1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows freeze...can't work on app or windows...HijackThis log...please

Discussion in 'Virus & Other Malware Removal' started by HollyG, Apr 19, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. HollyG

    HollyG Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    717
    This has been going on awhile now. I will have one window open and then it will freeze up in that I can't open any other applications or I can't click and open any links. Animations will continue to move, but it seems like my mouse or the pad on my laptop won't respond. I can use the arrow keys for a few steps and then that will freeze too. A few minutes later everything will be fine again. I know my laptop is old but I've kept it running this long so I'm wondering if it might be malware.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:49:02 AM, on 4/19/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\WDC\SetIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Suzanne\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.4.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159304540234
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {97B6C672-5B48-46FE-A168-976FF94B2C3C} (IFBulkUploader) - http://www.ifriendsv2.net/iFBulkUploader_V2.cab
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
     
  2. Scolabar

    Scolabar Malware Specialist

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi HollyG,

    Firstly, welcome to the TSG - Virus & Other Malware Removal Forum. :)
    My name is Scolabar, and I'll be helping you with your malware problems.
    Secondly, apologies for the delay in responding to your request for help.
    Logs can take a while to research, so please be patient.
    If you no longer require help I would be grateful if you would let me know.

    Please note the following important guidelines before proceeding:

    1. The instructions that will be provided are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
      !
    2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
    3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
    4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
      Absence of symptoms does not necessarily mean that everything is clear.
    5. DO NOT run any other fix or removal tools unless instructed to do so!
    6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
    8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    Please Note: If you haven't done so already, please read this topic Everyone MUST read this BEFORE posting for help in this forum where the conditions for receiving help here are explained.

    In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

    If you follow these guidelines, things should proceed smoothly. :)
    I am currently reviewing your log and will return, as soon as possible, with additional instructions.

    Thank you for your patience.

    Scolabar
     
  3. Scolabar

    Scolabar Malware Specialist

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi HollyG,

    Thank you again for your patience. :)

    Please read these instructions carefully before executing and perform the steps, in the order given.
    lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before proceeding please make sure any open programs are closed.

    Step 1:
    DDS

    1. Please download DDS by sUBs. Save it to your Desktop.
      Alternate download link: here.
    2. Double-click on the DDS desktop icon to run the program.
    3. A black screen will open. Read the contents but do nothing.
    4. When DDS finishes Notepad will open two reports ... DDS.txt and Attach.txt
      The two report files are not saved anywhere. If you close Notepad before copying and pasting the contents, you will need to run DDS again.
    5. Copy and Paste the contents of the DDS.txt file into your next reply.
    6. Also Attach the Attach.txt file to your post.
    Step 2:
    GMER

    Note: The downloaded file will have a random filename. This prevents malware from detecting and blocking it.

    Please download GMER ... random named.exe by GMER. An alternative (zip file) download is available here.
    IMPORTANT: Do not run any programs while GMER is running.
    CAUTION: Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

    1. Double click on the random named.exe to execute. If asked, allow the gmer.sys driver load.
    2. If it gives you a warning about rootkit activity and asks if you want to run a scan click on NO. <--- Important!
    3. On the right side panel, several boxes have been checked. Please UNCHECK the following: (See image below.)
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All <-- don't miss this one

      [​IMG]
      Click on image to enlarge

    4. If you don't get a warning, then click on the Rootkit/Malware tab at the top of the GMER window.
    5. Click on the Scan button.
    6. Once the scan has finished, click on Save. The Save window will open.
    7. Save the scan results as ark.txt to your Desktop.
    8. Double-click on the ark.txt file on the Desktop to open it in Notepad.
    9. Copy and Paste the entire contents of ark.txt into your next reply.
    Step 3:
    Security Check

    1. Please download Security Check by screen317 and Save it to your Desktop.
      Alternate download site: Link 2
    2. Double-click on the SecurityCheck.exe icon to run the program.
    3. Press the Space Bar when you see the Press any key to continue... message.
      Please Note: This scan will take a short while to complete, so please be patient.
    4. When the scan has completed, a Notepad file will automatically open called checkup.txt.
    5. Save the file checkup.txt to your Desktop.
      Please Note: This output file is NOT automatically saved!
    6. Then Copy and Paste the entire contents of the checkup.txt file into your next reply.
    Step 4:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. DDS.txt.
    3. ark.txt.
    4. checkup.txt.
    5. Attachment(s) Required:
      • Attach.txt.
    6. Do you have the original Windows installation media for your PC?

