1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Incredibly slow, probably infected

Discussion in 'Virus & Other Malware Removal' started by ducksredux, Feb 15, 2013.

Thread Status:
Not open for further replies.
  1. ducksredux

    ducksredux Thread Starter

    Joined:
    Jan 5, 2005
    Messages:
    47
    Hiya. Helping out a friend with his Dell Inspiron 1521. Vista, 32-bit, 2 GB RAM. Everything running incredibly slow - programs can take over a minute to start up. In process explorer with no applications running the CPU will sometimes go up to 65% and stay high for a while before settling down. He has Norton installed and my first thought was that his antivirus itself was slowing everything down by overscanning any file/site that was opened, but after disabling all components the laptop was still excruciatingly slow. So Norton hasn't found any issues and I don't see any other manifestations of an infection, aside from the incredible slowness which makes me think perhaps some trojan is hijacking all the cpu time. Hoping someone can help or direct me somewhere where I can get help.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:44:18 PM, on 2/15/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\lorrytetigrosso\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15119
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80116
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80116
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80116
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80116
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
    R3 - URLSearchHook: (no name) - {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - (no file)
    R3 - URLSearchHook: (no name) - - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\IPS\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coIEPlg.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxdj_device - - C:\Windows\system32\lxdjcoms.exe
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8351 bytes

