Hi in advance to whom ever replies to my post, already I've found this site to be extremely helpful and hopefully you'll be able to help me resolve the problem on my PC...

The problem I am having with my PC is that upon start up and during various times of the day when my computer is running...Internet Explorer automatically opens without my prompting to do so..I have not used Internet explorer in a very long time as my preference is between Mozilla FireFox and Google chrome..I have also found that no version of the Internet Explorer actually loads just freezes a waiting window..if I do not shut it down with the task manager tool continous Internet explorers continue to open up

The other detail I noticed when closing the Internet explorer popups through Task manager was that a process running called Windows32 was continually growing in size eating up my memory silently in the background..which I believe to be a form of Malware within my registry...I have scanned using Malware bytes to no success so I am really hoping you guys will no what to do and are willing to help me.

Another problem is that any USB key that put into my desktop tower has all the files turned into shorcuts and I am not able to access them as the new shortcut is labelled blank in the C: Drive

I tried to run windows MRT but that program freezes continually on full scan...my AVG windows updates and Maware bytes are all unable to update so im really distraught for what to do...

Many thanks in advance look forward to your response Also I've printed my logfile out of my HijackThis

GeeGe

[HJT log removed - Broni]

Welcome aboard

Please, complete all steps listed here: HERE

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Thanks for your response

Look forward to your reply...started my computer this morning and it says cannot find C:\\ documents but the folder is still intact when i searched for it..

Look forward to your reply!

GeeGe

Hi Broni, Heres attached the following log codes as requested

I had trouble updating my Malwarebytes -Anti Malware but I still ran a quick scan and logged the following results


Malwarebytes' Anti-Malware 1.38
Database version: 2307
Windows 5.1.2600 Service Pack 2

07/05/2011 17:26:12
mbam-log-2011-05-07 (17-26-12).txt

Scan type: Quick Scan
Objects scanned: 114059
Time elapsed: 22 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\windows system devices manager (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\windows system devices manager (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\csrss.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

First Part to the GMER LOG


Next is my GMER log info:

GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-07 18:07:41
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500JS-75NCB3 rev.10.02E04
Running: rfcz27xt.exe; Driver: C:\DOCUME~1\Gyesi\LOCALS~1\Temp\pxtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA9CB8FC0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA9CB5C80] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA9CD0170] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA9CB9580] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA9CCD900] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA9CCDB10] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA9CD1B10] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA9CB9670] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA9CB6210] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA9CD09F0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA9CD07A0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA9CCD280] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA9CD0F10] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA9CD0F90] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA9CB6070] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA9CCF180] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA9CCEF40] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA9CD16F0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA9CD1150] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA9CB8BE0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA9CD1540] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA9CB9190] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA9CB6440] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA9CD04E0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA9CCE200] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA9CCE080] <-- ROOTKIT !!!