    Scolabar
     
  4. HollyG

    HollyG Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    717
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Suzanne at 17:00:18 on 2012-05-07
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1479 [GMT -6:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\WDC\SetIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [SetIcon] \Program Files\WDC\SetIcon.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.4.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159304540234
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {97B6C672-5B48-46FE-A168-976FF94B2C3C} - hxxp://www.ifriendsv2.net/iFBulkUploader_V2.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    TCP: DhcpNameServer = 172.16.1.254
    TCP: Interfaces\{D0F5B2F2-C037-460C-AA67-55DA199FABCB} : DhcpNameServer = 172.16.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-16 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-16 337880]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-16 20696]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-16 44768]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2009-11-2 10448]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 257696]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-05-05 22:46:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-05 22:46:15 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-25 01:10:30 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-04-05 20:12:00 260 ----a-w- c:\windows\system32\cmdVBS.vbs
    2012-04-05 20:12:00 256 ----a-w- c:\windows\system32\MSIevent.bat
    2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
    2012-02-14 16:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    .
    ============= FINISH: 17:03:13.98 ===============
     

    Attached Files:

  5. HollyG

    HollyG Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    717
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-05-07 20:51:39
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8032GSX rev.AS112D
    Running: 3jfcwvr8.exe; Driver: C:\DOCUME~1\Suzanne\LOCALS~1\Temp\ugryypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA874FDF8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA8804A5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA875085E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA877CD5D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA87552E4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA8755330]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA8755422]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA877C711]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA8755252]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA8755374]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA875529A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA87553DC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA874FE44]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA877D423]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA877D6D9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA87529A8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA877D28E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA877D0F9]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA8804B34]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA874FAD6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA874FE90]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA8752D1C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA8750B02]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA875530E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA8755352]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA8755446]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA877CA6D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA8755278]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA8752518]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA87553AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA87552C2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA875274C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA8755400]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA8804CA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA877CF74]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA87509CE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA877CDC6]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA880EB68]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA877BD84]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA874FEDC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA874FF28]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA874FB46]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA874FCEA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA877D52A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA874FC92]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA874FD5A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xA8804D60]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA874FF74]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xA8804BE0]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA881AD92]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL A875119F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A8817C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A881974C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP A881AD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xA8CF6280]
    .text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP A8754180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP A875407C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP A8754036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP A8753724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP A8752F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP A87542EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP A87544F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP A8753F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851745 5 Bytes JMP A8752E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP A87537E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2D4 5 Bytes JMP A8753384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E35F 5 Bytes JMP A8753562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP A8752E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP A87540BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 4128 BF873CF0 5 Bytes JMP A875351C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP A87537FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP A8754232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP A8754450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP A875370C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP A8752FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP A8753104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP A87531AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP A87532E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP A8752D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP A875373C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 19DF BF913566 5 Bytes JMP A8752F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP A87530B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F2C BF916AB3 5 Bytes JMP A875367C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP A87543A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    ? C:\DOCUME~1\Suzanne\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\igfxpers.exe[212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\system32\igfxpers.exe[212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\igfxpers.exe[212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\system32\igfxpers.exe[212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\igfxpers.exe[212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\igfxpers.exe[212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\igfxpers.exe[212] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\igfxpers.exe[212] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\igfxpers.exe[212] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\igfxpers.exe[212] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\WINDOWS\system32\igfxpers.exe[212] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\igfxpers.exe[212] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\igfxpers.exe[212] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\igfxpers.exe[212] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\igfxpers.exe[212] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\igfxpers.exe[212] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\igfxpers.exe[212] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[284] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\System32\smss.exe[616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[652] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\System32\svchost.exe[892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[892] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[892] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[892] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[892] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\csrss.exe[980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[980] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
    .text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
    .text C:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[1380] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[1380] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[1380] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\ctfmon.exe[1460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\ctfmon.exe[1460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[1460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\ctfmon.exe[1460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[1460] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\ctfmon.exe[1460] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\ctfmon.exe[1460] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\ctfmon.exe[1460] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\ctfmon.exe[1460] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\ctfmon.exe[1460] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\ctfmon.exe[1460] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\ctfmon.exe[1460] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\ctfmon.exe[1460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\ctfmon.exe[1460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\ctfmon.exe[1460] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\ctfmon.exe[1460] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\ctfmon.exe[1460] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1628] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1628] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1628] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1628] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1628] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1776] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1776] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1776] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1776] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1776] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1776] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1776] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1776] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1884] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1884] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1884] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\spoolsv.exe[1932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\spoolsv.exe[1932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\spoolsv.exe[1932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\spoolsv.exe[1932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\spoolsv.exe[1932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\spoolsv.exe[1932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\spoolsv.exe[1932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1980] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\eHome\ehSched.exe[2012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
    .text C:\WINDOWS\eHome\ehSched.exe[2012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\eHome\ehSched.exe[2012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
    .text C:\WINDOWS\eHome\ehSched.exe[2012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\eHome\ehSched.exe[2012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\eHome\ehSched.exe[2012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\eHome\ehSched.exe[2012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\eHome\ehSched.exe[2012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\eHome\ehSched.exe[2012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\eHome\ehSched.exe[2012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
    .text C:\WINDOWS\eHome\ehSched.exe[2012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
    .text C:\WINDOWS\eHome\ehSched.exe[2012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\eHome\ehSched.exe[2012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
    .text C:\WINDOWS\eHome\ehSched.exe[2012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
    .text C:\WINDOWS\eHome\ehSched.exe[2012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\eHome\ehSched.exe[2012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\eHome\ehSched.exe[2012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Dantz\Retrospect\retrorun.exe[2292] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\system32\svchost.exe[2416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[2416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[2416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2416] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[2416] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[2416] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[2416] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[2416] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[2416] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[2416] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[2416] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[2416] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[2452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[2452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[2452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[2452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[2452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2552] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\Explorer.EXE[2756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\Explorer.EXE[2756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[2756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\Explorer.EXE[2756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[2756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\Explorer.EXE[2756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\Explorer.EXE[2756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\Explorer.EXE[2756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\Explorer.EXE[2756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\Explorer.EXE[2756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[2756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[2756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\Explorer.EXE[2756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\Explorer.EXE[2756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\Explorer.EXE[2756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\Explorer.EXE[2756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\Explorer.EXE[2756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2792] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\dllhost.exe[3016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\dllhost.exe[3016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\dllhost.exe[3016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\dllhost.exe[3016] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\dllhost.exe[3016] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\dllhost.exe[3016] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\dllhost.exe[3016] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\dllhost.exe[3016] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\dllhost.exe[3016] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\dllhost.exe[3016] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\dllhost.exe[3016] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\dllhost.exe[3016] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\dllhost.exe[3016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\dllhost.exe[3016] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\dllhost.exe[3016] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\dllhost.exe[3016] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\dllhost.exe[3016] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\igfxsrvc.exe[3044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3096] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Documents and Settings\Suzanne\Desktop\3jfcwvr8.exe[3112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Suzanne\Desktop\3jfcwvr8.exe[3112] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3296] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\System32\alg.exe[3344] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\alg.exe[3344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3344] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\alg.exe[3344] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3344] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\alg.exe[3344] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\alg.exe[3344] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\alg.exe[3344] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\alg.exe[3344] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\alg.exe[3344] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\System32\alg.exe[3344] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\alg.exe[3344] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\alg.exe[3344] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\System32\alg.exe[3344] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\System32\alg.exe[3344] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[3344] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3344] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[3704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[3704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[3704] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[3704] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[3704] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[3704] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[3704] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[3704] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[3704] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[3704] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[3704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[3704] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[3704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[3704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[3704] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[3704] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[3704] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\system32\hkcmd.exe[3832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\hkcmd.exe[3832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\hkcmd.exe[3832] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\hkcmd.exe[3832] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\hkcmd.exe[3832] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\hkcmd.exe[3832] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\WDC\SetIcon.exe[3964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
    .text C:\Program Files\WDC\SetIcon.exe[3964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\WDC\SetIcon.exe[3964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
    .text C:\Program Files\WDC\SetIcon.exe[3964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\WDC\SetIcon.exe[3964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\Program Files\WDC\SetIcon.exe[3964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\Program Files\WDC\SetIcon.exe[3964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\Program Files\WDC\SetIcon.exe[3964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\Program Files\WDC\SetIcon.exe[3964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\Program Files\WDC\SetIcon.exe[3964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\Program Files\WDC\SetIcon.exe[3964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\Program Files\WDC\SetIcon.exe[3964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\Program Files\WDC\SetIcon.exe[3964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\Program Files\WDC\SetIcon.exe[3964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\Program Files\WDC\SetIcon.exe[3964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\Program Files\WDC\SetIcon.exe[3964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\Program Files\WDC\SetIcon.exe[3964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\Fastfat \Fat A6C5FD20

