18:04 | 000,099,840 | ---- | M] (a la mode, inc.) -- C:\Program Files\a la mode\Sched\eSched.exe
PRC - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (SafeList) ==========

MOD - [2011/08/03 19:37:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mbrakstad\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/03/25 16:05:18 | 000,304,976 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe -- (SONICWALL_NetExtender)
SRV - [2009/03/05 23:57:56 | 000,227,352 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/02/23 06:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 06:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 06:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 06:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 06:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 06:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 06:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/03/05 23:58:12 | 000,087,064 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SWIPsec.sys -- (SWIPsec)
DRV - [2009/03/04 18:03:32 | 000,021,016 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWVNIC.sys -- (SWVNIC)
DRV - [2009/02/23 14:55:34 | 000,020,504 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/07/02 15:08:08 | 000,015,616 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/16 18:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/11 21:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 11:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z014&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 D3 A1 46 93 CF CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110209,16898,0,8,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z014&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: plugin@gameplaylabs.com:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z014&form=ZGAADF&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/14 12:38:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/16 23:37:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/29 09:40:42 | 000,000,000 | ---D | M]

[2010/07/17 09:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Extensions
[2010/07/17 09:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2011/05/11 09:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Firefox\Profiles\njz0b7x9.default\extensions
[2010/06/19 21:09:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Firefox\Profiles\njz0b7x9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/23 08:18:32 | 000,000,000 | ---D | M] (GamePlayLabs Plugin) -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Firefox\Profiles\njz0b7x9.default\extensions\plugin@gameplaylabs.com
[2011/02/23 08:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Firefox\Profilesnjz0b7x9.default\extensions
[2011/02/23 08:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Firefox\Profilesnjz0b7x9.default\extensions\plugin@gameplaylabs.com
[2011/02/23 08:18:45 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\mbrakstad\Application Data\Mozilla\Firefox\Profiles\njz0b7x9.default\searchplugins\bing-zugo.xml
[2011/05/11 09:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/20 20:02:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/07 17:15:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/02/19 19:18:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/14 12:38:01 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/08/07 17:14:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/08/04 13:56:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKLM..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camera Monitor HD.lnk = C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Button Manager.lnk = C:\Program Files\HP\Button Manager\BM.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Magic-i.lnk = C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe (ArcSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/61.07/uploader2.cab (UploadListView Class)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://24.43.243.2:4433/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://tempo5.sandicor.com/5.1.01.9506/Control/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://realist2.firstamres.com/mapviewer/mapviewer.cab (First American Res MapActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = francisparker.org
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mbrakstad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mbrakstad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/05 08:25:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{dc47171d-6dc8-11df-a3b3-001c2388666d}\Shell - "" = AutoRun
O33 - MountPoints2\{dc47171d-6dc8-11df-a3b3-001c2388666d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc47171d-6dc8-11df-a3b3-001c2388666d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\{f9648120-861a-11e0-a45b-001c2388666d}\Shell - "" = AutoRun
O33 - MountPoints2\{f9648120-861a-11e0-a45b-001c2388666d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9648120-861a-11e0-a45b-001c2388666d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/04 13:54:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/03 20:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/03 19:36:59 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mbrakstad\Desktop\OTL.exe
[2011/08/02 14:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mbrakstad\Application Data\Malwarebytes
[2011/08/02 14:38:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/02 14:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/02 14:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/02 14:38:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/02 14:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 11:48:54 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\mbrakstad\Desktop\mbam-setup-1.51.1.1800.exe
[2010/10/26 07:23:54 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\System32\alauploader.exe
[2010/10/26 07:23:54 | 000,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll
[2010/10/26 07:23:54 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll