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C50 80503A24 12 Bytes [80, 95, CB, A9, 00, D9, CC, ...] {ADC BYTE [EBP-0x26ff5635], 0xcc; TEST EAX, 0xa9ccdb10}
? ggzudg.sys The system cannot find the file specified. !
? srescan.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 093223F0
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 09322690
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0932D2AA
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0932D166
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 093211C0
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 09321400
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 09322350
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 09321000
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 093210A0
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 093222F0
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 09322D00
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 09322B60
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 09321EA0
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 09321C40
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 09322100
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 09321B60
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[272] WS2_32.dll!send 71AB428A 5 Bytes JMP 09322E60
.text C:\WINDOWS\eHome\ehRec.exe[276] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0AFC23F0
.text C:\WINDOWS\eHome\ehRec.exe[276] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0AFC2690
.text C:\WINDOWS\eHome\ehRec.exe[276] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0AFCD2AA
.text C:\WINDOWS\eHome\ehRec.exe[276] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0AFCD166
.text C:\WINDOWS\eHome\ehRec.exe[276] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0AFC11C0
.text C:\WINDOWS\eHome\ehRec.exe[276] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0AFC1400
.text C:\WINDOWS\eHome\ehRec.exe[276] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 0AFC2350
.text C:\WINDOWS\eHome\ehRec.exe[276] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 0AFC1000
.text C:\WINDOWS\eHome\ehRec.exe[276] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 0AFC10A0
.text C:\WINDOWS\eHome\ehRec.exe[276] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 0AFC22F0
.text C:\WINDOWS\eHome\ehRec.exe[276] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 0AFC2D00
.text C:\WINDOWS\eHome\ehRec.exe[276] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 0AFC2B60
.text C:\WINDOWS\eHome\ehRec.exe[276] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0AFC1B60
.text C:\WINDOWS\eHome\ehRec.exe[276] WS2_32.dll!send 71AB428A 5 Bytes JMP 0AFC2E60
.text C:\WINDOWS\eHome\ehRec.exe[276] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 0AFC1EA0
.text C:\WINDOWS\eHome\ehRec.exe[276] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 0AFC1C40
.text C:\WINDOWS\eHome\ehRec.exe[276] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 0AFC2100
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 010723F0
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01072690
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0107D2AA
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0107D166
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 010711C0
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01071400
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01072350
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01071000
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 010710A0
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 010722F0
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 01071B60
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] WS2_32.dll!send 71AB428A 5 Bytes JMP 01072E60
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 01072D00
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 01072B60
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01071EA0
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01071C40
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[288] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 01072100
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 001623F0
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00162690
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0016D2AA
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0016D166
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00161400
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00162350
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00161000
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001610A0
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 001622F0
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00162D00
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00162B60
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00161B60
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] WS2_32.dll!send 71AB428A 5 Bytes JMP 00162E60
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00161EA0
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00161C40
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[344] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00162100
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009223F0
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00922690
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0092D2AA
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0092D166
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009211C0
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00921400
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00922350
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00921000
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009210A0
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 009222F0
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00922D00
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00922B60
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00921EA0
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00921C40
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00922100
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00921B60
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[396] WS2_32.dll!send 71AB428A 5 Bytes JMP 00922E60
.text C:\Program Files\iPod\bin\iPodService.exe[504] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 001623F0
.text C:\Program Files\iPod\bin\iPodService.exe[504] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00162690
.text C:\Program Files\iPod\bin\iPodService.exe[504] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0016D2AA
.text C:\Program Files\iPod\bin\iPodService.exe[504] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0016D166
.text C:\Program Files\iPod\bin\iPodService.exe[504] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0
.text C:\Program Files\iPod\bin\iPodService.exe[504] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00161400
.text C:\Program Files\iPod\bin\iPodService.exe[504] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00162350
.text C:\Program Files\iPod\bin\iPodService.exe[504] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00161000
.text C:\Program Files\iPod\bin\iPodService.exe[504] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001610A0
.text C:\Program Files\iPod\bin\iPodService.exe[504] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 001622F0
.text C:\Program Files\iPod\bin\iPodService.exe[504] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00162D00
.text C:\Program Files\iPod\bin\iPodService.exe[504] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00162B60
.text C:\Program Files\iPod\bin\iPodService.exe[504] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00161EA0
.text C:\Program Files\iPod\bin\iPodService.exe[504] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00161C40
.text C:\Program Files\iPod\bin\iPodService.exe[504] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00162100
.text C:\Program Files\iPod\bin\iPodService.exe[504] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00161B60
.text C:\Program Files\iPod\bin\iPodService.exe[504] WS2_32.dll!send 71AB428A 5 Bytes JMP 00162E60
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 001723F0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00172690
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0017D2AA
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0017D166
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001711C0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00171400
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00172350
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00171000
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001710A0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 001722F0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00172D00
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00172B60
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00171EA0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00171C40
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00172100
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00171B60
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[544] WS2_32.dll!send 71AB428A 5 Bytes JMP 00172E60
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 011423F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01142690
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0114D2AA
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0114D166
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011411C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01141400
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01142350
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01141000
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 011410A0
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 011422F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 01141B60
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] WS2_32.dll!send 71AB428A 5 Bytes JMP 01142E60
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 01142D00
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 01142B60
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01141EA0
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01141C40
.text C:\Program Files\Java\jre6\bin\jqs.exe[568] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 01142100
.text C:\WINDOWS\system32\spoolsv.exe[788] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 012B23F0
.text C:\WINDOWS\system32\spoolsv.exe[788] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 012B2690
.text C:\WINDOWS\system32\spoolsv.exe[788] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 012BD2AA
.text C:\WINDOWS\system32\spoolsv.exe[788] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 012BD166
.text C:\WINDOWS\system32\spoolsv.exe[788] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 012B11C0
.text C:\WINDOWS\system32\spoolsv.exe[788] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 012B1400
.text C:\WINDOWS\system32\spoolsv.exe[788] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 012B2350
.text C:\WINDOWS\system32\spoolsv.exe[788] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 012B1000
.text C:\WINDOWS\system32\spoolsv.exe[788] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 012B10A0
.text C:\WINDOWS\system32\spoolsv.exe[788] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 012B22F0
.text C:\WINDOWS\system32\spoolsv.exe[788] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 012B2D00
.text C:\WINDOWS\system32\spoolsv.exe[788] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 012B2B60
.text C:\WINDOWS\system32\spoolsv.exe[788] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 012B1B60
.text C:\WINDOWS\system32\spoolsv.exe[788] WS2_32.dll!send 71AB428A 5 Bytes JMP 012B2E60
.text C:\WINDOWS\system32\spoolsv.exe[788] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 012B1EA0
.text C:\WINDOWS\system32\spoolsv.exe[788] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 012B1C40
.text C:\WINDOWS\system32\spoolsv.exe[788] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 012B2100
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007423F0
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00742690
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0074D2AA
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0074D166
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007411C0
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00741400
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00742350
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00741000
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 007410A0
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 007422F0
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00742D00
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00742B60
.text C:\WINDOWS\system32\svchost.exe[872] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00741EA0
.text C:\WINDOWS\system32\svchost.exe[872] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00741C40
.text C:\WINDOWS\system32\svchost.exe[872] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00742100
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00741B60
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!send 71AB428A 5 Bytes JMP 00742E60
.text C:\Program Files\Kontiki\KService.exe[888] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 011F23F0
.text C:\Program Files\Kontiki\KService.exe[888] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 011F2690
.text C:\Program Files\Kontiki\KService.exe[888] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 011FD2AA
.text C:\Program Files\Kontiki\KService.exe[888] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 011FD166
.text C:\Program Files\Kontiki\KService.exe[888] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011F11C0
.text C:\Program Files\Kontiki\KService.exe[888] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 011F1400
.text C:\Program Files\Kontiki\KService.exe[888] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 011F2350
.text C:\Program Files\Kontiki\KService.exe[888] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 011F1000
.text C:\Program Files\Kontiki\KService.exe[888] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 011F10A0
.text C:\Program Files\Kontiki\KService.exe[888] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 011F22F0
.text C:\Program Files\Kontiki\KService.exe[888] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 011F2D00
.text C:\Program Files\Kontiki\KService.exe[888] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 011F2B60
.text C:\Program Files\Kontiki\KService.exe[888] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 011F1B60
.text C:\Program Files\Kontiki\KService.exe[888] WS2_32.dll!send 71AB428A 5 Bytes JMP 011F2E60
.text C:\Program Files\Kontiki\KService.exe[888] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 011F1EA0
.text C:\Program Files\Kontiki\KService.exe[888] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 011F1C40
.text C:\Program Files\Kontiki\KService.exe[888] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 011F2100
.text C:\WINDOWS\system32\csrss.exe[1160] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03AB23F0
.text C:\WINDOWS\system32\csrss.exe[1160] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 03AB2690
.text C:\WINDOWS\system32\csrss.exe[1160] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 03ABD2AA
.text C:\WINDOWS\system32\csrss.exe[1160] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 03ABD166
.text C:\WINDOWS\system32\csrss.exe[1160] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 03AB11C0
.text C:\WINDOWS\system32\csrss.exe[1160] KERNEL32.dll!CreateFileW 7C810770 5 Bytes JMP 03AB1400
.text C:\WINDOWS\system32\csrss.exe[1160] KERNEL32.dll!MoveFileW 7C821271 5 Bytes JMP 03AB2350
.text C:\WINDOWS\system32\csrss.exe[1160] KERNEL32.dll!CopyFileA 7C8286FE 5 Bytes JMP 03AB1000
.text C:\WINDOWS\system32\csrss.exe[1160] KERNEL32.dll!CopyFileW 7C82F88F 5 Bytes JMP 03AB10A0
.text C:\WINDOWS\system32\csrss.exe[1160] KERNEL32.dll!MoveFileA 7C835ED7 5 Bytes JMP 03AB22F0
.text C:\WINDOWS\system32\csrss.exe[1160] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 03AB2D00
.text C:\WINDOWS\system32\csrss.exe[1160] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 03AB2B60
.text C:\WINDOWS\system32\csrss.exe[1160] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 03AB1EA0
.text C:\WINDOWS\system32\csrss.exe[1160] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 03AB1C40
.text C:\WINDOWS\system32\csrss.exe[1160] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 03AB2100
.text C:\WINDOWS\system32\csrss.exe[1160] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 03AB1B60
.text C:\WINDOWS\system32\csrss.exe[1160] WS2_32.dll!send 71AB428A 5 Bytes JMP 03AB2E60
.text C:\WINDOWS\system32\winlogon.exe[1184] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01B623F0
.text C:\WINDOWS\system32\winlogon.exe[1184] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01B62690
.text C:\WINDOWS\system32\winlogon.exe[1184] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01B6D2AA
.text C:\WINDOWS\system32\winlogon.exe[1184] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01B6D166
.text C:\WINDOWS\system32\winlogon.exe[1184] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01B611C0
.text C:\WINDOWS\system32\winlogon.exe[1184] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01B61400
.text C:\WINDOWS\system32\winlogon.exe[1184] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01B62350
.text C:\WINDOWS\system32\winlogon.exe[1184] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01B61000
.text C:\WINDOWS\system32\winlogon.exe[1184] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 01B610A0
.text C:\WINDOWS\system32\winlogon.exe[1184] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 01B622F0
.text C:\WINDOWS\system32\winlogon.exe[1184] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 01B62D00
.text C:\WINDOWS\system32\winlogon.exe[1184] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 01B62B60
.text C:\WINDOWS\system32\winlogon.exe[1184] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 01B61B60
.text C:\WINDOWS\system32\winlogon.exe[1184] WS2_32.dll!send 71AB428A 5 Bytes JMP 01B62E60
.text C:\WINDOWS\system32\winlogon.exe[1184] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01B61EA0
.text C:\WINDOWS\system32\winlogon.exe[1184] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01B61C40
.text C:\WINDOWS\system32\winlogon.exe[1184] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 01B62100
.text C:\WINDOWS\system32\services.exe[1228] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 010A23F0
.text C:\WINDOWS\system32\services.exe[1228] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 010A2690
.text C:\WINDOWS\system32\services.exe[1228] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010AD2AA
.text C:\WINDOWS\system32\services.exe[1228] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 010AD166
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 010A11C0
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 010A1400
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 010A2350
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 010A1000
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 010A10A0
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 010A22F0
.text C:\WINDOWS\system32\services.exe[1228] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 010A2D00
.text C:\WINDOWS\system32\services.exe[1228] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 010A2B60
.text C:\WINDOWS\system32\services.exe[1228] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 010A1B60
.text C:\WINDOWS\system32\services.exe[1228] WS2_32.dll!send 71AB428A 5 Bytes JMP 010A2E60
.text C:\WINDOWS\system32\services.exe[1228] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 010A1EA0
.text C:\WINDOWS\system32\services.exe[1228] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 010A1C40
.text C:\WINDOWS\system32\services.exe[1228] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 010A2100
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009E23F0