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1

    ---- EOF - GMER 1.0.15 ----
     
  6. HollyG

    HollyG Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    717
    Results of screen317's Security Check version 0.99.32
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    SpywareBlaster 4.4
    SUPERAntiSpyware
    HijackThis 2.0.2
    CCleaner
    Java(TM) 6 Update 26
    Java version out of date!
    Adobe Flash Player 11.2.202.235
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    ``````````End of Log````````````
     
  7. Scolabar

    Scolabar Malware Specialist

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi HollyG,

    Thank you for the logs. :)

    Please confirm whether or not you have the original Windows installation media for your PC.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before proceeding please make sure any open programs are closed.

    Step 1:
    Uninstall Programs

    1. Select Start > Control Panel > Add/Remove Programs.
    2. Scroll down the list of installed programs and select each of the following programs:

      HijackThis 2.0.2
      Search Assist

    3. Click on the Remove button to uninstall the program.
    4. Click on the Yes button at the prompt.
    5. Repeat steps 4 to 6 for each of the above programs.
    6. Close the Add/Remove Programs control panel when the removals have been completed.
    7. Restart the computer to complete removal of the programs.
    Step 2:
    OTL - Scan

    1. Please download OTL by Old Timer. Save it to your Desktop.
    2. Double-click on OTL.exe to run the program.
    3. Under Output, ensure that the Standard Output option is selected.
    4. Under the Extra Registry section, select the Use SafeList option.
    5. Click the Scan All Users checkbox.
    6. Tick the LOP Check and Purity Check checkboxes.
      Note: Please leave the remaining selections on the default settings.
    7. Click on the Run Scan button in the top left-hand corner of the program window.
    8. When done, two Notepad files will automatically open:
      • OTL.txt <-- Will be opened, maximized.
      • Extras.txt <-- Will be minimized on task bar.
    9. Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.
    Step 3:
    aswMBR - Scan