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16464
    Run by lorrytetigrosso at 13:48:45 on 2013-02-15
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.671 [GMT -5:00]
    .
    AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\lxdjcoms.exe
    C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\vssvc.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k wdisvc
    C:\Windows\System32\svchost.exe -k swprv
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=15119
    uWindow Title = Internet Explorer provided by Dell
    uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070810
    mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80116
    mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80116
    uURLSearchHooks: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - <orphaned>
    uURLSearchHooks: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - <orphaned>
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\20.2.0.19\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\20.2.0.19\ips\ipsbho.dll
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.2.0.19\coieplg.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 10.32.15.194 10.32.15.130 10.32.15.66 10.32.15.2
    TCP: Interfaces\{18C6D36A-6DB2-4A40-B0BC-6AC10890F3CA} : DHCPNameServer = 68.87.64.150 68.87.75.198
    TCP: Interfaces\{676764F8-533F-4A46-872F-076C8B24F026} : DHCPNameServer = 10.32.15.194 10.32.15.130 10.32.15.66 10.32.15.2
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1402000.013\symds.sys [2013-2-14 368288]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1402000.013\symefa.sys [2013-2-14 927904]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130208.001\BHDrvx86.sys [2013-2-8 997464]
    R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\1402000.013\ccsetx86.sys [2013-2-14 134304]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130214.001\IDSvix86.sys [2013-2-14 386720]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1402000.013\ironx86.sys [2013-2-14 175264]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1402000.013\symtdiv.sys [2013-2-14 350368]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-15 106656]
    .
    =============== File Associations ===============
    .
    ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2013-02-14 19:31:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-02-14 19:31:01 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-02-14 19:31:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
    2013-02-14 19:31:01 149528 ----a-w- c:\program files\internet explorer\sqmapi.dll
    2013-02-14 19:31:00 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
    2013-02-14 19:31:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-02-14 19:31:00 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-02-14 19:30:59 757280 ----a-w- c:\program files\internet explorer\iexplore.exe
    2013-02-14 19:30:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-02-14 19:30:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
    2013-02-14 19:30:58 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
    2013-02-14 19:30:58 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-14 19:30:37 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
    2013-02-14 18:41:05 2048512 ----a-w- c:\windows\system32\win32k.sys
    2013-02-14 18:40:45 1314816 ----a-w- c:\windows\system32\quartz.dll
    2013-02-14 18:36:24 -------- d-----w- c:\windows\pss
    2013-02-14 18:35:50 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-14 17:40:28 -------- d-----w- c:\program files\Sony Media Go Install
    2013-02-14 17:35:57 350368 ----a-r- c:\windows\system32\drivers\n360\1402000.013\symtdiv.sys
    2013-02-14 17:35:56 338592 ----a-r- c:\windows\system32\drivers\n360\1402000.013\symnets.sys
    2013-02-14 17:35:56 21400 ----a-r- c:\windows\system32\drivers\n360\1402000.013\symelam.sys
    2013-02-14 17:35:54 927904 ----a-w- c:\windows\system32\drivers\n360\1402000.013\symefa.sys
    2013-02-14 17:35:53 368288 ----a-w- c:\windows\system32\drivers\n360\1402000.013\symds.sys
    2013-02-14 17:35:52 32888 ----a-r- c:\windows\system32\drivers\n360\1402000.013\srtspx.sys
    2013-02-14 17:35:50 586400 ----a-w- c:\windows\system32\drivers\n360\1402000.013\srtsp.sys
    2013-02-14 17:35:50 175264 ----a-r- c:\windows\system32\drivers\n360\1402000.013\ironx86.sys
    2013-02-14 17:35:49 134304 ----a-w- c:\windows\system32\drivers\n360\1402000.013\ccsetx86.sys
    2013-02-14 17:29:42 -------- d-----w- c:\windows\system32\drivers\n360\1402000.013
    2013-02-14 17:28:26 -------- d-----w- c:\programdata\Sony Corporation
    2013-02-14 17:28:25 -------- d-----w- c:\program files\Sony
    2013-01-20 18:35:01 -------- d-----w- c:\users\lorrytetigrosso\appdata\local\Dell
    .
    ==================== Find3M ====================
    .
    2013-02-09 21:30:18 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-20 04:22:50 204288 ----a-w- c:\windows\system32\ncrypt.dll
    .
    ============= FINISH: 13:51:54.46 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 8/9/2007 12:21:57 PM
    System Uptime: 2/15/2013 1:11:45 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0GU163
    Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-56 | Microprocessor | 1800/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 136 GiB total, 79.584 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.3 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0054
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #8
    PNP Device ID: ROOT\*ISATAP\0054
    Service: tunnel
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C7100 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C7100 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.4.5
    Adobe Shockwave Player 11.5
    Advanced Audio FX Engine
    Advanced Video FX Engine
    AIO_CDA_ProductContext
    AIO_CDA_Software
    AIO_Scan
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Control Center
    ATI PCI Express (3GIO) Filter Driver
    Bonjour
    Broadcom Management Programs
    BufferChm
    C7100
    c7100_Help
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    ccc-Branding
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CDDRV_Installer
    Computrace
    Conexant HDA D330 MDC V.92 Modem
    Consumer Complete Care Services Agreement
    Copy
    Dell Support Center (Support Software)
    Dell System Customization Wizard
    Dell Touchpad
    DELL Webcam Center
    DELL Webcam Manager
    Dell Wireless WLAN Card
    DellSupport
    Destinations
    DeviceManagementQFolder
    Dogpile Bundle Toolbar
    Fax
    Free File Opener v2011.6.0.4
    Games, Music, & Photos Launcher
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Imaging Device Functions 8.0
    HP Photosmart.All-In-One Driver Software 8.0 .A
    HP Update
    iTunes
    Java(TM) SE Runtime Environment 6
    KhalSetup
    Laptop Integrated Webcam Driver (1.04.01.1011)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Macromedia Shockwave Player
    MediaDirect
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Standard 2006
    Microsoft Digital Image Standard 2006 Editor
    Microsoft Digital Image Standard 2006 Library
    Microsoft Encarta Encyclopedia Standard 2006
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Streets & Trips 2006
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works Suite 2006 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Modem Diagnostic Tool
    Move Networks Media Player for Internet Explorer
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetDeviceManager
    NetWaiting
    Norton Security Suite
    NWZ-E470 E570 WALKMAN Guide
    OGA Notifier 2.0.0048.0
    PHOTOfunSTUDIO 6.0
    Product Documentation Launcher
    QualxServ Service Agreement
    QuickSet
    QuickTime
    Readiris 7.5
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    SigmaTel Audio
    Skins
    Sonic Activation Module
    Status
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    URL Assistant
    User's Guides
    VLC media player 1.0.1
    WebReg
    WebSlingPlayer ActiveX
    What's Running 3.0
    WIDCOMM Bluetooth Software 6.0.1.3100
    Works Upgrade
    .
    ==== End Of File ===========================


    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-15 14:14:51
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160821AS rev.3.CDD 149.05GB
    Running: 2ph6msk9.exe; Driver: C:\Users\LORRYT~1\AppData\Local\Temp\uwddraod.sys