========== Files - Modified Within 30 Days ==========

[2011/08/04 14:09:02 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{83A79C1E-4856-4D34-83AE-DC7220843E36}.job
[2011/08/04 14:08:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{97DAEB32-8ECC-4C56-A29F-48177D4991CD}.job
[2011/08/04 14:01:37 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/04 14:01:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/04 13:57:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/04 13:56:13 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/04 13:53:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/03 19:37:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mbrakstad\Desktop\OTL.exe
[2011/08/03 19:33:11 | 000,050,899 | ---- | M] () -- C:\WINDOWS\alaredun.ini
[2011/08/03 19:32:18 | 000,001,378 | ---- | M] () -- C:\WINDOWS\alamode.ini
[2011/08/02 14:38:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 11:49:08 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\mbrakstad\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/02 11:48:02 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\mbrakstad\Desktop\khpppwg7.exe
[2011/08/02 10:04:10 | 000,000,058 | ---- | M] () -- C:\Documents and Settings\mbrakstad\Desktop\GMER Rootkit Scanner.url
[2011/08/02 10:04:00 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\mbrakstad\Desktop\DDS by sUBs.url
[2011/08/02 10:03:51 | 000,000,071 | ---- | M] () -- C:\Documents and Settings\mbrakstad\Desktop\ATF-Cleaner.exe by Atribune.url
[2011/07/30 19:27:02 | 000,005,195 | ---- | M] () -- C:\Documents and Settings\mbrakstad\Desktop\Peterson_Boston Terrier Rescue.xml
[2011/07/30 13:42:39 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\mbrakstad\My Documents\Default.rdp
[2011/07/28 15:27:53 | 023,555,512 | ---- | M] () -- C:\Documents and Settings\mbrakstad\Desktop\9th History Summer Assignment.pdf
[2011/07/23 23:29:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/23 22:22:19 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/17 09:23:40 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/17 09:18:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/16 16:55:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/02 14:38:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 11:47:57 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\mbrakstad\Desktop\khpppwg7.exe
[2011/08/02 10:04:10 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\mbrakstad\Desktop\GMER Rootkit Scanner.url
[2011/08/02 10:04:00 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\mbrakstad\Desktop\DDS by sUBs.url
[2011/08/02 10:03:51 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\mbrakstad\Desktop\ATF-Cleaner.exe by Atribune.url
[2011/07/30 19:27:02 | 000,005,195 | ---- | C] () -- C:\Documents and Settings\mbrakstad\Desktop\Peterson_Boston Terrier Rescue.xml
[2011/07/28 15:27:51 | 023,555,512 | ---- | C] () -- C:\Documents and Settings\mbrakstad\Desktop\9th History Summer Assignment.pdf
[2011/07/24 00:29:27 | 000,050,899 | ---- | C] () -- C:\WINDOWS\alaredun.ini
[2011/04/26 12:04:31 | 000,221,696 | ---- | C] () -- C:\WINDOWS\System32\vid_conv2.dll
[2011/04/26 12:04:31 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\vid_core2.dll
[2011/04/26 12:04:29 | 006,088,192 | ---- | C] () -- C:\WINDOWS\System32\vid_trans2.dll
[2011/04/26 12:04:29 | 000,731,136 | ---- | C] () -- C:\WINDOWS\System32\vid_format2.dll
[2011/04/26 12:04:29 | 000,069,560 | ---- | C] () -- C:\WINDOWS\System32\vid_multi2.dll
[2011/04/26 12:04:28 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
[2011/04/26 12:04:27 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
[2011/04/26 12:04:26 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2011/04/26 12:04:26 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2011/04/26 12:04:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/04/26 12:04:26 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2011/04/26 12:04:26 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2011/04/26 12:04:26 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2010/10/26 13:04:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\SQLrepair.ini
[2010/10/26 07:46:58 | 000,000,092 | ---- | C] () -- C:\WINDOWS\MercuryWT.ini
[2010/10/26 07:46:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mercury.ini
[2010/10/26 07:23:59 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll
[2010/10/26 07:23:59 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\UnlockFile.exe
[2010/10/26 07:23:59 | 000,010,660 | ---- | C] () -- C:\WINDOWS\TECHHELP5.INI
[2010/10/26 07:23:58 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\SmaRTEng.dll
[2010/10/26 07:23:58 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2010/10/26 07:23:57 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll
[2010/10/26 07:23:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll
[2010/10/26 07:23:55 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFfpx7.dll
[2010/10/26 07:23:55 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKodak.dll
[2010/10/26 07:23:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\fmt_jb2.dll
[2010/10/26 07:23:55 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\fmt_xcx.dll
[2010/10/26 07:23:55 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\fmt_xmf.dll