    1. Please download aswMBR.exe © Avast Software and Save it to your Desktop.
    2. Double-click on aswMBR.exe to launch it.
    3. Click on the Scan button to start the scan.
    4. On completion of the scan the following message will be displayed: "Scan finished successfully". Click on the Save log button.
    5. You will be prompted to save a file named aswMBR.txt. Save it to your Desktop.
    6. Please Copy and Paste the contents of aswMBR.txt into your next reply.
    Please Note: A file will be created and placed on your desktop when you execute aswMBR, named MBR.dat. This is a copy of your MBR record, before any changes are made, it can be used to recover the MBR record to it's previous condition, if problems exist after changes.

    Step 4:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. Do you have the original Windows installation media for your PC?
    3. OTL.txt.
    4. Extras.txt.
    5. aswMBR.txt.

    Scolabar
     
  8. HollyG

    HollyG Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    717
    I don't have the original Wins installation media with me as I am away visiting. It's at home and I won't be back until July. Why would I need that, to reinstall windows if something goes wrong
     
  9. Scolabar

    Scolabar Malware Specialist

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi HollyG,

    It is important to know that the original Windows installation media is available should the computer be found to be comprised to such an extent where a reformat and reinstallation were the recommended option. Given the current situation regarding the Windows installation media, it is important that extra care should be taken when following any instructions provided. ;)

    If you would prefer to wait until you have returned so that you have access to the original Windows installation media, as a fallback, please let me know.

    Otherwise, if you are happy to continue given the knowledge we should have access to the Recovery Console (installed during the course of your earlier Malware Removal topic this time last year), please go ahead and complete the instructions provided in my last post.


    Scolabar
     
  10. HollyG

    HollyG Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    717
    I have a WIns XP disk I can use here in case.

    OTL Extras logfile created on: 5/10/2012 1:09:14 PM - Run 1
    OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Suzanne\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.98% Memory free
    3.83 Gb Paging File | 3.57 Gb Available in Paging File | 93.11% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 51.23 Gb Total Space | 19.71 Gb Free Space | 38.47% Space Free | Partition Type: NTFS
    Drive D: | 17.04 Gb Total Space | 16.96 Gb Free Space | 99.50% Space Free | Partition Type: NTFS

    Computer Name: MYLAPTOP | User Name: Suzanne | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-1557411339-2503043033-3123730931-1006\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "8080:TCP" = 8080:TCP:*:Disabled:iFriends
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "2122:TCP" = 2122:TCP:*:Enabled:Akamai NetSession Interface
    "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
    "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
    "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{0412CCFF-BFAC-83D8-44FB-3BE60F05FCF8}" = Amazon MP3 Uploader
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{11DE2361-9F73-47B3-B638-2F267927E307}" = Ipswitch WS_FTP Home 2007
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.1
    "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 26
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
    "{3F70FB44-FD00-4ED2-9154-661AA9DB0B28}" = WD Media Center Driver
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
    "{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
    "{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{73B69C5C-87D6-471E-B695-0BD736C4B644}" = Retrospect 6.5
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{84834762-4259-4213-8EE3-91481F05BC19}" = Web Camera Control
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype&#8482; 5.5
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C797EAF2-707A-4239-BDF3-F2672314A734}" = First Step Guide
    "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
    "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
    "avast" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
    "com.amazon.music.uploader" = Amazon MP3 Uploader
    "CTMBDemo_Audigy" = Sound Blaster Audigy ADVANCED MB Demo
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1010)
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Logitech Vid" = Logitech Vid HD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MIXERLITE" = Mixer
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
    "Shockwave" = Shockwave
    "sp6" = Logitech SetPoint 6.20
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "SumatraPDF" = Sumatra PDF reader
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VLC media player" = VLC media player 1.1.10
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1557411339-2503043033-3123730931-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "309a46b1dc89b774" = Dell Driver Download Manager
    "f031ef6ac137efc5" = Dell Driver Download Manager - 1
    "Facebook Plug-In" = Facebook Plug-In

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/5/2012 5:39:06 PM | Computer Name = MYLAPTOP | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module mshtml.dll, version 8.0.6001.19222, fault address 0x00088ec7.

    [ System Events ]
    Error - 5/7/2012 7:43:59 PM | Computer Name = MYLAPTOP | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 5/7/2012 7:46:36 PM | Computer Name = MYLAPTOP | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 5/7/2012 7:46:36 PM | Computer Name = MYLAPTOP | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 5/7/2012 7:46:42 PM | Computer Name = MYLAPTOP | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 5/7/2012 7:58:04 PM | Computer Name = MYLAPTOP | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 5/7/2012 9:14:16 PM | Computer Name = MYLAPTOP | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 5/9/2012 11:12:10 PM | Computer Name = MYLAPTOP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Apple Mobile Device service
    to connect.