    ---- System - GMER 2.1 ----

    SSDT 85DAC0C8 ZwAlertResumeThread
    SSDT 85DAC1A8 ZwAlertThread
    SSDT 85DACB20 ZwAllocateVirtualMemory
    SSDT 8798E588 ZwAlpcConnectPort
    SSDT 85DAD858 ZwAssignProcessToJobObject
    SSDT 85DADE00 ZwCreateMutant
    SSDT 85DAD578 ZwCreateSymbolicLinkObject
    SSDT 85DAC008 ZwCreateThread
    SSDT 85DAD938 ZwDebugActiveProcess
    SSDT 85DACCF0 ZwDuplicateObject
    SSDT 85DAC8D8 ZwFreeVirtualMemory
    SSDT 85DADEF0 ZwImpersonateAnonymousToken
    SSDT 85DADFD0 ZwImpersonateThread
    SSDT 87987DD0 ZwLoadDriver
    SSDT 85DAC7D8 ZwMapViewOfSection
    SSDT 85DADD20 ZwOpenEvent
    SSDT 85DACED0 ZwOpenProcess
    SSDT 85DACC10 ZwOpenProcessToken
    SSDT 85DADB60 ZwOpenSection
    SSDT 85DACDE0 ZwOpenThread
    SSDT 85DAD768 ZwProtectVirtualMemory
    SSDT 85DAC288 ZwResumeThread
    SSDT 85DAC528 ZwSetContextThread
    SSDT 85DAC608 ZwSetInformationProcess
    SSDT 85DADA18 ZwSetSystemInformation
    SSDT 85DADC40 ZwSuspendProcess
    SSDT 85DAC368 ZwSuspendThread
    SSDT 85DAB1E0 ZwTerminateProcess
    SSDT 85DAC448 ZwTerminateThread
    SSDT 85DAC6F8 ZwUnmapViewOfSection
    SSDT 85DAC9C8 ZwWriteVirtualMemory
    SSDT 85DAD668 ZwCreateThreadEx

    ---- Kernel code sections - GMER 2.1 ----

    ? C:\Users\LORRYT~1\AppData\Local\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !
    .text ntdll.dll!NtTerminateThread 77A65374 5 Bytes [E9, D3, AC, 5B, 88] {JMP 0x885bacd8}