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009E2690
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009ED2AA
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 009ED166
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009E11C0
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009E1400
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 009E2350
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 009E1000
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009E10A0
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 009E22F0
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 009E2D00
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 009E2B60
.text C:\WINDOWS\system32\svchost.exe[1436] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 009E1B60
.text C:\WINDOWS\system32\svchost.exe[1436] WS2_32.dll!send 71AB428A 5 Bytes JMP 009E2E60
.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 009E1EA0
.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 009E1C40
.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 009E2100
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B323F0
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B32690
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B3D2AA
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00B3D166
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B311C0
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B31400
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00B32350
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00B31000
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00B310A0
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00B322F0
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00B32D00
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00B32B60
.text C:\WINDOWS\system32\svchost.exe[1484] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00B31B60
.text C:\WINDOWS\system32\svchost.exe[1484] WS2_32.dll!send 71AB428A 5 Bytes JMP 00B32E60
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00B31EA0
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00B31C40
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00B32100
.text C:\WINDOWS\System32\svchost.exe[1524] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02EF23F0
.text C:\WINDOWS\System32\svchost.exe[1524] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02EF2690
.text C:\WINDOWS\System32\svchost.exe[1524] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 02EFD2AA
.text C:\WINDOWS\System32\svchost.exe[1524] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 02EFD166
.text C:\WINDOWS\System32\svchost.exe[1524] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02EF11C0
.text C:\WINDOWS\System32\svchost.exe[1524] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02EF1400
.text C:\WINDOWS\System32\svchost.exe[1524] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 02EF2350
.text C:\WINDOWS\System32\svchost.exe[1524] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 02EF1000
.text C:\WINDOWS\System32\svchost.exe[1524] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 02EF10A0
.text C:\WINDOWS\System32\svchost.exe[1524] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 02EF22F0
.text C:\WINDOWS\System32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 02EF2D00
.text C:\WINDOWS\System32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 02EF2B60
.text C:\WINDOWS\System32\svchost.exe[1524] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 02EF1B60
.text C:\WINDOWS\System32\svchost.exe[1524] WS2_32.dll!send 71AB428A 5 Bytes JMP 02EF2E60
.text C:\WINDOWS\System32\svchost.exe[1524] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 02EF1EA0
.text C:\WINDOWS\System32\svchost.exe[1524] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 02EF1C40
.text C:\WINDOWS\System32\svchost.exe[1524] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 02EF2100
.text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007423F0
.text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00742690
.text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0074D2AA
.text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0074D166
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007411C0
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00741400
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00742350
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00741000
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 007410A0
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 007422F0
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00742D00
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00742B60
.text C:\WINDOWS\system32\svchost.exe[1560] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00741EA0
.text C:\WINDOWS\system32\svchost.exe[1560] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00741C40
.text C:\WINDOWS\system32\svchost.exe[1560] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00742100
.text C:\WINDOWS\system32\svchost.exe[1560] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00741B60
.text C:\WINDOWS\system32\svchost.exe[1560] WS2_32.dll!send 71AB428A 5 Bytes JMP 00742E60
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 034D23F0
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 034D2690
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 034DD2AA
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 034DD166
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 034D11C0
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 034D1400
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 034D2350
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 034D1000
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 034D10A0
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 034D22F0
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 034D2D00
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 034D2B60
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 034D1B60
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] WS2_32.dll!send 71AB428A 5 Bytes JMP 034D2E60
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 034D1EA0
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 034D1C40
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1616] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 034D2100
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 008A23F0
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 008A2690
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008AD2AA
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 008AD166
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008A11C0
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008A1400
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 008A2350
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 008A1000
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 008A10A0
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 008A22F0
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 008A2D00
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 008A2B60
.text C:\WINDOWS\system32\svchost.exe[1628] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 008A1B60
.text C:\WINDOWS\system32\svchost.exe[1628] WS2_32.dll!send 71AB428A 5 Bytes JMP 008A2E60
.text C:\WINDOWS\system32\svchost.exe[1628] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 008A1EA0
.text C:\WINDOWS\system32\svchost.exe[1628] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 008A1C40
.text C:\WINDOWS\system32\svchost.exe[1628] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 008A2100
.text C:\WINDOWS\Explorer.EXE[1648] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 024B23F0
.text C:\WINDOWS\Explorer.EXE[1648] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 024B2690
.text C:\WINDOWS\Explorer.EXE[1648] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 024BD2AA
.text C:\WINDOWS\Explorer.EXE[1648] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 024BD166
.text C:\WINDOWS\Explorer.EXE[1648] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 024B11C0
.text C:\WINDOWS\Explorer.EXE[1648] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 024B1400
.text C:\WINDOWS\Explorer.EXE[1648] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 024B2350
.text C:\WINDOWS\Explorer.EXE[1648] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 024B1000
.text C:\WINDOWS\Explorer.EXE[1648] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 024B10A0
.text C:\WINDOWS\Explorer.EXE[1648] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 024B22F0
.text C:\WINDOWS\Explorer.EXE[1648] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 024B2D00
.text C:\WINDOWS\Explorer.EXE[1648] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 024B2B60
.text C:\WINDOWS\Explorer.EXE[1648] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 024B1EA0
.text C:\WINDOWS\Explorer.EXE[1648] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 024B1C40
.text C:\WINDOWS\Explorer.EXE[1648] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 024B2100
.text C:\WINDOWS\Explorer.EXE[1648] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 024B1B60
.text C:\WINDOWS\Explorer.EXE[1648] WS2_32.dll!send 71AB428A 5 Bytes JMP 024B2E60
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D223F0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D22690
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D2D2AA
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00D2D166
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D211C0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00D21400
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00D22350
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00D21000
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00D210A0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00D222F0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00D22D00
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00D22B60
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00D21B60
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D22E60
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00D21EA0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00D21C40
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00D22100
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009D23F0
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009D2690
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009DD2AA
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 009DD166
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009D11C0
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009D1400
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 009D2350
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 009D1000
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009D10A0
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 009D22F0
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 009D1B60
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] WS2_32.dll!send 71AB428A 5 Bytes JMP 009D2E60
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 009D2D00
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 009D2B60
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 009D1EA0
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 009D1C40
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1756] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 009D2100
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A723F0
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A72690
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A7D2AA
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A7D166
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A711C0
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A71400
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00A72350
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00A71000
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00A710A0
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00A722F0
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00A72D00
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00A72B60
.text C:\WINDOWS\system32\svchost.exe[1812] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00A71B60
.text C:\WINDOWS\system32\svchost.exe[1812] WS2_32.dll!send 71AB428A 5 Bytes JMP 00A72E60
.text C:\WINDOWS\system32\svchost.exe[1812] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00A71EA0
.text C:\WINDOWS\system32\svchost.exe[1812] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00A71C40
.text C:\WINDOWS\system32\svchost.exe[1812] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00A72100
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009523F0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00952690
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0095D2AA
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0095D166
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009511C0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00951400
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00952350
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00951000
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009510A0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 009522F0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00951B60
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] WS2_32.dll!send 71AB428A 5 Bytes JMP 00952E60
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00952D00
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00952B60
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00951EA0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00951C40
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00952100
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AE23F0
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AE2690
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00AED2AA
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00AED166
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AE11C0
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00AE1400
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00AE2350
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00AE1000
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00AE10A0
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00AE22F0
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00AE1B60
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] WS2_32.dll!send 71AB428A 5 Bytes JMP 00AE2E60
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00AE2D00
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00AE2B60
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00AE1EA0
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00AE1C40
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[1880] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00AE2100
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 006123F0
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00612690
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0061D2AA
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0061D166
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006111C0
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00611400
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00612350
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00611000
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 006110A0
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 006122F0
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00612D00
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00612B60
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00611EA0
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00611C40
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00612100
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00611B60
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1952] WS2_32.dll!send 71AB428A 5 Bytes JMP 00612E60
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 006923F0
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00692690
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0069D2AA
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0069D166
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006911C0
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00691400
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00692350
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00691000
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 006910A0
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 006922F0
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] ADVAPI32.dll!RegCreateKeyExW 77DD774C 3 Bytes JMP 00692D00
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] ADVAPI32.dll!RegCreateKeyExW + 4 77DD7750 1 Byte [88]
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] ADVAPI32.dll!RegCreateKeyExA 77DDE834 3 Bytes JMP 00692B60
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] ADVAPI32.dll!RegCreateKeyExA + 4 77DDE838 1 Byte [88]
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00691EA0
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00691C40
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00692100
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00691B60
.text C:\WINDOWS\eHome\ehRecvr.exe[1980] WS2_32.dll!send 71AB428A 5 Bytes JMP 00692E60
.text C:\WINDOWS\eHome\ehSched.exe[2012] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007423F0
.text C:\WINDOWS\eHome\ehSched.exe[2012] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00742690
.text C:\WINDOWS\eHome\ehSched.exe[2012] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0074D2AA
.text C:\WINDOWS\eHome\ehSched.exe[2012] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0074D166
.text C:\WINDOWS\eHome\ehSched.exe[2012] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007411C0
.text C:\WINDOWS\eHome\ehSched.exe[2012] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00741400
.text C:\WINDOWS\eHome\ehSched.exe[2012] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00742350
.text C:\WINDOWS\eHome\ehSched.exe[2012] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00741000
.text C:\WINDOWS\eHome\ehSched.exe[2012] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 007410A0
.text C:\WINDOWS\eHome\ehSched.exe[2012] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 007422F0
.text C:\WINDOWS\eHome\ehSched.exe[2012] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00742D00
.text C:\WINDOWS\eHome\ehSched.exe[2012] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00742B60
.text C:\WINDOWS\eHome\ehSched.exe[2012] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00741EA0
.text C:\WINDOWS\eHome\ehSched.exe[2012] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00741C40
.text C:\WINDOWS\eHome\ehSched.exe[2012] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00742100
.text C:\WINDOWS\eHome\ehSched.exe[2012] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00741B60
.text C:\WINDOWS\eHome\ehSched.exe[2012] WS2_32.dll!send 71AB428A 5 Bytes JMP 00742E60
.text C:\WINDOWS\system32\wdfmgr.exe[2284] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 008723F0
.text C:\WINDOWS\system32\wdfmgr.exe[2284] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00872690
.text C:\WINDOWS\system32\wdfmgr.exe[2284] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0087D2AA
.text C:\WINDOWS\system32\wdfmgr.exe[2284] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0087D166
.text C:\WINDOWS\system32\wdfmgr.exe[2284] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008711C0
.text C:\WINDOWS\system32\wdfmgr.exe[2284] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00871400
.text C:\WINDOWS\system32\wdfmgr.exe[2284] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00872350
.text C:\WINDOWS\system32\wdfmgr.exe[2284] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00871000
.text C:\WINDOWS\system32\wdfmgr.exe[2284] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 008710A0
.text C:\WINDOWS\system32\wdfmgr.exe[2284] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 008722F0
.text C:\WINDOWS\system32\wdfmgr.exe[2284] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00872D00
.text C:\WINDOWS\system32\wdfmgr.exe[2284] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00872B60