    Error - 5/9/2012 11:12:10 PM | Computer Name = MYLAPTOP | Source = Service Control Manager | ID = 7000
    Description = The Apple Mobile Device service failed to start due to the following
    error: %%1053

    Error - 5/10/2012 2:47:54 PM | Computer Name = MYLAPTOP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Apple Mobile Device service
    to connect.

    Error - 5/10/2012 2:47:54 PM | Computer Name = MYLAPTOP | Source = Service Control Manager | ID = 7000
    Description = The Apple Mobile Device service failed to start due to the following
    error: %%1053


    < End of report >
     
  11. HollyG

    HollyG Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    717
    OTL logfile created on: 5/10/2012 1:09:14 PM - Run 1
    OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Suzanne\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.98% Memory free
    3.83 Gb Paging File | 3.57 Gb Available in Paging File | 93.11% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 51.23 Gb Total Space | 19.71 Gb Free Space | 38.47% Space Free | Partition Type: NTFS
    Drive D: | 17.04 Gb Total Space | 16.96 Gb Free Space | 99.50% Space Free | Partition Type: NTFS

    Computer Name: MYLAPTOP | User Name: Suzanne | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/05/09 21:41:14 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
    PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/01/18 00:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/04/06 13:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    PRC - [2004/04/28 12:02:22 | 000,042,496 | ---- | M] (Standard Microsystems Corp.) -- C:\Program Files\WDC\SetIcon.exe
    PRC - [2003/12/10 21:09:34 | 000,046,592 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe
    PRC - [2003/11/12 11:46:34 | 000,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/10 04:20:21 | 001,756,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12051000\algo.dll
    MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2012/05/05 16:46:15 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/01/18 00:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2010/10/28 04:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2010/02/16 17:02:00 | 003,305,708 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
    SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2006/04/06 13:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
    SRV - [2003/12/10 21:09:34 | 000,046,592 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\wdsvc.exe -- (RetroWDSvc)
    SRV - [2003/11/12 11:46:34 | 000,110,592 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper)
    SRV - [2003/11/12 11:46:34 | 000,049,152 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvcflt.sys -- (FilterService)
    DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2012/01/18 00:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
    DRV - [2012/01/18 00:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/08/24 11:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2010/08/24 11:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2010/08/24 11:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2010/08/24 11:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2006/11/23 20:42:27 | 000,029,184 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
    DRV - [2006/11/21 03:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/11/14 22:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/14 17:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/14 15:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2006/04/26 15:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2006/03/24 15:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
    DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/09/01 11:11:52 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
    DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
    DRV - [2005/05/27 03:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
    DRV - [2005/05/25 18:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
    DRV - [2005/01/10 19:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2005/01/10 19:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2004/12/02 20:04:12 | 000,017,920 | R--- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
    DRV - [2004/10/08 05:59:12 | 000,326,656 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
    DRV - [2004/06/27 22:08:56 | 000,042,752 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2004/03/08 10:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 07 1E 43 E5 43 CA 01 [binary data]
    IE - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\..\SearchScopes,DefaultScope = {0A3CDBC2-11EF-4161-8B79-BBADE38A9E5B}
    IE - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\..\SearchScopes\{0A3CDBC2-11EF-4161-8B79-BBADE38A9E5B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\..\SearchScopes\{54FEC9F3-A81D-4989-83C4-F8176BBE73A2}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
    IE - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Suzanne\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)


    [2012/03/23 19:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Extensions
    [2012/03/23 19:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Extensions\[email protected]
    [2012/01/19 13:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\extensions
    [2010/04/28 00:31:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2007/06/26 23:10:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2008/11/11 21:05:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/04/28 00:31:08 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012/01/19 13:36:05 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    [2008/06/25 21:43:50 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\searchplugins\IMDB.xml
    [2008/05/28 21:47:36 | 000,001,944 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\searchplugins\MSN.xml
    [2011/04/27 14:07:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    O1 HOSTS File: ([2012/01/16 20:39:15 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
    O7 - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
    O7 - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O15 - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\..Trusted Domains: internet ([]about in Internet)
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.4.cab (DownloadManager Control)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159304540234 (MUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {97B6C672-5B48-46FE-A168-976FF94B2C3C} http://www.ifriendsv2.net/iFBulkUploader_V2.cab (IFBulkUploader)
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Suzanne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Suzanne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/27 22:33:19 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2012/03/09 21:47:48 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2011/02/20 22:11:13 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/10 02:39:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Suzanne\Recent
    [2012/05/09 21:45:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Suzanne\Desktop\aswMBR.exe
    [2012/05/09 21:41:09 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
    [2012/05/07 16:58:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Suzanne\Desktop\dds.com
    [2012/04/19 22:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
    [2012/04/18 22:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\backups