    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\system32\lxdjcoms.exe[336] ntdll.dll!NtTerminateThread 77A65374 5 Bytes JMP 0002004C
    .text C:\Windows\system32\lxdjcoms.exe[336] USER32.dll!RecordShutdownReason + 36A 779AB7BE 7 Bytes JMP 00160930
    .text C:\Windows\system32\lxdjcoms.exe[336] ADVAPI32.dll!OpenSCManagerA + 125 76552EB8 7 Bytes JMP 00160768
    .text C:\Windows\system32\lxdjcoms.exe[336] ADVAPI32.dll!CloseServiceHandle + AA 7655834F 7 Bytes JMP 00160210
    .text C:\Windows\system32\lxdjcoms.exe[336] ADVAPI32.dll!AreAllAccessesGranted + 3FD 76579EAF 7 Bytes JMP 001605A0
    .text C:\Windows\system32\lxdjcoms.exe[336] ADVAPI32.dll!CreateServiceW + FF 76579FB3 7 Bytes JMP 0016012C
    .text C:\Windows\system32\lxdjcoms.exe[336] ADVAPI32.dll!ControlService + C1 7657A079 7 Bytes JMP 0016084C
    .text C:\Windows\system32\lxdjcoms.exe[336] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 765B6629 7 Bytes JMP 001603D8
    .text C:\Windows\system32\lxdjcoms.exe[336] ADVAPI32.dll!ControlServiceExA + 10E 765B673C 7 Bytes JMP 00160048
    .text C:\Windows\system32\lxdjcoms.exe[336] ADVAPI32.dll!SetServiceObjectSecurity + FB 765B6DD4 7 Bytes JMP 00160684
    .text C:\Windows\system32\lxdjcoms.exe[336] ADVAPI32.dll!ChangeServiceConfigA + 1A3 765B6F7C 7 Bytes JMP 001604BC
    .text C:\Windows\system32\lxdjcoms.exe[336] ADVAPI32.dll!ChangeServiceConfig2W + BB 765B729C 2 Bytes JMP 001602F4
    .text C:\Windows\system32\lxdjcoms.exe[336] ADVAPI32.dll!ChangeServiceConfig2W + BE 765B729F 4 Bytes [BA, 89, EB, F9]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[572] ntdll.dll!NtTerminateThread 77A65374 5 Bytes JMP 0002004C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[572] ADVAPI32.dll!OpenSCManagerA + 125 76552EB8 7 Bytes JMP 00070768
    .text C:\Program Files\Bonjour\mDNSResponder.exe[572] ADVAPI32.dll!CloseServiceHandle + AA 7655834F 7 Bytes JMP 00070210
    .text C:\Program Files\Bonjour\mDNSResponder.exe[572] ADVAPI32.dll!AreAllAccessesGranted + 3FD 76579EAF 7 Bytes JMP 000705A0
    .text C:\Program Files\Bonjour\mDNSResponder.exe[572] ADVAPI32.dll!CreateServiceW + FF 76579FB3 7 Bytes JMP 0007012C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[572] ADVAPI32.dll!ControlService + C1 7657A079 7 Bytes JMP 0007084C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[572] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 765B6629 7 Bytes JMP 000703D8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[572] ADVAPI32.dll!ControlServiceExA + 10E 765B673C 7 Bytes JMP 00070048
    .text C:\Program Files\Bonjour\mDNSResponder.exe[572] ADVAPI32.dll!SetServiceObjectSecurity + FB 765B6DD4 7 Bytes JMP 00070684
    .text C:\Program Files\Bonjour\mDNSResponder.exe[572] ADVAPI32.dll!ChangeServiceConfigA + 1A3 765B6F7C 7 Bytes JMP 000704BC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[572] ADVAPI32.dll!ChangeServiceConfig2W + BB 765B729C 2 Bytes JMP 000702F4
    .text C:\Program Files\Bonjour\mDNSResponder.exe[572] ADVAPI32.dll!ChangeServiceConfig2W + BE 765B729F 4 Bytes [AB, 89, EB, F9] {STOSD ; MOV EBX, EBP; STC }
    .text C:\Program Files\Bonjour\mDNSResponder.exe[572] USER32.dll!RecordShutdownReason + 36A 779AB7BE 7 Bytes JMP 00070930
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] ntdll.dll!NtTerminateThread 77A65374 5 Bytes JMP 0002004C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] ADVAPI32.dll!OpenSCManagerA + 125 76552EB8 7 Bytes JMP 00070768
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] ADVAPI32.dll!CloseServiceHandle + AA 7655834F 7 Bytes JMP 00070210
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] ADVAPI32.dll!AreAllAccessesGranted + 3FD 76579EAF 7 Bytes JMP 000705A0
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] ADVAPI32.dll!CreateServiceW + FF 76579FB3 7 Bytes JMP 0007012C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] ADVAPI32.dll!ControlService + C1 7657A079 7 Bytes JMP 0007084C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 765B6629 7 Bytes JMP 000703D8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] ADVAPI32.dll!ControlServiceExA + 10E 765B673C 7 Bytes JMP 00070048
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] ADVAPI32.dll!SetServiceObjectSecurity + FB 765B6DD4 7 Bytes JMP 00070684
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] ADVAPI32.dll!ChangeServiceConfigA + 1A3 765B6F7C 7 Bytes JMP 000704BC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] ADVAPI32.dll!ChangeServiceConfig2W + BB 765B729C 2 Bytes JMP 000702F4