[2010/10/26 07:23:55 | 000,000,313 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2010/10/26 07:23:54 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll
[2010/10/26 07:23:54 | 000,220,160 | ---- | C] () -- C:\WINDOWS\System32\Carcla30.dll
[2010/10/26 07:23:54 | 000,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll
[2010/10/26 07:23:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll
[2010/10/26 07:23:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll
[2010/10/26 07:23:54 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\alavistautils.dll
[2010/10/26 07:23:54 | 000,001,597 | ---- | C] () -- C:\WINDOWS\System32\alaUploader.exe.config
[2010/10/26 07:23:53 | 001,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll
[2010/10/26 07:23:53 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll
[2010/10/26 07:23:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch2.dll
[2010/10/26 07:23:53 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch.dll
[2010/10/26 07:23:52 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll
[2010/10/26 07:21:33 | 000,001,378 | ---- | C] () -- C:\WINDOWS\alamode.ini
[2010/10/20 13:37:29 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/09/21 14:45:08 | 000,161,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/18 17:22:03 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/18 15:23:25 | 000,056,932 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/20 20:21:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/07 14:43:43 | 000,068,300 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/06/07 14:43:43 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/04/27 09:14:54 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\mbrakstad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/05 11:14:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/05 10:47:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/05 10:40:35 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2010/04/05 10:21:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/05 10:13:43 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/04/05 10:13:42 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/04/05 10:12:23 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/04/05 10:12:21 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/04/05 10:12:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/04/05 08:28:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/05 08:21:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/05 01:15:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/05 01:14:22 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\missouri.dll
[2005/03/21 16:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 16:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,501,664 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,094,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/10/26 10:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2011/04/14 12:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/07/18 17:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2010/04/05 10:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2011/04/22 12:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/04/05 10:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/04/05 10:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/04/26 13:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2010/04/05 10:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/07/17 10:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/17 11:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/12 12:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mbrakstad\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/22 12:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mbrakstad\Application Data\Flip Video
[2010/07/18 14:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mbrakstad\Application Data\FreeAudioPack
[2010/07/18 17:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mbrakstad\Application Data\iCopyExpert
[2010/10/28 16:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mbrakstad\Application Data\PrimoPDF
[2010/07/17 09:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mbrakstad\Application Data\Songbird2
[2011/08/04 14:09:02 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{83A79C1E-4856-4D34-83AE-DC7220843E36}.job
[2011/08/04 14:08:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{97DAEB32-8ECC-4C56-A29F-48177D4991CD}.job

========== Purity Check ==========

< End of report >

PetersonMe 0 Newbie Poster · Answer 12 · 2011-08-05T23:10:09+00:00

Hi again - and thanks so much for your help so far. I tried to get the devices that were having problems to go out and get drivers, but it didn't work. So I looked on the Microsoft website and the trouble shooter suggested that restore the system to a date that everything worked. I chose a date about a month ago. It went through the restore process, but on the reboot it's stuck about 3/4 of the way through and I can't get it to reboot, or allow me to start in safe mode. Any ideas?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 13 · 2011-08-06T11:00:34+00:00

If you have your Windows installation CD we can do a repair of the Operating System?

HELP Glacial Pace Computer

Recommended Answers Collapse Answers

All 18 Replies

Recommended Answers