.text C:\WINDOWS\system32\wdfmgr.exe[2284] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00871EA0
.text C:\WINDOWS\system32\wdfmgr.exe[2284] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00871C40
.text C:\WINDOWS\system32\wdfmgr.exe[2284] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00872100
.text C:\WINDOWS\system32\wdfmgr.exe[2284] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00871B60
.text C:\WINDOWS\system32\wdfmgr.exe[2284] WS2_32.dll!send 71AB428A 5 Bytes JMP 00872E60
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes JMP 009123F0
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 1 Byte [84]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] ntdll.dll!NtQueryDirectoryFile 7C90D76E 3 Bytes JMP 00912690
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] ntdll.dll!NtQueryDirectoryFile + 4 7C90D772 1 Byte [84]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] ntdll.dll!NtResumeThread 7C90DB3E 3 Bytes JMP 0091D2AA
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] ntdll.dll!NtResumeThread + 4 7C90DB42 1 Byte [84]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] ntdll.dll!LdrLoadDll 7C915CBB 3 Bytes JMP 0091D166
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] ntdll.dll!LdrLoadDll + 4 7C915CBF 1 Byte [84]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009111C0
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00911400
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00912350
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00911000
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009110A0
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 009122F0
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00912D00
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00912B60
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00911B60
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] WS2_32.dll!send 71AB428A 5 Bytes JMP 00912E60
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00911EA0
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00911C40
.text C:\WINDOWS\ehome\mcrdsvc.exe[2332] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00912100
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 001723F0
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00172690
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0017D2AA
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0017D166
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001711C0
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00171400
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00172350
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00171000
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001710A0
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 001722F0
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00172D00
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00172B60
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00171EA0
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00171C40
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00172100
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00171B60
.text C:\Documents and Settings\Gyesi\My Documents\Downloads\rfcz27xt.exe[2904] WS2_32.dll!send 71AB428A 5 Bytes JMP 00172E60
.text C:\WINDOWS\ehome\ehtray.exe[3072] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 011C23F0
.text C:\WINDOWS\ehome\ehtray.exe[3072] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 011C2690
.text C:\WINDOWS\ehome\ehtray.exe[3072] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 011CD2AA
.text C:\WINDOWS\ehome\ehtray.exe[3072] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 011CD166
.text C:\WINDOWS\ehome\ehtray.exe[3072] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011C11C0
.text C:\WINDOWS\ehome\ehtray.exe[3072] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 011C1400
.text C:\WINDOWS\ehome\ehtray.exe[3072] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 011C2350
.text C:\WINDOWS\ehome\ehtray.exe[3072] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 011C1000
.text C:\WINDOWS\ehome\ehtray.exe[3072] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 011C10A0
.text C:\WINDOWS\ehome\ehtray.exe[3072] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 011C22F0
.text C:\WINDOWS\ehome\ehtray.exe[3072] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 011C2D00
.text C:\WINDOWS\ehome\ehtray.exe[3072] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 011C2B60
.text C:\WINDOWS\ehome\ehtray.exe[3072] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 011C1EA0
.text C:\WINDOWS\ehome\ehtray.exe[3072] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 011C1C40
.text C:\WINDOWS\ehome\ehtray.exe[3072] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 011C2100
.text C:\WINDOWS\ehome\ehtray.exe[3072] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 011C1B60
.text C:\WINDOWS\ehome\ehtray.exe[3072] WS2_32.dll!send 71AB428A 5 Bytes JMP 011C2E60
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C423F0
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C42690
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C4D2AA
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C4D166
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C411C0
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C41400
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00C42350
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00C41000
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00C410A0
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00C422F0
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00C42D00
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00C42B60
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00C41EA0
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00C41C40
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00C42100
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00C41B60
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[3124] WS2_32.dll!send 71AB428A 5 Bytes JMP 00C42E60
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CE23F0
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00CE2690
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CED2AA
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00CED166
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CE11C0
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CE1400
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00CE2350
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00CE1000
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00CE10A0
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00CE22F0
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00CE2D00
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00CE2B60
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00CE1EA0
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00CE1C40
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00CE2100
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00CE1B60
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3132] WS2_32.dll!send 71AB428A 5 Bytes JMP 00CE2E60
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CF23F0
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00CF2690
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CFD2AA
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00CFD166
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CF11C0
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CF1400
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00CF2350
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00CF1000
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00CF10A0
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00CF22F0
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00CF2D00
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00CF2B60
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00CF1EA0
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00CF1C40
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00CF2100
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00CF1B60
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3148] WS2_32.dll!send 71AB428A 5 Bytes JMP 00CF2E60
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 003A23F0
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 003A2690
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 003AD2AA
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003AD166
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003A11C0
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 003A1400
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 003A2350
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 003A1000
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 003A10A0
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 003A22F0
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 003A2D00
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 003A2B60
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 003A1EA0
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 003A1C40
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 003A2100
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 003A1B60
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3168] WS2_32.dll!send 71AB428A 5 Bytes JMP 003A2E60
.text C:\WINDOWS\system32\dllhost.exe[3352] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A23F0
.text C:\WINDOWS\system32\dllhost.exe[3352] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A2690
.text C:\WINDOWS\system32\dllhost.exe[3352] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000AD2AA
.text C:\WINDOWS\system32\dllhost.exe[3352] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000AD166
.text C:\WINDOWS\system32\dllhost.exe[3352] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0
.text C:\WINDOWS\system32\dllhost.exe[3352] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1400
.text C:\WINDOWS\system32\dllhost.exe[3352] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2350
.text C:\WINDOWS\system32\dllhost.exe[3352] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000
.text C:\WINDOWS\system32\dllhost.exe[3352] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0
.text C:\WINDOWS\system32\dllhost.exe[3352] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A22F0
.text C:\WINDOWS\system32\dllhost.exe[3352] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 000A2D00
.text C:\WINDOWS\system32\dllhost.exe[3352] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 000A2B60
.text C:\WINDOWS\system32\dllhost.exe[3352] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 000A1EA0
.text C:\WINDOWS\system32\dllhost.exe[3352] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 000A1C40
.text C:\WINDOWS\system32\dllhost.exe[3352] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 000A2100
.text C:\WINDOWS\system32\dllhost.exe[3352] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 000A1B60
.text C:\WINDOWS\system32\dllhost.exe[3352] WS2_32.dll!send 71AB428A 5 Bytes JMP 000A2E60
.text C:\WINDOWS\system32\hkcmd.exe[3392] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E823F0
.text C:\WINDOWS\system32\hkcmd.exe[3392] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E82690
.text C:\WINDOWS\system32\hkcmd.exe[3392] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E8D2AA
.text C:\WINDOWS\system32\hkcmd.exe[3392] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00E8D166
.text C:\WINDOWS\system32\hkcmd.exe[3392] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E811C0
.text C:\WINDOWS\system32\hkcmd.exe[3392] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E81400
.text C:\WINDOWS\system32\hkcmd.exe[3392] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00E82350
.text C:\WINDOWS\system32\hkcmd.exe[3392] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00E81000
.text C:\WINDOWS\system32\hkcmd.exe[3392] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00E810A0
.text C:\WINDOWS\system32\hkcmd.exe[3392] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00E822F0
.text C:\WINDOWS\system32\hkcmd.exe[3392] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00E82D00
.text C:\WINDOWS\system32\hkcmd.exe[3392] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00E82B60
.text C:\WINDOWS\system32\hkcmd.exe[3392] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00E81EA0
.text C:\WINDOWS\system32\hkcmd.exe[3392] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00E81C40
.text C:\WINDOWS\system32\hkcmd.exe[3392] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00E82100
.text C:\WINDOWS\system32\hkcmd.exe[3392] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E81B60
.text C:\WINDOWS\system32\hkcmd.exe[3392] WS2_32.dll!send 71AB428A 5 Bytes JMP 00E82E60
.text C:\WINDOWS\system32\igfxpers.exe[3400] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E323F0
.text C:\WINDOWS\system32\igfxpers.exe[3400] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E32690
.text C:\WINDOWS\system32\igfxpers.exe[3400] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E3D2AA
.text C:\WINDOWS\system32\igfxpers.exe[3400] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00E3D166
.text C:\WINDOWS\system32\igfxpers.exe[3400] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E311C0
.text C:\WINDOWS\system32\igfxpers.exe[3400] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E31400
.text C:\WINDOWS\system32\igfxpers.exe[3400] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00E32350
.text C:\WINDOWS\system32\igfxpers.exe[3400] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00E31000
.text C:\WINDOWS\system32\igfxpers.exe[3400] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00E310A0
.text C:\WINDOWS\system32\igfxpers.exe[3400] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00E322F0
.text C:\WINDOWS\system32\igfxpers.exe[3400] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00E32D00
.text C:\WINDOWS\system32\igfxpers.exe[3400] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00E32B60
.text C:\WINDOWS\system32\igfxpers.exe[3400] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00E31EA0
.text C:\WINDOWS\system32\igfxpers.exe[3400] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00E31C40
.text C:\WINDOWS\system32\igfxpers.exe[3400] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00E32100
.text C:\WINDOWS\system32\igfxpers.exe[3400] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E31B60
.text C:\WINDOWS\system32\igfxpers.exe[3400] WS2_32.dll!send 71AB428A 5 Bytes JMP 00E32E60
.text C:\WINDOWS\stsystra.exe[3432] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00F323F0
.text C:\WINDOWS\stsystra.exe[3432] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F32690
.text C:\WINDOWS\stsystra.exe[3432] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F3D2AA
.text C:\WINDOWS\stsystra.exe[3432] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00F3D166
.text C:\WINDOWS\stsystra.exe[3432] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F311C0
.text C:\WINDOWS\stsystra.exe[3432] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00F31400
.text C:\WINDOWS\stsystra.exe[3432] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00F32350
.text C:\WINDOWS\stsystra.exe[3432] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00F31000
.text C:\WINDOWS\stsystra.exe[3432] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00F310A0
.text C:\WINDOWS\stsystra.exe[3432] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00F322F0
.text C:\WINDOWS\stsystra.exe[3432] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00F32D00
.text C:\WINDOWS\stsystra.exe[3432] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00F32B60
.text C:\WINDOWS\stsystra.exe[3432] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00F31EA0
.text C:\WINDOWS\stsystra.exe[3432] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00F31C40
.text C:\WINDOWS\stsystra.exe[3432] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00F32100
.text C:\WINDOWS\stsystra.exe[3432] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00F31B60
.text C:\WINDOWS\stsystra.exe[3432] WS2_32.dll!send 71AB428A 5 Bytes JMP 00F32E60
.text C:\WINDOWS\eHome\ehmsas.exe[3480] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A23F0
.text C:\WINDOWS\eHome\ehmsas.exe[3480] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A2690
.text C:\WINDOWS\eHome\ehmsas.exe[3480] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000AD2AA
.text C:\WINDOWS\eHome\ehmsas.exe[3480] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000AD166
.text C:\WINDOWS\eHome\ehmsas.exe[3480] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0
.text C:\WINDOWS\eHome\ehmsas.exe[3480] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1400
.text C:\WINDOWS\eHome\ehmsas.exe[3480] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2350
.text C:\WINDOWS\eHome\ehmsas.exe[3480] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000
.text C:\WINDOWS\eHome\ehmsas.exe[3480] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0
.text C:\WINDOWS\eHome\ehmsas.exe[3480] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A22F0
.text C:\WINDOWS\eHome\ehmsas.exe[3480] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 000A2D00
.text C:\WINDOWS\eHome\ehmsas.exe[3480] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 000A2B60
.text C:\WINDOWS\eHome\ehmsas.exe[3480] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 000A1EA0
.text C:\WINDOWS\eHome\ehmsas.exe[3480] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 000A1C40
.text C:\WINDOWS\eHome\ehmsas.exe[3480] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 000A2100
.text C:\WINDOWS\eHome\ehmsas.exe[3480] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 000A1B60
.text C:\WINDOWS\eHome\ehmsas.exe[3480] WS2_32.dll!send 71AB428A 5 Bytes JMP 000A2E60
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 019D23F0
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 019D2690
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 019DD2AA
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 019DD166
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 019D11C0
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 019D1400
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 019D2350
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 019D1000
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 019D10A0
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 019D22F0
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 019D2D00
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 019D2B60
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 019D1B60
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] WS2_32.dll!send 71AB428A 5 Bytes JMP 019D2E60
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 019D1EA0
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 019D1C40
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3528] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 019D2100
.text C:\WINDOWS\System32\alg.exe[3548] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A23F0
.text C:\WINDOWS\System32\alg.exe[3548] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A2690
.text C:\WINDOWS\System32\alg.exe[3548] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000AD2AA
.text C:\WINDOWS\System32\alg.exe[3548] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000AD166
.text C:\WINDOWS\System32\alg.exe[3548] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0
.text C:\WINDOWS\System32\alg.exe[3548] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1400
.text C:\WINDOWS\System32\alg.exe[3548] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2350
.text C:\WINDOWS\System32\alg.exe[3548] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000
.text C:\WINDOWS\System32\alg.exe[3548] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0
.text C:\WINDOWS\System32\alg.exe[3548] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A22F0
.text C:\WINDOWS\System32\alg.exe[3548] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 000A2D00
.text C:\WINDOWS\System32\alg.exe[3548] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 000A2B60
.text C:\WINDOWS\System32\alg.exe[3548] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 000A1B60
.text C:\WINDOWS\System32\alg.exe[3548] WS2_32.dll!send 71AB428A 5 Bytes JMP 000A2E60
.text C:\WINDOWS\System32\alg.exe[3548] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 000A1EA0
.text C:\WINDOWS\System32\alg.exe[3548] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 000A1C40
.text C:\WINDOWS\System32\alg.exe[3548] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 000A2100
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00EB23F0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00EB2690
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00EBD2AA
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00EBD166
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EB11C0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00EB1400
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00EB2350
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00EB1000
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00EB10A0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00EB22F0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00EB2D00
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00EB2B60
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00EB1EA0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00EB1C40
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00EB2100
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00EB1B60
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3692] WS2_32.dll!send 71AB428A 5 Bytes JMP 00EB2E60
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CB23F0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00CB2690
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CBD2AA
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00CBD166
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CB11C0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CB1400
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00CB2350
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00CB1000
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00CB10A0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00CB22F0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00CB2D00
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00CB2B60
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00CB1EA0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00CB1C40
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00CB2100
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00CB1B60
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] WS2_32.dll!send 71AB428A 5 Bytes JMP 00CB2E60
.text C:\WINDOWS\system32\ctfmon.exe[3796] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A423F0
.text C:\WINDOWS\system32\ctfmon.exe[3796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A42690
.text C:\WINDOWS\system32\ctfmon.exe[3796] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A4D2AA
.text C:\WINDOWS\system32\ctfmon.exe[3796] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A4D166
.text C:\WINDOWS\system32\ctfmon.exe[3796] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A411C0
.text C:\WINDOWS\system32\ctfmon.exe[3796] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A41400
.text C:\WINDOWS\system32\ctfmon.exe[3796] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00A42350
.text C:\WINDOWS\system32\ctfmon.exe[3796] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00A41000
.text C:\WINDOWS\system32\ctfmon.exe[3796] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00A410A0
.text C:\WINDOWS\system32\ctfmon.exe[3796] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00A422F0
.text C:\WINDOWS\system32\ctfmon.exe[3796] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00A42D00
.text C:\WINDOWS\system32\ctfmon.exe[3796] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00A42B60
.text C:\WINDOWS\system32\ctfmon.exe[3796] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00A41EA0
.text C:\WINDOWS\system32\ctfmon.exe[3796] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00A41C40
.text C:\WINDOWS\system32\ctfmon.exe[3796] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00A42100
.text C:\WINDOWS\system32\ctfmon.exe[3796] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00A41B60
.text C:\WINDOWS\system32\ctfmon.exe[3796] WS2_32.dll!send 71AB428A 5 Bytes JMP 00A42E60
.text C:\WINDOWS\system32\wuauclt.exe[3956] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BF23F0
.text C:\WINDOWS\system32\wuauclt.exe[3956] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00BF2690
.text C:\WINDOWS\system32\wuauclt.exe[3956] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00BFD2AA
.text C:\WINDOWS\system32\wuauclt.exe[3956] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BFD166
.text C:\WINDOWS\system32\wuauclt.exe[3956] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BF11C0
.text C:\WINDOWS\system32\wuauclt.exe[3956] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00BF1400
.text C:\WINDOWS\system32\wuauclt.exe[3956] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00BF2350
.text C:\WINDOWS\system32\wuauclt.exe[3956] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00BF1000
.text C:\WINDOWS\system32\wuauclt.exe[3956] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00BF10A0
.text C:\WINDOWS\system32\wuauclt.exe[3956] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00BF22F0
.text C:\WINDOWS\system32\wuauclt.exe[3956] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00BF2D00
.text C:\WINDOWS\system32\wuauclt.exe[3956] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00BF2B60
.text C:\WINDOWS\system32\wuauclt.exe[3956] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00BF1EA0
.text C:\WINDOWS\system32\wuauclt.exe[3956] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00BF1C40
.text C:\WINDOWS\system32\wuauclt.exe[3956] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00BF2100
.text C:\WINDOWS\system32\wuauclt.exe[3956] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BF1B60
.text C:\WINDOWS\system32\wuauclt.exe[3956] WS2_32.dll!send 71AB428A 5 Bytes JMP 00BF2E60
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01A623F0
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01A62690
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01A6D2AA
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01A6D166
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01A611C0
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01A61400
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01A62350
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01A61000
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 01A610A0
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 01A622F0
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 01A62D00
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 01A62B60
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 01A61B60
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] WS2_32.dll!send 71AB428A 5 Bytes JMP 01A62E60
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01A61EA0
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01A61C40
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[4020] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 01A62100
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 001923F0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00192690
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0019D2AA
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0019D166
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001911C0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00191400
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00192350
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00191000
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001910A0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 001922F0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00192D00
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00192B60
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00191EA0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00191C40
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00192100
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00191B60
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] WS2_32.dll!send 71AB428A 5 Bytes JMP 00192E60
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 001723F0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00172690
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0017D2AA
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0017D166
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001711C0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00171400
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00172350
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00171000
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001710A0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 001722F0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00172D00
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00172B60
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00171EA0
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00171C40
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 00172100
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00171B60
.text C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4384] WS2_32.dll!send 71AB428A 5 Bytes JMP 00172E60
.text C:\WINDOWS\system32\wscntfy.exe[5988] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A23F0
.text C:\WINDOWS\system32\wscntfy.exe[5988] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A2690
.text C:\WINDOWS\system32\wscntfy.exe[5988] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000AD2AA
.text C:\WINDOWS\system32\wscntfy.exe[5988] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000AD166
.text C:\WINDOWS\system32\wscntfy.exe[5988] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0
.text C:\WINDOWS\system32\wscntfy.exe[5988] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1400
.text C:\WINDOWS\system32\wscntfy.exe[5988] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2350
.text C:\WINDOWS\system32\wscntfy.exe[5988] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000
.text C:\WINDOWS\system32\wscntfy.exe[5988] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0
.text C:\WINDOWS\system32\wscntfy.exe[5988] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A22F0
.text C:\WINDOWS\system32\wscntfy.exe[5988] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 000A2D00
.text C:\WINDOWS\system32\wscntfy.exe[5988] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 000A2B60
.text C:\WINDOWS\system32\wscntfy.exe[5988] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 000A1EA0
.text C:\WINDOWS\system32\wscntfy.exe[5988] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 000A1C40
.text C:\WINDOWS\system32\wscntfy.exe[5988] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 000A2100
.text C:\WINDOWS\system32\wscntfy.exe[5988] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 000A1B60
.text C:\WINDOWS\system32\wscntfy.exe[5988] WS2_32.dll!send 71AB428A 5 Bytes JMP 000A2E60