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] ADVAPI32.dll!ChangeServiceConfig2W + BE 765B729F 4 Bytes [AB, 89, EB, F9] {STOSD ; MOV EBX, EBP; STC }
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] USER32.dll!RecordShutdownReason + 36A 779AB7BE 7 Bytes JMP 00070930
    .text C:\Windows\System32\WLTRYSVC.EXE[1952] ntdll.dll!NtTerminateThread 77A65374 5 Bytes JMP 0002004C
    .text C:\Windows\System32\WLTRYSVC.EXE[1952] USER32.dll!RecordShutdownReason + 36A 779AB7BE 7 Bytes JMP 00170930
    .text C:\Windows\System32\WLTRYSVC.EXE[1952] ADVAPI32.dll!OpenSCManagerA + 125 76552EB8 7 Bytes JMP 00170768
    .text C:\Windows\System32\WLTRYSVC.EXE[1952] ADVAPI32.dll!CloseServiceHandle + AA 7655834F 7 Bytes JMP 00170210
    .text C:\Windows\System32\WLTRYSVC.EXE[1952] ADVAPI32.dll!AreAllAccessesGranted + 3FD 76579EAF 7 Bytes JMP 001705A0
    .text C:\Windows\System32\WLTRYSVC.EXE[1952] ADVAPI32.dll!CreateServiceW + FF 76579FB3 7 Bytes JMP 0017012C
    .text C:\Windows\System32\WLTRYSVC.EXE[1952] ADVAPI32.dll!ControlService + C1 7657A079 7 Bytes JMP 0017084C
    .text C:\Windows\System32\WLTRYSVC.EXE[1952] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 765B6629 7 Bytes JMP 001703D8
    .text C:\Windows\System32\WLTRYSVC.EXE[1952] ADVAPI32.dll!ControlServiceExA + 10E 765B673C 7 Bytes JMP 00170048
    .text C:\Windows\System32\WLTRYSVC.EXE[1952] ADVAPI32.dll!SetServiceObjectSecurity + FB 765B6DD4 7 Bytes JMP 00170684
    .text C:\Windows\System32\WLTRYSVC.EXE[1952] ADVAPI32.dll!ChangeServiceConfigA + 1A3 765B6F7C 7 Bytes JMP 001704BC
    .text C:\Windows\System32\WLTRYSVC.EXE[1952] ADVAPI32.dll!ChangeServiceConfig2W + BB 765B729C 2 Bytes JMP 001702F4
    .text C:\Windows\System32\WLTRYSVC.EXE[1952] ADVAPI32.dll!ChangeServiceConfig2W + BE 765B729F 4 Bytes [BB, 89, EB, F9]
    .text C:\Windows\System32\bcmwltry.exe[1976] ntdll.dll!NtTerminateThread 77A65374 5 Bytes JMP 0016004C
    .text C:\Windows\System32\bcmwltry.exe[1976] USER32.dll!RecordShutdownReason + 36A 779AB7BE 7 Bytes JMP 001D0930
    .text C:\Windows\System32\bcmwltry.exe[1976] ADVAPI32.dll!OpenSCManagerA + 125 76552EB8 7 Bytes JMP 001D0768
    .text C:\Windows\System32\bcmwltry.exe[1976] ADVAPI32.dll!CloseServiceHandle + AA 7655834F 7 Bytes JMP 001D0210
    .text C:\Windows\System32\bcmwltry.exe[1976] ADVAPI32.dll!AreAllAccessesGranted + 3FD 76579EAF 7 Bytes JMP 001D05A0
    .text C:\Windows\System32\bcmwltry.exe[1976] ADVAPI32.dll!CreateServiceW + FF 76579FB3 7 Bytes JMP 001D012C
    .text C:\Windows\System32\bcmwltry.exe[1976] ADVAPI32.dll!ControlService + C1 7657A079 7 Bytes JMP 001D084C
    .text C:\Windows\System32\bcmwltry.exe[1976] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 765B6629 7 Bytes JMP 001D03D8
    .text C:\Windows\System32\bcmwltry.exe[1976] ADVAPI32.dll!ControlServiceExA + 10E 765B673C 7 Bytes JMP 001D0048
    .text C:\Windows\System32\bcmwltry.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity + FB 765B6DD4 7 Bytes JMP 001D0684
    .text C:\Windows\System32\bcmwltry.exe[1976] ADVAPI32.dll!ChangeServiceConfigA + 1A3 765B6F7C 7 Bytes JMP 001D04BC
    .text C:\Windows\System32\bcmwltry.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W + BB 765B729C 2 Bytes JMP 001D02F4
    .text C:\Windows\System32\bcmwltry.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W + BE 765B729F 4 Bytes [C1, 89, EB, F9]
    .text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2424] ntdll.dll!NtTerminateThread 77A65374 5 Bytes JMP 0002004C
    .text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2424] ADVAPI32.dll!OpenSCManagerA + 125 76552EB8 7 Bytes JMP 00270768
    .text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2424] ADVAPI32.dll!CloseServiceHandle + AA 7655834F 7 Bytes JMP 00270210
    .text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2424] ADVAPI32.dll!AreAllAccessesGranted + 3FD 76579EAF 7 Bytes JMP 002705A0
    .text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2424] ADVAPI32.dll!CreateServiceW + FF 76579FB3 7 Bytes JMP 0027012C
    .text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2424] ADVAPI32.dll!ControlService + C1 7657A079 7 Bytes JMP 0027084C
    .text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2424] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 765B6629 7 Bytes JMP 002703D8
    .text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2424] ADVAPI32.dll!ControlServiceExA + 10E 765B673C 7 Bytes JMP 00270048