    ========== Files - Modified Within 30 Days ==========

    [2012/05/10 12:46:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/05/10 12:45:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2012/05/10 01:50:03 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Corel Photo Album 6.lnk
    [2012/05/10 01:46:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/05/09 21:45:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Suzanne\Desktop\aswMBR.exe
    [2012/05/09 21:41:14 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
    [2012/05/09 21:16:11 | 000,507,846 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/05/09 21:16:11 | 000,091,348 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/05/09 21:10:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/05/07 23:56:52 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Microsoft Word 2010.lnk
    [2012/05/07 20:56:53 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\SecurityCheck.exe
    [2012/05/07 17:11:58 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\3jfcwvr8.exe
    [2012/05/07 16:58:30 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Suzanne\Desktop\dds.com
    [2012/05/05 16:46:15 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/05/05 16:46:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/05/02 12:44:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/04/28 21:07:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/04/26 15:01:04 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/24 19:10:30 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
    [2012/04/18 22:46:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Suzanne\Desktop\HiJackThis.exe
    [2012/04/17 22:31:36 | 000,000,279 | RHS- | M] () -- C:\boot.ini
    [2012/04/13 01:11:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/12 20:20:38 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Corel Paint Shop Pro X.lnk

    ========== Files Created - No Company Name ==========

    [2012/05/07 20:56:33 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\SecurityCheck.exe
    [2012/05/07 17:11:54 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\3jfcwvr8.exe
    [2012/04/19 23:07:43 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon MP3 Uploader.lnk
    [2012/02/01 23:44:08 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
    [2011/11/16 11:49:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dvdtest10024.dat
    [2011/08/12 10:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
    [2011/07/23 06:48:46 | 000,000,406 | ---- | C] () -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\Big Bang Mancala Preferences
    [2011/07/23 06:48:23 | 000,000,406 | ---- | C] () -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\Big Bang 4-In-A-Row
    [2011/07/13 14:21:48 | 000,000,406 | ---- | C] () -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\Big Bang Reversi Preferences
    [2011/06/03 17:40:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/01 05:07:02 | 010,920,984 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
    [2011/04/01 05:07:02 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
    [2011/04/01 05:06:56 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
    [2011/03/28 18:30:39 | 000,136,506 | ---- | C] () -- C:\WINDOWS\hphins33.dat.temp
    [2011/03/15 21:41:30 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Suzanne\Application Data\inst.exe
    [2011/03/03 19:14:50 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2011/02/01 12:46:38 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dxonok.dat
    [2010/11/29 16:38:20 | 000,055,622 | ---- | C] () -- C:\Program Files\Sample.mov
    [2010/08/31 12:05:49 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Suzanne\Application Data\dvd.bmk
    [2010/06/22 15:40:43 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

    ========== LOP Check ==========

    [2011/03/16 22:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/11/16 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD-Cloner
    [2012/03/11 17:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
    [2008/04/15 22:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
    [2012/01/06 01:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2007/09/29 00:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2011/03/17 15:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
    [2008/04/15 22:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2008/08/28 19:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2012/02/18 22:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2012/03/23 19:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2008/05/30 23:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2010/04/10 12:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/03/28 19:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/06/22 09:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011/01/31 18:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C3243856-7746-4A05-8837-51A28C1CDD82}
    [2010/08/05 21:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\CheckPoint
    [2009/08/02 14:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Hoyle FaceCreator
    [2011/07/20 10:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Hoyle Puzzle and Board Games
    [2012/02/15 13:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\IObit
    [2008/02/13 00:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Netscape
    [2008/06/11 08:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Vso
    [2009/06/05 19:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
    [2009/04/07 20:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
    [2010/04/02 01:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Main Administrator\Application Data\Windows Desktop Search
    [2010/04/02 01:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Main Administrator\Application Data\Windows Search
    [2011/05/12 14:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Amazon
    [2011/07/05 23:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\AnvSoft
    [2010/07/09 18:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\CheckPoint
    [2011/06/09 16:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\com.amazon.music.uploader
    [2007/09/25 13:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Costco Photo Viewer US
    [2008/05/13 13:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\DeepBurner
    [2011/01/31 23:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\ElevatedDiagnostics
    [2010/06/03 16:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Facebook
    [2006/09/21 02:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\FUJIFILM
    [2010/01/02 19:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\GetRightToGo
    [2011/07/25 11:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Hoyle FaceCreator
    [2011/07/28 13:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Hoyle Puzzle and Board Games
    [2012/02/01 23:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\IObit
    [2008/05/19 21:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Kingston
    [2006/11/04 16:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Leadertech
    [2010/04/23 13:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\MSNInstaller
    [2011/01/06 23:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\net.ifriends.SuperCamConsole
    [2008/02/06 22:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Netscape
    [2006/12/05 14:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\OfficeUpdate12
    [2009/09/15 20:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\OpenOffice.org
    [2009/10/16 12:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\PDF Software
    [2011/03/01 18:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Runscanner.net
    [2010/04/08 14:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\SumatraPDF
    [2010/02/02 23:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Template
    [2012/03/23 19:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\TomTom
    [2012/03/04 22:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\uTorrent
    [2011/03/15 21:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Vso
    [2009/06/29 23:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Windows Search