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [A9CBDB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [A9CBD930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [A9CBE260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [A9CBBE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [A9CBBE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [A9CBDB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [A9CBD930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [A9CBE260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [A9CBDB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [A9CBE260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [A9CBD930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [A9CBBE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A9CBE260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A9CBD930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A9CBDB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [A9CBDB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [A9CBBE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [A9CBE260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [A9CBD930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A9CBBE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A9CBDB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A9CBD930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A9CBE260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [A9CBBE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [A9CBE260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [A9CBD930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [A9CBDB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A9CBDB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A9CBBE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A9CBE260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A9CBD930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4132] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00310010

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat A7E79C8A

AttachedDevice \FileSystem\Fastfat \Fat DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] fezrjoyy <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] fshrzqb <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] kensap <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] qvztkhzzy <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] rapmztat <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\fezrjoyy@Di splayName Update Boot
Reg HKLM\SYSTEM\CurrentControlSet\Services\fezrjoyy@Ty pe 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\fezrjoyy@St art 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\fezrjoyy@Er rorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\fezrjoyy@Im agePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\fezrjoyy@Ob jectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\fezrjoyy@De scription Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\fezrjoyy\Pa rameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\fezrjoyy\Pa rameters@ServiceDll C:\WINDOWS\system32\ooskxc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\fshrzqb@Dis playName Network Universal
Reg HKLM\SYSTEM\CurrentControlSet\Services\fshrzqb@Typ e 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\fshrzqb@Sta rt 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\fshrzqb@Err orControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\fshrzqb@Ima gePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\fshrzqb@Obj ectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\fshrzqb@Des cription Provides the endpoint mapper and other miscellaneous RPC services.
Reg HKLM\SYSTEM\CurrentControlSet\Services\fshrzqb\Par ameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\fshrzqb\Par ameters@ServiceDll C:\WINDOWS\system32\ooskxc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kensap@Disp layName Center Image
Reg HKLM\SYSTEM\CurrentControlSet\Services\kensap@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\kensap@Star t 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\kensap@Erro rControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kensap@Imag ePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\kensap@Obje ctName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\kensap@Desc ription Provides the endpoint mapper and other miscellaneous RPC services.
Reg HKLM\SYSTEM\CurrentControlSet\Services\kensap\Para meters
Reg HKLM\SYSTEM\CurrentControlSet\Services\kensap\Para meters@ServiceDll C:\Program Files\Movie Maker\ooskxc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\qvztkhzzy@D isplayName Helper Installer
Reg HKLM\SYSTEM\CurrentControlSet\Services\qvztkhzzy@T ype 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\qvztkhzzy@S tart 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\qvztkhzzy@E rrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\qvztkhzzy@I magePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\qvztkhzzy@O bjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\qvztkhzzy@D escription Stores security information for local user accounts.
Reg HKLM\SYSTEM\CurrentControlSet\Services\qvztkhzzy\P arameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\qvztkhzzy\P arameters@ServiceDll C:\WINDOWS\system32\ooskxc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\rapmztat@Di splayName Driver Update
Reg HKLM\SYSTEM\CurrentControlSet\Services\rapmztat@Ty pe 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\rapmztat@St art 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\rapmztat@Er rorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\rapmztat@Im agePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\rapmztat@Ob jectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\rapmztat@De scription Manages user-mode driver host processes
Reg HKLM\SYSTEM\CurrentControlSet\Services\rapmztat\Pa rameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\rapmztat\Pa rameters@ServiceDll C:\WINDOWS\system32\ooskxc.dll
Reg HKLM\SYSTEM\ControlSet005\Services\fezrjoyy@Displa yName Update Boot
Reg HKLM\SYSTEM\ControlSet005\Services\fezrjoyy@Type 32
Reg HKLM\SYSTEM\ControlSet005\Services\fezrjoyy@Start 2
Reg HKLM\SYSTEM\ControlSet005\Services\fezrjoyy@ErrorC ontrol 0
Reg HKLM\SYSTEM\ControlSet005\Services\fezrjoyy@ImageP ath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet005\Services\fezrjoyy@Object Name LocalSystem
Reg HKLM\SYSTEM\ControlSet005\Services\fezrjoyy@Descri ption Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet005\Services\fezrjoyy\Parame ters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\fezrjoyy\Parame ters@ServiceDll C:\WINDOWS\system32\ooskxc.dll
Reg HKLM\SYSTEM\ControlSet005\Services\fshrzqb@Display Name Network Universal
Reg HKLM\SYSTEM\ControlSet005\Services\fshrzqb@Type 32
Reg HKLM\SYSTEM\ControlSet005\Services\fshrzqb@Start 2
Reg HKLM\SYSTEM\ControlSet005\Services\fshrzqb@ErrorCo ntrol 0
Reg HKLM\SYSTEM\ControlSet005\Services\fshrzqb@ImagePa th %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet005\Services\fshrzqb@ObjectN ame LocalSystem
Reg HKLM\SYSTEM\ControlSet005\Services\fshrzqb@Descrip tion Provides the endpoint mapper and other miscellaneous RPC services.
Reg HKLM\SYSTEM\ControlSet005\Services\fshrzqb\Paramet ers (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\fshrzqb\Paramet ers@ServiceDll C:\WINDOWS\system32\ooskxc.dll
Reg HKLM\SYSTEM\ControlSet005\Services\kensap@DisplayN ame Center Image
Reg HKLM\SYSTEM\ControlSet005\Services\kensap@Type 32
Reg HKLM\SYSTEM\ControlSet005\Services\kensap@Start 2
Reg HKLM\SYSTEM\ControlSet005\Services\kensap@ErrorCon trol 0
Reg HKLM\SYSTEM\ControlSet005\Services\kensap@ImagePat h %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet005\Services\kensap@ObjectNa me LocalSystem
Reg HKLM\SYSTEM\ControlSet005\Services\kensap@Descript ion Provides the endpoint mapper and other miscellaneous RPC services.
Reg HKLM\SYSTEM\ControlSet005\Services\kensap\Paramete rs (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\kensap\Paramete rs@ServiceDll C:\Program Files\Movie Maker\ooskxc.dll
Reg HKLM\SYSTEM\ControlSet005\Services\qvztkhzzy@Displ ayName Helper Installer
Reg HKLM\SYSTEM\ControlSet005\Services\qvztkhzzy@Type 32
Reg HKLM\SYSTEM\ControlSet005\Services\qvztkhzzy@Start 2
Reg HKLM\SYSTEM\ControlSet005\Services\qvztkhzzy@Error Control 0
Reg HKLM\SYSTEM\ControlSet005\Services\qvztkhzzy@Image Path %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet005\Services\qvztkhzzy@Objec tName LocalSystem
Reg HKLM\SYSTEM\ControlSet005\Services\qvztkhzzy@Descr iption Stores security information for local user accounts.
Reg HKLM\SYSTEM\ControlSet005\Services\qvztkhzzy\Param eters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\qvztkhzzy\Param eters@ServiceDll C:\WINDOWS\system32\ooskxc.dll
Reg HKLM\SYSTEM\ControlSet005\Services\rapmztat@Displa yName Driver Update
Reg HKLM\SYSTEM\ControlSet005\Services\rapmztat@Type 32
Reg HKLM\SYSTEM\ControlSet005\Services\rapmztat@Start 2
Reg HKLM\SYSTEM\ControlSet005\Services\rapmztat@ErrorC ontrol 0
Reg HKLM\SYSTEM\ControlSet005\Services\rapmztat@ImageP ath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet005\Services\rapmztat@Object Name LocalSystem
Reg HKLM\SYSTEM\ControlSet005\Services\rapmztat@Descri ption Manages user-mode driver host processes
Reg HKLM\SYSTEM\ControlSet005\Services\rapmztat\Parame ters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\rapmztat\Parame ters@ServiceDll C:\WINDOWS\system32\ooskxc.dll
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICac he@C:\Documents and Settings\Gyesi\Application Data\Nkhchp.exe Photo
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICac he@@xpsp1res.dll,-10078 Chooses default programs for certain activities, such as Web browsing or sending e-mail, and specifies which programs are accessible from the Start menu, desktop, and other locations.
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICac he@@C:\WINDOWS\system32\SHELL32.dll,-22924 Customize the display of files and folders, change file associations, and make network files available offline.

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Gyesi\Application Data\Nkhchp.exe 163840 bytes executable

---- EOF - GMER 1.0.15 ----

Followed by the MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 151):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xF7B31000 \WINDOWS\system32\KDCOM.DLL
0xF7A41000 \WINDOWS\system32\BOOTVID.dll
0xF7631000 ggzudg.sys
0xF7502000 ACPI.sys
0xF7B33000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74F1000 pci.sys
0xF7641000 isapnp.sys
0xF7BF9000 pciide.sys
0xF78B1000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7651000 MountMgr.sys
0xF74D2000 ftdisk.sys
0xF7B35000 dmload.sys
0xF74AC000 dmio.sys
0xF78B9000 PartMgr.sys
0xF7661000 VolSnap.sys
0xF7494000 atapi.sys
0xF7671000 disk.sys
0xF7681000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73BE000 fltmgr.sys
0xF73AC000 sr.sys
0xF7396000 DRVMCDB.SYS
0xF7691000 DigiFilt.sys
0xF76A1000 PxHelp20.sys
0xF7378000 TPkd.sys
0xF7361000 KSecDD.sys
0xF734E000 WudfPf.sys
0xF72C1000 Ntfs.sys
0xF7294000 NDIS.sys
0xF7280000 srescan.sys
0xF7265000 Mup.sys
0xF7AF9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF6849000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF671D000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6709000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF66D0000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF7969000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF66AD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7971000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6685000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6839000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7B5B000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF6829000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76E1000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6662000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7979000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF6595000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF7CC9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76F1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AFD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF657E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7701000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7711000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7981000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF656D000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7721000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7989000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7991000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6514000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7731000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7999000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79A1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B69000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF64E0000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B29000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7741000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B6B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF6491000 \SystemRoot\system32\drivers\btaudio.sys
0xF646D000 \SystemRoot\system32\drivers\portcls.sys
0xF7751000 \SystemRoot\system32\drivers\drmk.sys
0xF7761000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA9E4F000 \SystemRoot\system32\drivers\sthda.sys
0xF7B6F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7781000 \SystemRoot\System32\Drivers\btwusb.sys
0xF7B71000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C86000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B73000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79B1000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF7C87000 \SystemRoot\System32\DRIVERS\AvgAsCln.sys
0xF79B9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79C1000 \SystemRoot\System32\drivers\vga.sys
0xF7B75000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B77000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79C9000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79D1000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AF5000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9E1C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9DC4000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9D64000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xA9D43000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA9D2A000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF79D9000 \SystemRoot\system32\drivers\ip6fw.sys
0xA9D02000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF77A1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9C97000 \SystemRoot\System32\vsdatant.sys
0xF6551000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA9C75000 \SystemRoot\System32\drivers\afd.sys
0xF77B1000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF79E1000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xA9C21000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9BB2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77E1000 \SystemRoot\System32\Drivers\Fips.SYS
0xF79F1000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA9B61000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF7A01000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7A09000 \SystemRoot\system32\DRIVERS\btport.sys
0xA9B07000 \SystemRoot\system32\DRIVERS\btwdndis.sys
0xF77F1000 \SystemRoot\system32\DRIVERS\btwhid.sys
0xF7801000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF644D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF6449000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7A19000 \SystemRoot\System32\Drivers\ASPI32.SYS
0xF7821000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9AC7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BF5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA9D9C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7A39000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D1F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF022000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF049000 \SystemRoot\System32\igxpdv32.DLL
0xBF186000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF6879000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7D1E000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA9971000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF7A55000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7B4B000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF78E9000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA9959000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA9943000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA9997000 \SystemRoot\system32\DRIVERS\hnm_wrls_pkt.sys
0xA9815000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xA9A5F000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xA998F000 \SystemRoot\system32\DRIVERS\wsp_pkt.sys
0xA9987000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9595000 \SystemRoot\system32\DRIVERS\nwrdr.sys
0xA9568000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9503000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9933000 \SystemRoot\system32\drivers\sysaudio.sys
0xF79A9000 \??\C:\WINDOWS\system32\ANIO.SYS
0xA90D4000 \SystemRoot\System32\Drivers\HTTP.sys
0xA98C3000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xA8E4D000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7E95000 \??\C:\DOCUME~1\Gyesi\LOCALS~1\Temp\pxtdqpod.sys
0xA7E72000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA7E36000 \SystemRoot\system32\DRIVERS\Dr71WU.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
1092 C:\WINDOWS\system32\smss.exe
1160 C:\WINDOWS\system32\csrss.exe
1184 C:\WINDOWS\system32\winlogon.exe
1228 C:\WINDOWS\system32\services.exe
1248 C:\WINDOWS\system32\lsass.exe
1436 C:\WINDOWS\system32\svchost.exe
1484 C:\WINDOWS\system32\svchost.exe
1524 C:\WINDOWS\system32\svchost.exe
1560 C:\WINDOWS\system32\svchost.exe
1628 C:\WINDOWS\system32\svchost.exe
1812 C:\WINDOWS\system32\svchost.exe
1916 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
788 C:\WINDOWS\system32\spoolsv.exe
872 C:\WINDOWS\system32\svchost.exe
1700 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1756 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
1616 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
1848 C:\Program Files\Bonjour\mDNSResponder.exe
1880 C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
1952 C:\Program Files\Digidesign\Drivers\MMERefresh.exe
1980 C:\WINDOWS\ehome\ehrecvr.exe
2012 C:\WINDOWS\ehome\ehSched.exe
272 C:\PROGRA~1\AVG\AVG8\avgrsx.exe
276 C:\WINDOWS\ehome\ehRec.exe
288 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
396 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
568 C:\Program Files\Java\jre6\bin\jqs.exe
888 C:\Program Files\Kontiki\KService.exe
1648 C:\WINDOWS\explorer.exe
2284 C:\WINDOWS\system32\wdfmgr.exe
2332 C:\WINDOWS\ehome\mcrdsvc.exe
3072 C:\WINDOWS\ehome\ehtray.exe
3124 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3132 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
3148 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3168 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3392 C:\WINDOWS\system32\hkcmd.exe
3400 C:\WINDOWS\system32\igfxpers.exe
3432 C:\WINDOWS\stsystra.exe
3528 C:\PROGRA~1\AVG\AVG8\avgtray.exe
3656 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
3692 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3764 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3796 C:\WINDOWS\system32\ctfmon.exe
3956 C:\WINDOWS\system32\wuauclt.exe
4020 C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
344 C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
3352 C:\WINDOWS\system32\dllhost.exe
3480 C:\WINDOWS\ehome\ehmsas.exe
3548 C:\WINDOWS\system32\alg.exe
504 C:\Program Files\iPod\bin\iPodService.exe
4384 C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
4132 C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
544 C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2496 C:\Documents and Settings\Gyesi\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002a`7ff5de00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JS-75NCB3, Rev: 10.02E04
PhysicalDrive1 Model Number: MaxtorBasics Desktop, Rev: 0122

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E
931 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Lastly the DDS two logs (The first DDS.txt)

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Gyesi at 18:14:53.98 on 07/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.326 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\eHome\ehRec.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gyesi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gyesi\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://redirecturls.info
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = Dell Start Page
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*Yahoo! SearchBar Home Page
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\prxtbNC0.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrow serrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\prxtbNC0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\prxtbNC0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Google Update] "c:\documents and settings\gyesi\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Nkhchp] c:\documents and settings\gyesi\application data\Nkhchp.exe
uRun: [MicrosoftWindows] c:\documents and settings\gyesi\application data\windows32.exe
uRunServices: [MicrosoftWindows] c:\documents and settings\gyesi\application data\windows32.exe
uRunServicesOnce: [MicrosoftWindows] c:\documents and settings\gyesi\application data\windows32.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [D-Link AirPlus G] c:\program files\d-link\airplus g\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MicrosoftWindows] c:\documents and settings\gyesi\application data\windows32.exe
mRunServices: [MicrosoftWindows] c:\documents and settings\gyesi\application data\windows32.exe
mRunServicesOnce: [MicrosoftWindows] c:\documents and settings\gyesi\application data\windows32.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe " -t
uExplorerRun: [MicrosoftWindows] c:\documents and settings\gyesi\application data\windows32.exe
mExplorerRun: [MicrosoftWindows] c:\documents and settings\gyesi\application data\windows32.exe
StartupFolder: c:\docume~1\gyesi\startm~1\programs\startup\bbcipl ~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ado ber~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blu eto~1.lnk - c:\program files\belkin\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\del lne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mic ros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\belkin\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} - No File
SecurityProviders: msapsspc.dll schannel.dll digest.dll msnsspc.dll, msnsspc.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\gyesi\applic~1\mozilla\firefox\profile s\2cy3cruv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://redirecturls.info);
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc68604&v=6.010.006.004&i=23&tp=ab&iy=b&ychte= us&lng=en-US&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\e xt\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillapl ugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\gyesi\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dl l
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.d ll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox
FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg8\toolbar\firefox\avg@igeared
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\E xt
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\ DigiFilt.sys [2008-3-1 16384]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2008-8-17 10872]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2006-11-30 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-30 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2006-11-30 108552]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-8-17 353672]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2006-11-30 297752]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt. sys [2006-7-14 13824]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
S1 849ff39;849ff39;c:\windows\system32\drivers\849ff3 9.sys [2008-8-17 85050]
S2 fezrjoyy;Update Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 fshrzqb;Network Universal;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-14 136176]
S2 kensap;Center Image;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S2 qvztkhzzy;Helper Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 rapmztat;Driver Update;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2008-3-1 109056]
S3 EWAVE;EWAVE;\??\c:\windows\system32\drivers\ew.sys --> c:\windows\system32\drivers\ew.sys [?]
S3 FILESPY;FILESPY;\??\c:\windows\system32\drivers\fi lespy.sys --> c:\windows\system32\drivers\FILESPY.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-14 136176]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr .sys [2006-10-5 27328]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2df u.sys [2008-3-1 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-3-1 15232]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon. exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 NSTATION;NSTATION;\??\c:\windows\system32\drivers\ nstation.sys --> c:\windows\system32\drivers\nstation.sys [?]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
.
=============== File Associations ===============
.
scrfile="%1" %*
.
=============== Created Last 30 ================
.
2011-05-07 02:02:19 -------- d-----w- c:\windows\ie8updates
2011-05-07 02:01:29 -------- d-----w- c:\docume~1\gyesi\locals~1\applic~1\PCHealth
2011-05-06 04:32:38 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-05-06 04:32:38 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-05-06 04:32:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-05-06 04:32:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-05-06 04:32:35 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-05-06 04:32:35 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-05-06 04:32:33 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-05-06 03:57:52 28 ----a-w- c:\docume~1\gyesi\applic~1\119.tmp
2011-05-06 02:26:53 28 ----a-w- c:\docume~1\gyesi\applic~1\EE.tmp
2011-05-06 02:24:54 28 ----a-w- c:\docume~1\gyesi\applic~1\ED.tmp
2011-05-06 00:02:15 539 ----a-w- c:\docume~1\gyesi\applic~1\49.tmp
2011-05-05 23:51:11 539 ----a-w- c:\docume~1\gyesi\applic~1\43.tmp
2011-05-05 23:42:23 388096 ----a-r- c:\docume~1\gyesi\applic~1\microsoft\installer\{45 a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-05 23:42:22 -------- d-----w- c:\program files\Trend Micro
2011-05-05 22:39:49 64516 ----a-w- c:\docume~1\gyesi\applic~1\25E.tmp
2011-05-05 22:39:46 64516 --sh--r- c:\docume~1\gyesi\applic~1\25D.tmp
2011-05-05 21:34:03 -------- d-sh--w- c:\documents and settings\gyesi\PrivacIE
2011-05-05 21:33:05 64516 ----a-w- c:\docume~1\gyesi\applic~1\20C.tmp
2011-05-05 21:33:02 64516 --sh--r- c:\docume~1\gyesi\applic~1\20A.tmp
2011-05-05 21:32:59 64516 --sh--r- c:\docume~1\gyesi\applic~1\209.tmp
2011-05-05 17:37:58 64516 --sh--r- c:\docume~1\gyesi\applic~1\1C0.tmp
2011-05-05 11:02:40 159744 ----a-w- c:\docume~1\gyesi\applic~1\18.tmp
2011-05-05 1006 -------- d-sh--w- c:\documents and settings\gyesi\IETldCache
2011-05-05 09:57:38 -------- dc-h--w- c:\windows\ie8
2011-05-05 09:50:00 159744 ----a-w- c:\docume~1\gyesi\applic~1\A9.tmp
2011-05-05 05:53:19 159744 --sh--r- c:\docume~1\gyesi\applic~1\1088.tmp
2011-05-05 05:38:26 159744 --sh--r- c:\docume~1\gyesi\applic~1\1086.tmp
2011-05-05 05:34:39 28 ----a-w- c:\docume~1\gyesi\applic~1\1085.tmp
2011-05-05 00:36:54 81920 ----a-w- c:\docume~1\gyesi\applic~1\1083.tmp
2011-05-05 00:17:31 81920 ----a-w- c:\docume~1\gyesi\applic~1\1081.tmp
2011-05-05 00:16:34 81920 ----a-w- c:\docume~1\gyesi\applic~1\1080.tmp
2011-05-05 00:13:04 81920 ----a-w- c:\docume~1\gyesi\applic~1\107F.tmp
2011-05-05 00:09:44 81920 ----a-w- c:\docume~1\gyesi\applic~1\107E.tmp
2011-05-05 00:08:39 81920 ----a-w- c:\docume~1\gyesi\applic~1\107D.tmp
2011-05-05 00:07:35 81920 ----a-w- c:\docume~1\gyesi\applic~1\107C.tmp
2011-05-05 00:07:12 81920 ----a-w- c:\docume~1\gyesi\applic~1\107B.tmp
2011-05-05 00:06:22 81920 ----a-w- c:\docume~1\gyesi\applic~1\107A.tmp
2011-05-05 00:04:51 369 ----a-w- c:\docume~1\gyesi\applic~1\1079.tmp
2011-05-05 00:04:16 81920 ----a-w- c:\docume~1\gyesi\applic~1\1078.tmp
2011-05-04 2338 81920 ----a-w- c:\docume~1\gyesi\applic~1\1077.tmp
2011-05-04 23:55:42 81920 ------w- c:\docume~1\gyesi\applic~1\1076.tmp
2011-05-04 16:45:57 28 ----a-w- c:\docume~1\gyesi\applic~1\D4.tmp
2011-05-04 15:26:33 81920 ----a-w- c:\docume~1\gyesi\applic~1\11.tmp
2011-05-04 08:02:25 81920 ------w- c:\docume~1\gyesi\applic~1\1E4.tmp
2011-05-04 04:06:39 17408 ------w- c:\windows\system32\minimp3.exe
2011-05-03 23:53:52 81920 ------w- c:\docume~1\gyesi\applic~1\D3.tmp
2011-05-03 23:26:15 751 ----a-w- c:\docume~1\gyesi\applic~1\94.tmp
2011-05-03 19:44:43 81920 ----a-w- c:\docume~1\gyesi\applic~1\13.tmp
2011-05-03 18:57:09 81920 ----a-w- c:\docume~1\gyesi\applic~1\10.tmp
2011-05-03 16:38:07 81920 ----a-w- c:\docume~1\gyesi\applic~1\518.tmp
2011-05-03 16:37:24 81920 ------w- c:\docume~1\gyesi\applic~1\517.tmp
2011-05-03 16:37:20 28 ----a-w- c:\docume~1\gyesi\applic~1\516.tmp
2011-05-03 16:35:09 28 ----a-w- c:\docume~1\gyesi\applic~1\515.tmp
2011-05-03 16:33:57 28 ----a-w- c:\docume~1\gyesi\applic~1\514.tmp
2011-05-03 11:47:13 28 ----a-w- c:\docume~1\gyesi\applic~1\4AA.tmp
2011-05-03 04:07:48 28 ----a-w- c:\docume~1\gyesi\applic~1\405.tmp
2011-05-03 03:44:59 28 ----a-w- c:\docume~1\gyesi\applic~1\404.tmp
2011-05-03 02:23:17 28 ----a-w- c:\docume~1\gyesi\applic~1\402.tmp
2011-05-03 02:11:06 81920 ----a-w- c:\docume~1\gyesi\applic~1\400.tmp
2011-05-03 02:00:27 81920 ----a-w- c:\docume~1\gyesi\applic~1\3FF.tmp
2011-05-02 23:14:00 385 ----a-w- c:\docume~1\gyesi\applic~1\2DD.tmp
2011-05-02 22:00:28 385 ----a-w- c:\docume~1\gyesi\applic~1\263.tmp
2011-05-02 21:02:04 28 ----a-w- c:\docume~1\gyesi\applic~1\1FA.tmp
2011-05-02 20:48:39 73728 ------w- c:\docume~1\gyesi\applic~1\104.tmp
.
==================== Find3M ====================
.
2011-04-28 21:45:09 64 ----a-w- c:\windows\system32\msvcsv60.dll
2011-04-26 21:05:08 73 ----a-w- c:\windows\system32\ssprs.dll
2011-04-26 21:05:06 205 ----a-w- c:\windows\system32\lsprst7.dll
2001-11-05 09:30:50 165376 ------w- c:\program files\UNWISE.EXE
.
============= FINISH: 18:17:24.03 ===============


The Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 30/11/2006 09:46:05
System Uptime: 07/05/2011 17:28:45 (1 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 170 GiB total, 36.23 GiB free.
D: is FIXED (NTFS) - 58 GiB total, 58.071 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 932 GiB total, 182.281 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 06/04/2011 00:43:13 - System Checkpoint
RP2: 10/04/2011 03:37:24 - System Checkpoint
RP3: 11/04/2011 05:47:12 - System Checkpoint
RP4: 12/04/2011 06:06:42 - System Checkpoint
RP5: 13/04/2011 06:50:09 - System Checkpoint
RP6: 13/04/2011 17:47:10 - Software Distribution Service 3.0
RP7: 15/04/2011 17:40:49 - System Checkpoint
RP8: 17/04/2011 21:20:28 - System Checkpoint
RP9: 20/04/2011 13:10:32 - System Checkpoint
RP10: 21/04/2011 01:38:44 - Software Distribution Service 3.0
RP11: 22/04/2011 22:20:34 - System Checkpoint
RP12: 24/04/2011 00:46:28 - System Checkpoint
RP13: 26/04/2011 09:24:56 - System Checkpoint
RP14: 27/04/2011 09:53:18 - System Checkpoint
RP15: 28/04/2011 10:22:45 - System Checkpoint
RP16: 29/04/2011 15:23:28 - System Checkpoint
RP17: 01/05/2011 20:27:46 - System Checkpoint
RP18: 03/05/2011 06:50:03 - System Checkpoint
RP19: 04/05/2011 07:51:29 - System Checkpoint
RP20: 05/05/2011 07:52:15 - System Checkpoint
RP21: 05/05/2011 10:36:27 - Installed Windows XP KB932823-v3.
RP22: 05/05/2011 10:59:00 - Installed Windows Internet Explorer 8.
RP23: 05/05/2011 12:03:39 - Software Distribution Service 3.0
RP24: 05/05/2011 12:08:06 - Software Distribution Service 3.0
RP25: 06/05/2011 00:42:21 - Installed HiJackThis
RP26: 07/05/2011 03:00:29 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
4oD
AAC Decoder
AC3Filter (remove only)
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Reader 7.1.0
Adobe Reader Korean Fonts
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AirPlus G
AllToAVI v4 r5394
ANIO Service
ANIWZCS2 Service
Antares Autotune DX v4.12
Antares Autotune VST RTAS TDM v5.08
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arturia Arp2600 V v1.0
Arturia CS-80V v1.2
Arturia Minimoog V v1.0
Arturia Modular System v1.0
ASIO4ALL
AutoUpdate
AVG Free 8.5
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
BassStation
Belkin Bluetooth Software
BitComet 1.09
Bonjour
Broken Sword
Cain & Abel v4.9.3
Camera RAW Plug-In for EPSON Creativity Suite
Cheetah DVD Burner
Conduit Engine
Cool Edit Pro 2.1
Corel Snapfire Plus
Dell CinePlayer
Dell Driver Reset Tool
Dell Network Assistant
Dell System Restore
Digidesign DV Toolkit 2 7.1
Digidesign Pro Tools LE 7.1
Digidesign Shared Plug-Ins 7.0
Dimension Pro
discoDSP Discovery Pro
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
Edirol HQ Orchestral v1.01
Edirol Hyper Canvas
ElastikStandalone
ElastikVst
Emagic EVP73 VSTi v1.0
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Print CD
EPSON Printer Software
EPSON Scan Assistant
EPSON Stylus Photo R285_290 Manual
EPSON Web-To-Page
Express Burn Disc Burning Software
Fairchild Bundle
FL Studio 5
FL Studio 6
FL Studio 8
FL Studio 9
Free Bomb Factory Plug-Ins 7.0
Free Bomb Factory Plug-Ins 7.3
Free Video to Flash Converter version 4.1
FrostWire 4.21.1
GemMaster Mystic
GMedia Music impOSCar VSTi v1.0.0.1
Google Chrome
Google Update Helper
H.264 Decoder
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB943232)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IL Download Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
InterLok Driver Kit
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
Linplug SaxLab v1.0.2
LiquidInstrument Standalone 1.1
LiquidInstrumentDXi2 1.1
LiquidInstrumentVst 1.1
LiveUpdate 3.1 (Symantec Corporation)
Mackie Traktion VST Plugins Unlocked v2.1.0.6
Macromedia Fireworks 8
Magic ISO Maker v5.5 (build 0274)
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Works
Miroslav Philharmonik
MKV Splitter
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
N.I Pro-53 v3.0-OxYGeN
Native Instruments - Rig Kontrol 3 Driver
Native Instruments Absynth 2
Native Instruments Absynth 4
Native Instruments Absynth v3.0
Native Instruments Absynth v3.0.2
Native Instruments B4 Tone Wheels Bundle v1.11
Native Instruments FM7
Native Instruments Guitar Rig 3
Native Instruments Kontakt 2
Native Instruments Kontakt 4
Native Instruments Kontakt Factory Selection
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
Native Instruments Pro-52 v2.1
Native Instruments Service Center
NCH Toolbar
NI Service Center
Novation Bass-Station VSTi v1.10
OGM to AVI Beta .6
OpenOffice.org Installer 1.0
Orange Preload
Otto
PDF Settings
PlugsoundPro 1.0.3.
PoiZone
PowerISO
Pro-Five (VST)
Project SAM Symphobia 1.0
QuickTime
Rapture 1.0
RealPlayer
RealUpgrade 1.0
ReFX Beast VSTi v1.0
reFX Nexus 1.0.0
reFX Nexus 1.0.9
rgc:audio z3ta+ 1.5
RipCast Streaming Audio Ripper 1.9
Rob Papen Albino 3
Rob Papen Predator V1.01b release
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SA31xx Device Manager & Media Converter
SampleTank 2.2
Sawer
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Segoe UI
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sonik Synth 2
Sony ACID Pro 5.0
Sony ACID Pro 6.0
Sony CD Architect 5.2a
Sony Media Manager 2.1
Steinberg WaveLab v4.00c
Syncrosoft's License Control
The KMPlayer (remove only)
Toxic Biohazard
TPKD Installer x32
Trilogy
TweakNow RegCleaner Professional
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
Virtual Beat Thang
Waves Mercury Bundle
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB885884
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB973768
WinPcap 4.0
WinRAR archiver
Zero-G Sounds of Polynesia
Zero-G Sounds of the 70s
Zero-X BeatSlicer
ZoneAlarm
ZoneAlarm Spy Blocker
.
==== Event Viewer Messages From Past Week ========
.
07/05/2011 17:31:15, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iastor
07/05/2011 14:02:56, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 14:02:54, error: Service Control Manager [7034] - The KService service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 14:02:53, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 14:02:53, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 14:02:52, error: Service Control Manager [7034] - The Digidesign MME Refresh Service service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 14:02:52, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 14:02:52, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/05/2011 14:02:52, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
07/05/2011 14:02:51, error: Service Control Manager [7034] - The Automatic LiveUpdate Scheduler service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 14:02:51, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
06/05/2011 11:24:41, error: Service Control Manager [7022] - The KService service hung on starting.
05/05/2011 12:05:43, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3.
05/05/2011 10:18:13, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
05/05/2011 10:18:03, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
03/05/2011 19:54:36, error: Service Control Manager [7023] - The Update Boot service terminated with the following error: The specified module could not be found.
03/05/2011 19:54:36, error: Service Control Manager [7023] - The Network Universal service terminated with the following error: The specified module could not be found.
03/05/2011 19:54:36, error: Service Control Manager [7023] - The Helper Installer service terminated with the following error: The specified module could not be found.
03/05/2011 19:54:36, error: Service Control Manager [7023] - The Driver Update service terminated with the following error: The specified module could not be found.
03/05/2011 19:54:36, error: Service Control Manager [7023] - The Center Image service terminated with the following error: The specified module could not be found.
03/05/2011 19:54:36, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
03/05/2011 19:54:36, error: Service Control Manager [7000] - The Nsynas32 service failed to start due to the following error: The system cannot find the device specified.
03/05/2011 19:54:36, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
03/05/2011 19:54:36, error: Service Control Manager [7000] - The Logitech Bluetooth Service service failed to start due to the following error: The system cannot find the file specified.
02/05/2011 19:09:37, error: MRxSmb [8003] - The master browser has received a server announcement from the computer RAMJOE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7E23CDE3-98A2-4C94. The master browser is stopping or an election is being forced.
02/05/2011 18:37:29, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.4. The machine with the IP address 192.168.1.8 did not allow the name to be claimed by this machine.
01/05/2011 22:35:01, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf2cf595, parameter3 a7a30ba4, parameter4 00000000.
.
==== End Of File ===========================


Thanks in advanced look forward to you responses

GeeGe

You're running two AV programs, AVG and ZoneAlarm AV.
One of them has to go.
I suggest, you uninstall AVG, using AVG Remover: AVG - Download tools

Then, your MBAM version is very outdated.
Uninstall it, download fresh copy from here: Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer
Post fresh log.
Update the program first, if the infection will let you.

Hey Broni,

I was using the Zone Alarm as my firewall only and my AVG was for my anti virus..but I managed to delete it...I was having trouble accessing the link to the update version of Malwarebytes and even AVG official website to get a firewall I think due to the virus. I managed to find a reliable site to download both programs from though.

I was able to run a fresh scan using the newly installed version of Malwarebytes which seems to have detected many of the problems on my PC

Below is a list of the results Also after rebooting the computer I haven't had any internet explorer pop ups so far and I also tried plugging in a usb to see if the shortcut of folder exe had been removed which seems to have disappeared as well Thanks a bunch so far

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6531

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

08/05/2011 14:16:24
mbam-log-2011-05-08 (14-16-23).txt

Scan type: Quick scan
Objects scanned: 202861
Time elapsed: 11 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 15
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 30

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Windows System Devices Manager (Spyware.Passwords.XGen) -> Value: Windows System Devices Manager -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\Windows System Devices Manager (Spyware.Passwords.XGen) -> Value: Windows System Devices Manager -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\Nkhchp (Backdoor.AXE.Gen) -> Value: Nkhchp -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\load\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (www.best-articles.ch) Good: (Google) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\csrss.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\gyesi\application data\nkhchp.exe (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\10.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\104.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\1076.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\1077.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\1078.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\107A.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\107B.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\107C.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\107D.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\107E.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\107F.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\D3.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\1080.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\3FF.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\400.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\517.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\518.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\A9.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\1081.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\1083.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\1086.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\1088.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\11.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\13.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\18.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\1E4.tmp (Backdoor.AXE.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\2A.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\Gyesi\application data\windows32.exe (Trojan.Agent) -> Quarantined and deleted successfully.