    .text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2424] ADVAPI32.dll!SetServiceObjectSecurity + FB 765B6DD4 7 Bytes JMP 00270684
    .text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2424] ADVAPI32.dll!ChangeServiceConfigA + 1A3 765B6F7C 7 Bytes JMP 002704BC
    .text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2424] ADVAPI32.dll!ChangeServiceConfig2W + BB 765B729C 2 Bytes JMP 002702F4
    .text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2424] ADVAPI32.dll!ChangeServiceConfig2W + BE 765B729F 4 Bytes [CB, 89, EB, F9] {RETF ; MOV EBX, EBP; STC }
    .text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2424] USER32.dll!RecordShutdownReason + 36A 779AB7BE 7 Bytes JMP 00270930
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2640] ntdll.dll!NtTerminateThread 77A65374 5 Bytes JMP 0002004C
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2640] USER32.dll!RecordShutdownReason + 36A 779AB7BE 7 Bytes JMP 00170930
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2640] ADVAPI32.dll!OpenSCManagerA + 125 76552EB8 7 Bytes JMP 00170768
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2640] ADVAPI32.dll!CloseServiceHandle + AA 7655834F 7 Bytes JMP 00170210
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2640] ADVAPI32.dll!AreAllAccessesGranted + 3FD 76579EAF 7 Bytes JMP 001705A0
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2640] ADVAPI32.dll!CreateServiceW + FF 76579FB3 7 Bytes JMP 0017012C
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2640] ADVAPI32.dll!ControlService + C1 7657A079 7 Bytes JMP 0017084C
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2640] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 765B6629 7 Bytes JMP 001703D8
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2640] ADVAPI32.dll!ControlServiceExA + 10E 765B673C 7 Bytes JMP 00170048
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity + FB 765B6DD4 7 Bytes JMP 00170684
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2640] ADVAPI32.dll!ChangeServiceConfigA + 1A3 765B6F7C 7 Bytes JMP 001704BC
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W + BB 765B729C 2 Bytes JMP 001702F4
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W + BE 765B729F 4 Bytes [BB, 89, EB, F9]
    .text C:\Windows\system32\STacSV.exe[2660] ntdll.dll!NtTerminateThread 77A65374 5 Bytes JMP 0002004C
    .text C:\Windows\system32\STacSV.exe[2660] ADVAPI32.dll!OpenSCManagerA + 125 76552EB8 7 Bytes JMP 00160768
    .text C:\Windows\system32\STacSV.exe[2660] ADVAPI32.dll!CloseServiceHandle + AA 7655834F 7 Bytes JMP 00160210
    .text C:\Windows\system32\STacSV.exe[2660] ADVAPI32.dll!AreAllAccessesGranted + 3FD 76579EAF 7 Bytes JMP 001605A0
    .text C:\Windows\system32\STacSV.exe[2660] ADVAPI32.dll!CreateServiceW + FF 76579FB3 7 Bytes JMP 0016012C
    .text C:\Windows\system32\STacSV.exe[2660] ADVAPI32.dll!ControlService + C1 7657A079 7 Bytes JMP 0016084C
    .text C:\Windows\system32\STacSV.exe[2660] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 765B6629 7 Bytes JMP 001603D8
    .text C:\Windows\system32\STacSV.exe[2660] ADVAPI32.dll!ControlServiceExA + 10E 765B673C 7 Bytes JMP 00160048
    .text C:\Windows\system32\STacSV.exe[2660] ADVAPI32.dll!SetServiceObjectSecurity + FB 765B6DD4 7 Bytes JMP 00160684
    .text C:\Windows\system32\STacSV.exe[2660] ADVAPI32.dll!ChangeServiceConfigA + 1A3 765B6F7C 7 Bytes JMP 001604BC
    .text C:\Windows\system32\STacSV.exe[2660] ADVAPI32.dll!ChangeServiceConfig2W + BB 765B729C 2 Bytes JMP 001602F4
    .text C:\Windows\system32\STacSV.exe[2660] ADVAPI32.dll!ChangeServiceConfig2W + BE 765B729F 4 Bytes [BA, 89, EB, F9]
    .text C:\Windows\system32\STacSV.exe[2660] USER32.dll!RecordShutdownReason + 36A 779AB7BE 7 Bytes JMP 00160930
    .text C:\Program Files\iPod\bin\iPodService.exe[2828] ntdll.dll!NtTerminateThread 77A65374 5 Bytes JMP 0002004C
    .text C:\Program Files\iPod\bin\iPodService.exe[2828] ADVAPI32.dll!OpenSCManagerA + 125 76552EB8 7 Bytes JMP 00070768
    .text C:\Program Files\iPod\bin\iPodService.exe[2828] ADVAPI32.dll!CloseServiceHandle + AA 7655834F 7 Bytes JMP 00070210
    .text C:\Program Files\iPod\bin\iPodService.exe[2828] ADVAPI32.dll!AreAllAccessesGranted + 3FD 76579EAF 7 Bytes JMP 000705A0
    .text C:\Program Files\iPod\bin\iPodService.exe[2828] ADVAPI32.dll!CreateServiceW + FF 76579FB3 7 Bytes JMP 0007012C
    .text C:\Program Files\iPod\bin\iPodService.exe[2828] ADVAPI32.dll!ControlService + C1 7657A079 7 Bytes JMP 0007084C