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E3D07DE

    < End of report >
     
  12. HollyG

    HollyG Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    717
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-10 13:32:28
    -----------------------------
    13:32:28.593 OS Version: Windows 5.1.2600 Service Pack 3
    13:32:28.593 Number of processors: 2 586 0xE08
    13:32:28.593 ComputerName: MYLAPTOP UserName: Suzanne
    13:32:32.906 Initialize success
    13:32:33.062 AVAST engine defs: 12051000
    13:33:54.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    13:33:54.671 Disk 0 Vendor: TOSHIBA_MK8032GSX AS112D Size: 74881MB BusType: 3
    13:33:54.687 Disk 0 MBR read successfully
    13:33:54.687 Disk 0 MBR scan
    13:33:54.687 Disk 0 unknown MBR code
    13:33:54.687 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
    13:33:54.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52462 MB offset 96390
    13:33:54.734 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17453 MB offset 107539110
    13:33:54.750 Disk 0 Partition 4 00 DB CP/M / CTOS MSWIN4.1 4910 MB offset 143283735
    13:33:54.781 Disk 0 scanning sectors +153340425
    13:33:54.968 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:34:31.859 Service scanning
    13:35:36.546 Modules scanning
    13:35:57.359 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
    13:36:00.734 Disk 0 trace - called modules:
    13:36:00.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    13:36:00.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a748ab8]
    13:36:00.765 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a7a5f18]
    13:36:00.765 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a79ad98]
    13:36:02.171 AVAST engine scan C:\WINDOWS
    13:36:11.515 AVAST engine scan C:\WINDOWS\system32
    13:45:35.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Suzanne\Desktop\MBR.dat"
    13:45:35.328 The log file has been saved successfully to "C:\Documents and Settings\Suzanne\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-10 13:32:28
    -----------------------------
    13:32:28.593 OS Version: Windows 5.1.2600 Service Pack 3
    13:32:28.593 Number of processors: 2 586 0xE08
    13:32:28.593 ComputerName: MYLAPTOP UserName: Suzanne
    13:32:32.906 Initialize success
    13:32:33.062 AVAST engine defs: 12051000
    13:33:54.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    13:33:54.671 Disk 0 Vendor: TOSHIBA_MK8032GSX AS112D Size: 74881MB BusType: 3
    13:33:54.687 Disk 0 MBR read successfully
    13:33:54.687 Disk 0 MBR scan
    13:33:54.687 Disk 0 unknown MBR code
    13:33:54.687 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
    13:33:54.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52462 MB offset 96390
    13:33:54.734 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17453 MB offset 107539110
    13:33:54.750 Disk 0 Partition 4 00 DB CP/M / CTOS MSWIN4.1 4910 MB offset 143283735
    13:33:54.781 Disk 0 scanning sectors +153340425
    13:33:54.968 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:34:31.859 Service scanning
    13:35:36.546 Modules scanning
    13:35:57.359 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
    13:36:00.734 Disk 0 trace - called modules:
    13:36:00.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    13:36:00.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a748ab8]
    13:36:00.765 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a7a5f18]
    13:36:00.765 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a79ad98]
    13:36:02.171 AVAST engine scan C:\WINDOWS
    13:36:11.515 AVAST engine scan C:\WINDOWS\system32
    13:45:35.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Suzanne\Desktop\MBR.dat"
    13:45:35.328 The log file has been saved successfully to "C:\Documents and Settings\Suzanne\Desktop\aswMBR.txt"
    13:46:35.921 AVAST engine scan C:\WINDOWS\system32\drivers
    13:47:20.265 AVAST engine scan C:\Documents and Settings\Suzanne
    14:10:46.062 AVAST engine scan C:\Documents and Settings\All Users
    14:24:09.375 Scan finished successfully
    14:55:38.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Suzanne\Desktop\MBR.dat"
    14:55:38.765 The log file has been saved successfully to "C:\Documents and Settings\Suzanne\Desktop\aswMBR.txt"
     
  13. HollyG

    HollyG Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    717
    There are a bunch of Windows updates, but I didn't know whether or not it would affect this process. So far I have not updated anything.
     
  14. Scolabar

    Scolabar Malware Specialist

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi HollyG,

    Please do not carry out any system updates until the computer is declared clear of any malware infection.

    Thank you again for the logs. :)

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before proceeding please make sure any open programs are closed.

    Step 1:
    ERUNT - Emergency Recovery Utility NT

    First we will try to back up the Registry with ERUNT:

    Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
    ERUNT (Emergency Recovery Utility NT) by Lars Hederer is a free program that allows you to create a complete backup of your registry and restore it when needed.

    1. Please download ERUNT and save it to your Desktop.
    2. Double-click on erunt-setup-exe to run the installation process.
      Note: If the Open File - Security Warning window pops up, click on the Run button.
    3. Install ERUNT by following the prompts using the default installation settings.
    4. Make sure the first two check boxes Create ERUNT desktop icon and Create NTREGOPT desktop icon are checked.
    5. When you reach the section that asks you to add ERUNT to the Start-Up folder click on the No button. This later can be enabled later, if required.
    6. In the final screen make sure the Show documentation option is unchecked. Then click on the Finish button.
    7. Click on the OK button in the Welcome! screen.
    8. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT\DD-MM-YYYY (where DD-MM-YYYY is the date of the backup) which is fine.
    9. under Backup options make sure both of the first two options: System registry and Current user registry are checked.
    10. Click on the Yes button to allow the folder to be created.
      After a short duration the Registry backup is complete! pop-up message will appear.
    11. Now click on OK. A registry backup has now been created.
    < STOP > If you are unable to complete this step successfully, < STOP > do not continue with any fix steps, let me know immediately in your next post!

    Step 2:
    Temporarily Disable Realtime Protection

    Please temporarily disable the following programs that provide realtime protection as they may well interfere with the fix.

    Disable Avast! Realtime Protection

    1. Right-click on the orange Avast! icon in the system tray and select avast! shields control.
    2. Select the Disable until computer is restarted option.
    3. Then click on the OK button in the subsequent pop-up alert window.
      Note: The Avast! realtime protection will now be temporarily disabled.
    Disable SUPERAntiSpyware

    1. Right-click on the SUPERAntiSpyware system tray icon (- the orange/brown bug running near your clock).
    2. Select Exit from the pop-up menu.
    Step 3:
    OTL - Script

    Next we need to run an OTL Fix.

    1. Double-click on OTL.exe to run the program.
    2. Copy and Paste the following code into the [​IMG] textbox. Do not include the word Code.
      Code:
      :otl
      FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
      FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
      FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
      [2012/01/19 13:36:05 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
      File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
      File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
      File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
      File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
      File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
      File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
      File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
      File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
      File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
      File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
      O15 - HKU\S-1-5-21-1557411339-2503043033-3123730931-1006\..Trusted Domains: internet ([]about in Internet)
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab> (Reg Error: Key error.)
      @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
      @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E3D07DE
      
      :reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\uTorrent\uTorrent.exe"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\uTorrent\uTorrent.exe"=-
      
      :files
      C:\Documents and Settings\All Users\Application Data\IObit
      C:\Documents and Settings\Guest\Application Data\IObit
      C:\Documents and Settings\Suzanne\Application Data\IObit
      C:\Documents and Settings\Suzanne\Application Data\uTorrent
      
      :commands
      [EMPTYTEMP]
      [RESETHOSTS]
      [CREATERESTOREPOINT]
      
    3. Then click the Run Fix button at the top.
    4. Click [​IMG].
    5. OTL may ask to reboot the machine. Please do so if asked.
    6. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
    Please Note: Avast and SUPERAntiSpyware should automatically be relaunched and realtime protection reactivated upon reboot. Please double-check that they are running as before.

    Step 4:
    Hard Disk - Check For Errors

    1. Click on Start > Run.
    2. Copy and Paste the contents of the codebox below into the text entry box:

      Code:
      cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
    3. Then click on the OK button.
    4. A blank command window will open on your Desktop, then close in a few minutes. This is normal.
    5. A file named checkhd.txt should appear on your Desktop.
    6. Please Copy and Paste the contents of the file checkhd.txt into your next reply.
    Step 5:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. OTL Fix Report.
    3. checkhd.txt.
    4. How is the computer now running?

    Scolabar
     
  15. HollyG

    HollyG Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    717
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\as30utph.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1557411339-2503043033-3123730931-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1557411339-2503043033-3123730931-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
    Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
    C:\Program Files\Yahoo!\Common\yinst.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:8E3D07DE deleted successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
    ========== FILES ==========
    C:\Documents and Settings\All Users\Application Data\IObit\Advanced SystemCare V5 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IObit folder moved successfully.
    C:\Documents and Settings\Guest\Application Data\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
    C:\Documents and Settings\Guest\Application Data\IObit\Advanced SystemCare V5 folder moved successfully.
    C:\Documents and Settings\Guest\Application Data\IObit folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\IObit\IObit Uninstaller folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\IObit\Advanced SystemCare V5\Log folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\IObit\Advanced SystemCare V5\Backup folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\IObit\Advanced SystemCare V5 folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\IObit folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\uTorrent\ie folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\uTorrent\dlimagecache folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\uTorrent\Cache folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\uTorrent\apps folder moved successfully.
    C:\Documents and Settings\Suzanne\Application Data\uTorrent folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Application Data

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    User: Guest
    ->Temp folder emptied: 4502846 bytes
    ->Temporary Internet Files folder emptied: 196658561 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 41883 bytes

    User: Letters

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 91463 bytes

    User: Main Administrator
    ->Temp folder emptied: 189400 bytes
    ->Temporary Internet Files folder emptied: 2084182 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 610 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 966755 bytes

    User: Suzanne
    ->Temp folder emptied: 1209 bytes
    ->Temporary Internet Files folder emptied: 8372878 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 63531 bytes

    User: Travel

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 203.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Unable to start System Restore Service. Error code 1056

    OTL by OldTimer - Version 3.2.42.3 log created on 05112012_163805

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1049920