    .text C:\Program Files\iPod\bin\iPodService.exe[2828] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 765B6629 7 Bytes JMP 000703D8
    .text C:\Program Files\iPod\bin\iPodService.exe[2828] ADVAPI32.dll!ControlServiceExA + 10E 765B673C 7 Bytes JMP 00070048
    .text C:\Program Files\iPod\bin\iPodService.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity + FB 765B6DD4 7 Bytes JMP 00070684
    .text C:\Program Files\iPod\bin\iPodService.exe[2828] ADVAPI32.dll!ChangeServiceConfigA + 1A3 765B6F7C 7 Bytes JMP 000704BC
    .text C:\Program Files\iPod\bin\iPodService.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W + BB 765B729C 2 Bytes JMP 000702F4
    .text C:\Program Files\iPod\bin\iPodService.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W + BE 765B729F 4 Bytes [AB, 89, EB, F9] {STOSD ; MOV EBX, EBP; STC }
    .text C:\Program Files\iPod\bin\iPodService.exe[2828] USER32.dll!RecordShutdownReason + 36A 779AB7BE 7 Bytes JMP 00070930
    .text C:\Windows\System32\WLTRAY.EXE[3520] ntdll.dll!NtTerminateThread 77A65374 5 Bytes JMP 0002004C
    .text C:\Windows\System32\WLTRAY.EXE[3520] USER32.dll!RecordShutdownReason + 36A 779AB7BE 7 Bytes JMP 00170930
    .text C:\Windows\System32\WLTRAY.EXE[3520] ADVAPI32.dll!OpenSCManagerA + 125 76552EB8 7 Bytes JMP 00170768
    .text C:\Windows\System32\WLTRAY.EXE[3520] ADVAPI32.dll!CloseServiceHandle + AA 7655834F 7 Bytes JMP 00170210
    .text C:\Windows\System32\WLTRAY.EXE[3520] ADVAPI32.dll!AreAllAccessesGranted + 3FD 76579EAF 7 Bytes JMP 001705A0
    .text C:\Windows\System32\WLTRAY.EXE[3520] ADVAPI32.dll!CreateServiceW + FF 76579FB3 7 Bytes JMP 0017012C
    .text C:\Windows\System32\WLTRAY.EXE[3520] ADVAPI32.dll!ControlService + C1 7657A079 7 Bytes JMP 0017084C
    .text C:\Windows\System32\WLTRAY.EXE[3520] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 765B6629 7 Bytes JMP 001703D8
    .text C:\Windows\System32\WLTRAY.EXE[3520] ADVAPI32.dll!ControlServiceExA + 10E 765B673C 7 Bytes JMP 00170048
    .text C:\Windows\System32\WLTRAY.EXE[3520] ADVAPI32.dll!SetServiceObjectSecurity + FB 765B6DD4 7 Bytes JMP 00170684
    .text C:\Windows\System32\WLTRAY.EXE[3520] ADVAPI32.dll!ChangeServiceConfigA + 1A3 765B6F7C 7 Bytes JMP 001704BC
    .text C:\Windows\System32\WLTRAY.EXE[3520] ADVAPI32.dll!ChangeServiceConfig2W + BB 765B729C 2 Bytes JMP 001702F4
    .text C:\Windows\System32\WLTRAY.EXE[3520] ADVAPI32.dll!ChangeServiceConfig2W + BE 765B729F 4 Bytes [BB, 89, EB, F9]
    .text C:\Program Files\iTunes\iTunesHelper.exe[3724] ntdll.dll!NtTerminateThread 77A65374 5 Bytes JMP 0002004C
    .text C:\Program Files\iTunes\iTunesHelper.exe[3724] ADVAPI32.dll!OpenSCManagerA + 125 76552EB8 7 Bytes JMP 00070768
    .text C:\Program Files\iTunes\iTunesHelper.exe[3724] ADVAPI32.dll!CloseServiceHandle + AA 7655834F 7 Bytes JMP 00070210
    .text C:\Program Files\iTunes\iTunesHelper.exe[3724] ADVAPI32.dll!AreAllAccessesGranted + 3FD 76579EAF 7 Bytes JMP 000705A0
    .text C:\Program Files\iTunes\iTunesHelper.exe[3724] ADVAPI32.dll!CreateServiceW + FF 76579FB3 7 Bytes JMP 0007012C
    .text C:\Program Files\iTunes\iTunesHelper.exe[3724] ADVAPI32.dll!ControlService + C1 7657A079 7 Bytes JMP 0007084C
    .text C:\Program Files\iTunes\iTunesHelper.exe[3724] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 765B6629 7 Bytes JMP 000703D8
    .text C:\Program Files\iTunes\iTunesHelper.exe[3724] ADVAPI32.dll!ControlServiceExA + 10E 765B673C 7 Bytes JMP 00070048
    .text C:\Program Files\iTunes\iTunesHelper.exe[3724] ADVAPI32.dll!SetServiceObjectSecurity + FB 765B6DD4 7 Bytes JMP 00070684
    .text C:\Program Files\iTunes\iTunesHelper.exe[3724] ADVAPI32.dll!ChangeServiceConfigA + 1A3 765B6F7C 7 Bytes JMP 000704BC
    .text C:\Program Files\iTunes\iTunesHelper.exe[3724] ADVAPI32.dll!ChangeServiceConfig2W + BB 765B729C 2 Bytes JMP 000702F4
    .text C:\Program Files\iTunes\iTunesHelper.exe[3724] ADVAPI32.dll!ChangeServiceConfig2W + BE 765B729F 4 Bytes [AB, 89, EB, F9] {STOSD ; MOV EBX, EBP; STC }
    .text C:\Program Files\iTunes\iTunesHelper.exe[3724] USER32.dll!RecordShutdownReason + 36A 779AB7BE 7 Bytes JMP 00070930
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3776] ntdll.dll!NtTerminateThread 77A65374 5 Bytes JMP 0016004C
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3776] ADVAPI32.dll!OpenSCManagerA + 125 76552EB8 7 Bytes JMP 00280768
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3776] ADVAPI32.dll!CloseServiceHandle + AA 7655834F 7 Bytes JMP 00280210
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3776] ADVAPI32.dll!AreAllAccessesGranted + 3FD 76579EAF 7 Bytes JMP 002805A0
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3776] ADVAPI32.dll!CreateServiceW + FF 76579FB3 7 Bytes JMP 0028012C
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3776] ADVAPI32.dll!ControlService + C1 7657A079 7 Bytes JMP 0028084C
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3776] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 765B6629 7 Bytes JMP 002803D8
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3776] ADVAPI32.dll!ControlServiceExA + 10E 765B673C 7 Bytes JMP 00280048
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3776] ADVAPI32.dll!SetServiceObjectSecurity + FB 765B6DD4 7 Bytes JMP 00280684
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3776] ADVAPI32.dll!ChangeServiceConfigA + 1A3 765B6F7C 7 Bytes JMP 002804BC
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3776] ADVAPI32.dll!ChangeServiceConfig2W + BB 765B729C 2 Bytes JMP 002802F4
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3776] ADVAPI32.dll!ChangeServiceConfig2W + BE 765B729F 4 Bytes [CC, 89, EB, F9] {INT 3 ; MOV EBX, EBP; STC }
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3776] USER32.dll!RecordShutdownReason + 36A 779AB7BE 7 Bytes JMP 00280930
    .text C:\Users\lorrytetigrosso\Downloads\2ph6msk9.exe[5504] ntdll.dll!NtTerminateThread 77A65374 5 Bytes JMP 0002004C
    .text C:\Users\lorrytetigrosso\Downloads\2ph6msk9.exe[5504] ADVAPI32.dll!OpenSCManagerA + 125 76552EB8 7 Bytes JMP 00170768
    .text C:\Users\lorrytetigrosso\Downloads\2ph6msk9.exe[5504] ADVAPI32.dll!CloseServiceHandle + AA 7655834F 7 Bytes JMP 00170210
    .text C:\Users\lorrytetigrosso\Downloads\2ph6msk9.exe[5504] ADVAPI32.dll!AreAllAccessesGranted + 3FD 76579EAF 7 Bytes JMP 001705A0
    .text C:\Users\lorrytetigrosso\Downloads\2ph6msk9.exe[5504] ADVAPI32.dll!CreateServiceW + FF 76579FB3 7 Bytes JMP 0017012C
    .text C:\Users\lorrytetigrosso\Downloads\2ph6msk9.exe[5504] ADVAPI32.dll!ControlService + C1 7657A079 7 Bytes JMP 0017084C
    .text C:\Users\lorrytetigrosso\Downloads\2ph6msk9.exe[5504] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 765B6629 7 Bytes JMP 001703D8
    .text C:\Users\lorrytetigrosso\Downloads\2ph6msk9.exe[5504] ADVAPI32.dll!ControlServiceExA + 10E 765B673C 7 Bytes JMP 00170048
    .text C:\Users\lorrytetigrosso\Downloads\2ph6msk9.exe[5504] ADVAPI32.dll!SetServiceObjectSecurity + FB 765B6DD4 7 Bytes JMP 00170684
    .text C:\Users\lorrytetigrosso\Downloads\2ph6msk9.exe[5504] ADVAPI32.dll!ChangeServiceConfigA + 1A3 765B6F7C 7 Bytes JMP 001704BC
    .text C:\Users\lorrytetigrosso\Downloads\2ph6msk9.exe[5504] ADVAPI32.dll!ChangeServiceConfig2W + BB 765B729C 2 Bytes JMP 001702F4
    .text C:\Users\lorrytetigrosso\Downloads\2ph6msk9.exe[5504] ADVAPI32.dll!ChangeServiceConfig2W + BE 765B729F 4 Bytes [BB, 89, EB, F9]
    .text C:\Users\lorrytetigrosso\Downloads\2ph6msk9.exe[5504] USER32.dll!RecordShutdownReason + 36A 779AB7BE 7 Bytes JMP 00170930

    ---- User IAT/EAT - GMER 2.1 ----

    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74897817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748DB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7489BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7488F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7488E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [748C73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7489DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7488FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7488FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7491CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [748BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7488D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74886853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7488687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74892AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ed9acbc
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x68 0x6D 0x21 0xDE ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ed9acbc (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\[email protected] 0x68 0x6D 0x21 0xDE ...

    ---- EOF - GMER 2.1 ----


    Thanks!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089675

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice