I don't think my computer has a virus but I want to make sure that it is clean. Broni helped me a while ago with getting rid of the Thinkpoint virus and others I think. After it was clean, I did get some blue screen errors and he said it was a possible RAM or memory issue. Well..I never really did anything to fix that. Then this past August, my computer wouldn't run Windows Vista and I ended up needing to just reinstall it and start over. Now, there still might be a hardware or RAM issue. I still haven't looked into it too much and every couple weeks I do get a blue screen error. (By the way, if you want to read my other threads on here, that might help clarify things.) I guess I am going to post the last few blue screen view logs. And I did run Malware Bytes. It did find and remove 1 infection. But I can't seem to find where the log is. Sort of weird that I can't find a Documents and Settings folder when I thought I had that before I reinstalled Vista...Should I have that folder? I also ran Temporary File Cleaner and Secunia PSI. They both fixed whatever needed fixing. I wasn't sure if I should do all of the logs in the pinned Read This First..thread since I don't think I have a virus. I hope all of this isn't too confusing but please help if you can!

==================================================
Dump File : Mini101111-01.dmp
Crash Time : 10/11/2011 10:40:20 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000000
Parameter 2 : 0x0000001b
Parameter 3 : 0x00000001
Parameter 4 : 0x82870435
Caused By Driver : aswSP.SYS
Caused By Address : aswSP.SYS+41de4
File Description : avast! self protection module
Product Name : avast! Antivirus System
Company : AVAST Software
File Version : 6.0.1203.0
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : ntkrnlpa.exe+36435
Stack Address 2 : ntkrnlpa.exe+41397
Stack Address 3 : ntkrnlpa.exe+b2a4a
Computer Name :
Full Path : C:\Windows\Minidump\Mini101111-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 138,024
==================================================

==================================================
Dump File : Mini100111-01.dmp
Crash Time : 10/1/2011 7:11:33 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x0000005f
Parameter 2 : 0x0000001b
Parameter 3 : 0x00000001
Parameter 4 : 0x828c35ce
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4dfd9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18484 (vistasp2_gdr.110617-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : ntkrnlpa.exe+a75ce
Stack Address 2 : ntkrnlpa.exe+3f45c
Stack Address 3 : ntkrnlpa.exe+218b50
Computer Name :
Full Path : C:\Windows\Minidump\Mini100111-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 143,816
==================================================

==================================================
Dump File : Mini092911-01.dmp
Crash Time : 9/29/2011 1:34:56 PM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x0000110b
Parameter 3 : 0x00000000
Parameter 4 : 0xbd7fb008
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18484 (vistasp2_gdr.110617-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+5db20
Stack Address 3 : ntkrnlpa.exe+2326ac
Computer Name :
Full Path : C:\Windows\Minidump\Mini092911-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 143,816
==================================================

There is no Documents and Settings folder in Vista.

Please, complete all steps listed here: HERE

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 7926

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

10/12/2011 11:41:48 PM
mbam-log-2011-10-12 (23-41-48).txt

Scan type: Quick scan
Objects scanned: 165536
Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-13 01:25:30
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 TOSHIBA_MK1646GSX rev.LB112D
Running: e5t3oc6s.exe; Driver: C:\Users\Andrea\AppData\Local\Temp\uwdiqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D213374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D215996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D2159EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D215B04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D2158EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D215A3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D215940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D215AB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D213398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D213162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D2133BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D215EFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D213E54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D2159C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D215A16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D215B2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D215918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D215A7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D21596E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D215ADC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D213D1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D2133E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D213404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D2131BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D2132F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D2132D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D21331C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D213428]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EAE89A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 828AE890 4 Bytes [74, 33, 21, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1D1 828AE954 8 Bytes [96, 59, 21, 8D, EE, 59, 21, ...] {XCHG ESI, EAX; POP ECX; AND [EBP-0x72dea612], ECX}
.text ntkrnlpa.exe!KeSetEvent + 1DD 828AE960 4 Bytes [04, 5B, 21, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1F5 828AE978 4 Bytes [EC, 58, 21, 8D]
.text ntkrnlpa.exe!KeSetEvent + 215 828AE998 8 Bytes [3E, 5A, 21, 8D, 40, 59, 21, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 829D962F 5 Bytes JMP 8EAE43DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82A32543 5 Bytes JMP 8EAE5E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A3BE68 4 Bytes CALL 8D2144C5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A3FADC 4 Bytes CALL 8D2144DB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82A93DCA 7 Bytes JMP 8EAE89AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 4537 8186FC90 5 Bytes JMP 8D2165E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 81888EC9 5 Bytes JMP 8D216FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 81889CB5 5 Bytes JMP 8D217118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 81892417 5 Bytes JMP 8D215F32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 8189336E 5 Bytes JMP 8D216D7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 30F6 8189EAA7 5 Bytes JMP 8D2164BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4569 8189FF1A 5 Bytes JMP 8D2160DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119BE 818B9A45 5 Bytes JMP 8D216326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A12 818B9A99 5 Bytes JMP 8D2164CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 818E0A7E 5 Bytes JMP 8D216D0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 818E33DD 5 Bytes JMP 8D215FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 818E9D2E 5 Bytes JMP 8D21614A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B42 818F41CC 5 Bytes JMP 8D2171BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 818F70B4 5 Bytes JMP 8D216016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 81C 819154D5 5 Bytes JMP 8D216EFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6EC2 8191BB7B 5 Bytes JMP 8D216D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 8191F2EA 5 Bytes JMP 8D216E48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 81926C09 5 Bytes JMP 8D216096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 819451A4 5 Bytes JMP 8D216254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 8194AA22 5 Bytes JMP 8D2161AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 8194E55A 5 Bytes JMP 8D217070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 8196CA67 5 Bytes JMP 8D2161E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D229 81979281 5 Bytes JMP 8D21628E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\iPod\bin\iPodService.exe[12] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\iPod\bin\iPodService.exe[12] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Program Files\iPod\bin\iPodService.exe[12] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[12] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\iPod\bin\iPodService.exe[12] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Program Files\iPod\bin\iPodService.exe[12] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Program Files\iPod\bin\iPodService.exe[12] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Program Files\iPod\bin\iPodService.exe[12] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Program Files\iPod\bin\iPodService.exe[12] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Program Files\iPod\bin\iPodService.exe[12] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Program Files\iPod\bin\iPodService.exe[12] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Program Files\iPod\bin\iPodService.exe[12] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Program Files\iPod\bin\iPodService.exe[12] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Program Files\iPod\bin\iPodService.exe[12] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Program Files\iPod\bin\iPodService.exe[12] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\iPod\bin\iPodService.exe[12] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 002803FC
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00280600
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00281014
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00280804
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00280A08
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00280C0C
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00280E10
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[192] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 002801F8
.text C:\Windows\system32\taskeng.exe[248] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[248] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[248] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[248] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[248] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[248] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[248] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[248] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[348] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[348] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[348] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[348] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[348] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[348] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[348] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[348] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[348] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[348] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[348] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[348] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[348] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[348] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[348] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[348] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[548] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[548] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[548] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\Explorer.EXE[548] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[548] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[548] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[548] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[548] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[548] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[548] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[548] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[548] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[548] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[548] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[548] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[548] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\csrss.exe[616] KERNEL32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00090600
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00090804
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[652] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\csrss.exe[660] KERNEL32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[668] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[668] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[668] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[668] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[668] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[668] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[668] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[668] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[668] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[668] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[668] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[668] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[668] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[668] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[668] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[668] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\winlogon.exe[716] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[716] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[716] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[716] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[716] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[716] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[716] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\winlogon.exe[716] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[716] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[744] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[744] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[744] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[744] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[744] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[744] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[744] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[744] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[760] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[760] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[760] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[760] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[760] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[760] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[760] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[760] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[760] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[760] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[760] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 003103FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00310600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00311014
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00310804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00310A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00310C0C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00310E10
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 003101F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00320600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00320804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00320A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 003201F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[764] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 003203FC
.text C:\Windows\system32\lsm.exe[768] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\lsm.exe[768] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\lsm.exe[768] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[768] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\lsm.exe[768] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\lsm.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\lsm.exe[768] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\lsm.exe[768] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\lsm.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\lsm.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\lsm.exe[768] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00180600
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00181014
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00180804
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00180A08
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00180C0C
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00180E10
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[832] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\igfxpers.exe[900] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxpers.exe[900] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxpers.exe[900] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[900] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Windows\System32\igfxpers.exe[900] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Windows\System32\igfxpers.exe[900] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\igfxpers.exe[900] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\igfxpers.exe[900] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Windows\System32\igfxpers.exe[900] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxpers.exe[900] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxpers.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00181014
.text C:\Windows\System32\igfxpers.exe[900] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxpers.exe[900] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxpers.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00180C0C
.text C:\Windows\System32\igfxpers.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00180E10
.text C:\Windows\System32\igfxpers.exe[900] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[916] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00200600
.text C:\Windows\system32\svchost.exe[916] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00200804
.text C:\Windows\system32\svchost.exe[916] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00200A08
.text C:\Windows\system32\svchost.exe[916] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 002001F8
.text C:\Windows\system32\svchost.exe[916] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 002003FC
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00130600
.text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00130804
.text C:\Windows\system32\svchost.exe[988] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00130A08
.text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001301F8
.text C:\Windows\system32\svchost.exe[988] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001303FC
.text C:\Windows\System32\svchost.exe[1028] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1028] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1028] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00160600
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00160804
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00160A08
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001601F8
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 002703FC
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00270600
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00271014
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00270804
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00270A08
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00270C0C
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00270E10
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 002701F8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00280600
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00280804
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00280A08
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 002801F8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 002803FC
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[1088] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 002803FC
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00280600
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00281014
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00280804
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00280A08
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00280C0C
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00280E10
.text C:\Program Files\Dell\QuickSet\quickset.exe[1112] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 002801F8
.text C:\Windows\System32\svchost.exe[1116] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 000D0600
.text C:\Windows\System32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 000D0804
.text C:\Windows\System32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 000D0A08
.text C:\Windows\System32\svchost.exe[1116] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000D01F8
.text C:\Windows\System32\svchost.exe[1116] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000D03FC
.text C:\Windows\System32\igfxtray.exe[1132] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxtray.exe[1132] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxtray.exe[1132] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[1132] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxtray.exe[1132] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxtray.exe[1132] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxtray.exe[1132] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\igfxtray.exe[1132] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxtray.exe[1132] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\igfxtray.exe[1132] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00190600
.text C:\Windows\System32\igfxtray.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\igfxtray.exe[1132] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxtray.exe[1132] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\igfxtray.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\igfxtray.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\igfxtray.exe[1132] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001901F8
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00330600
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00330804
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00330A08
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 003301F8
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 003303FC
.text C:\Windows\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000C03FC
.text C:\Windows\System32\hkcmd.exe[1176] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\hkcmd.exe[1176] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Windows\System32\hkcmd.exe[1176] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[1176] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00180600
.text C:\Windows\System32\hkcmd.exe[1176] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00180804
.text C:\Windows\System32\hkcmd.exe[1176] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\hkcmd.exe[1176] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\hkcmd.exe[1176] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\hkcmd.exe[1176] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[1176] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00190600
.text C:\Windows\System32\hkcmd.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\hkcmd.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\hkcmd.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\hkcmd.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\hkcmd.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\hkcmd.exe[1176] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00171014
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00170C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00170E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1236] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00180600
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00181014
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00180804
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00180A08
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00180C0C
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00180E10
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1240] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1252] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\AUDIODG.EXE[1280] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1312] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1312] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001601F8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001603FC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00180600
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00181014
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00180804
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00180A08
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00180C0C
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00180E10
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1384] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00BE0600
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00BE0804
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00BE0A08
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 00BE01F8
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 00BE03FC
.text C:\Windows\OEM02Mon.exe[1420] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001401F8
.text C:\Windows\OEM02Mon.exe[1420] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001403FC
.text C:\Windows\OEM02Mon.exe[1420] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\OEM02Mon.exe[1420] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00160600
.text C:\Windows\OEM02Mon.exe[1420] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00160804
.text C:\Windows\OEM02Mon.exe[1420] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00160A08
.text C:\Windows\OEM02Mon.exe[1420] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001601F8
.text C:\Windows\OEM02Mon.exe[1420] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001603FC
.text C:\Windows\OEM02Mon.exe[1420] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001703FC
.text C:\Windows\OEM02Mon.exe[1420] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00170600
.text C:\Windows\OEM02Mon.exe[1420] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00171014
.text C:\Windows\OEM02Mon.exe[1420] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00170804
.text C:\Windows\OEM02Mon.exe[1420] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00170A08
.text C:\Windows\OEM02Mon.exe[1420] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00170C0C
.text C:\Windows\OEM02Mon.exe[1420] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00170E10
.text C:\Windows\OEM02Mon.exe[1420] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001701F8
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1452] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\DellTPad\Apoint.exe[1488] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\DellTPad\Apoint.exe[1488] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\DellTPad\Apoint.exe[1488] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\DellTPad\Apoint.exe[1488] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Program Files\DellTPad\Apoint.exe[1488] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Program Files\DellTPad\Apoint.exe[1488] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\DellTPad\Apoint.exe[1488] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\DellTPad\Apoint.exe[1488] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Program Files\DellTPad\Apoint.exe[1488] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\DellTPad\Apoint.exe[1488] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00180600
.text C:\Program Files\DellTPad\Apoint.exe[1488] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00181014
.text C:\Program Files\DellTPad\Apoint.exe[1488] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00180804
.text C:\Program Files\DellTPad\Apoint.exe[1488] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00180A08
.text C:\Program Files\DellTPad\Apoint.exe[1488] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00180C0C
.text C:\Program Files\DellTPad\Apoint.exe[1488] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00180E10
.text C:\Program Files\DellTPad\Apoint.exe[1488] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001801F8
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1508] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00290600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00290804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00290A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 002901F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 002903FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 002A03FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 002A0600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 002A1014
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 002A0804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 002A0A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 002A0C0C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 002A0E10
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1524] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 002A01F8
.text C:\Windows\system32\svchost.exe[1528] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1528] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1528] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00B70600
.text C:\Windows\system32\svchost.exe[1528] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00B70804
.text C:\Windows\system32\svchost.exe[1528] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00B70A08
.text C:\Windows\system32\svchost.exe[1528] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 00B701F8
.text C:\Windows\system32\svchost.exe[1528] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 00B703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1612] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00180600
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00181014
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00180804
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00180A08
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00180C0C
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00180E10
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1632] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001801F8
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1660] kernel32.dll!SetUnhandledExceptionFilter 75B2A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1660] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1692] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1692] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1692] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1692] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1692] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1692] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1692] USER32.dll!SetWindowsHookExA 75EC6322 3 Bytes JMP 00780600
.text C:\Windows\System32\spoolsv.exe[1692] USER32.dll!SetWindowsHookExA + 4 75EC6326 1 Byte [8A]
.text C:\Windows\System32\spoolsv.exe[1692] USER32.dll!SetWindowsHookExW 75EC87AD 3 Bytes JMP 00780804
.text C:\Windows\System32\spoolsv.exe[1692] USER32.dll!SetWindowsHookExW + 4 75EC87B1 1 Byte [8A]
.text C:\Windows\System32\spoolsv.exe[1692] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00780A08
.text C:\Windows\System32\spoolsv.exe[1692] USER32.dll!SetWinEventHook 75EC9F3A 3 Bytes JMP 007801F8
.text C:\Windows\System32\spoolsv.exe[1692] USER32.dll!SetWinEventHook + 4 75EC9F3E 1 Byte [8A]
.text C:\Windows\System32\spoolsv.exe[1692] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 007803FC
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000D03FC
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 000D0600
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 000D1014
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 000D0804
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 000D0A08
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 000D0C0C
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 000D0E10
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000D01F8
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 000E0600
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 000E0804
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 000E0A08
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000E01F8
.text C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe[2012] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000E03FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 009703FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00970600
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00971014
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00970804
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00970A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00970C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00970E10
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 009701F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00980600
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00980804
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00980A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 009801F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2040] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 009803FC
.text C:\Windows\system32\svchost.exe[2128] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[2128] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[2128] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2128] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2128] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2128] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[2128] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2128] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2128] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[2128] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[2128] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[2128] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00A10600
.text C:\Windows\system32\svchost.exe[2128] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00A10804
.text C:\Windows\system32\svchost.exe[2128] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00A10A08
.text C:\Windows\system32\svchost.exe[2128] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 00A101F8
.text C:\Windows\system32\svchost.exe[2128] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 00A103FC
.text C:\Windows\system32\igfxsrvc.exe[2148] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxsrvc.exe[2148] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxsrvc.exe[2148] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[2148] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Windows\system32\igfxsrvc.exe[2148] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Windows\system32\igfxsrvc.exe[2148] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\igfxsrvc.exe[2148] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxsrvc.exe[2148] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\igfxsrvc.exe[2148] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[2148] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxsrvc.exe[2148] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\igfxsrvc.exe[2148] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxsrvc.exe[2148] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxsrvc.exe[2148] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\igfxsrvc.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\igfxsrvc.exe[2148] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001801F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00180600
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00181014
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00180804
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00180A08
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00180C0C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00180E10
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2280] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2500] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[2552] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2556] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2556] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2556] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2556] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2556] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2556] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2556] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2556] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2556] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2556] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2556] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2612] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\aestsrv.exe[2648] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\aestsrv.exe[2648] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\aestsrv.exe[2648] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\aestsrv.exe[2648] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001703FC
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\aestsrv.exe[2648] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00170600
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\aestsrv.exe[2648] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00171014
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\aestsrv.exe[2648] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00170804
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\aestsrv.exe[2648] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00170A08
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\aestsrv.exe[2648] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00170C0C
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\aestsrv.exe[2648] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00170E10
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\aestsrv.exe[2648] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2660] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2712] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2724] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2724] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2756] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2756] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2756] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00B10600
.text C:\Windows\system32\svchost.exe[2756] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00B10804
.text C:\Windows\system32\svchost.exe[2756] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00B10A08
.text C:\Windows\system32\svchost.exe[2756] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 00B101F8
.text C:\Windows\system32\svchost.exe[2756] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 00B103FC
.text C:\Windows\System32\svchost.exe[2776] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2776] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2776] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2776] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2776] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2776] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2776] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2776] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2776] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2776] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2776] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2776] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00180600
.text C:\Windows\System32\svchost.exe[2776] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00180804
.text C:\Windows\System32\svchost.exe[2776] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\svchost.exe[2776] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[2776] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\svchost.exe[2892] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2892] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2892] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2892] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2892] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2892] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2892] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2892] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2892] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2892] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2892] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2892] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00A90600
.text C:\Windows\System32\svchost.exe[2892] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00A90804
.text C:\Windows\System32\svchost.exe[2892] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00A90A08
.text C:\Windows\System32\svchost.exe[2892] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 00A901F8
.text C:\Windows\System32\svchost.exe[2892] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 00A903FC
.text C:\Windows\system32\svchost.exe[2904] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2904] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2904] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2904] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2904] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2904] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2904] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2904] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2904] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2904] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2904] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2904] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[2904] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00140804
.text C:\Windows\system32\svchost.exe[2904] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00140A08
.text C:\Windows\system32\svchost.exe[2904] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001401F8
.text C:\Windows\system32\svchost.exe[2904] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001403FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00170600
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00171014
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00170804
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00170A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00170C0C
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00170E10
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001701F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00180600
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00180804
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[3008] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00090600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00090804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3244] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000903FC
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001401F8
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001403FC
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 002603FC
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00260600
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00261014
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00260804
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00260A08
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00260C0C
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00260E10
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 002601F8
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00270600
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00270804
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00270A08
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 002701F8
.text C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe[3272] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 002703FC
.text C:\Windows\system32\svchost.exe[3308] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3308] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3308] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3308] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[3356] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000901F8
.text C:\Windows\System32\svchost.exe[3356] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[3356] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3356] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[3356] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[3356] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 000B1014
.text C:\Windows\System32\svchost.exe[3356] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[3356] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[3356] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\svchost.exe[3356] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 000B0E10
.text C:\Windows\System32\svchost.exe[3356] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\SearchIndexer.exe[3380] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[3380] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[3380] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3380] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[3380] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[3380] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[3380] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[3380] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[3380] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[3380] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[3380] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3380] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3380] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[3380] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[3380] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[3380] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 008C0600
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 008C0804
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 008C0A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 008C01F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3512] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 008C03FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001401F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001403FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001603FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00160600
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00161014
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00160804
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00160A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00160C0C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00160E10
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001601F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3572] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Program Files\DellTPad\HidFind.exe[3676] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\DellTPad\HidFind.exe[3676] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\DellTPad\HidFind.exe[3676] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\DellTPad\HidFind.exe[3676] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Program Files\DellTPad\HidFind.exe[3676] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Program Files\DellTPad\HidFind.exe[3676] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\DellTPad\HidFind.exe[3676] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\DellTPad\HidFind.exe[3676] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Program Files\DellTPad\HidFind.exe[3676] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\DellTPad\HidFind.exe[3676] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00180600
.text C:\Program Files\DellTPad\HidFind.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00181014
.text C:\Program Files\DellTPad\HidFind.exe[3676] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00180804
.text C:\Program Files\DellTPad\HidFind.exe[3676] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00180A08
.text C:\Program Files\DellTPad\HidFind.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00180C0C
.text C:\Program Files\DellTPad\HidFind.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00180E10
.text C:\Program Files\DellTPad\HidFind.exe[3676] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001801F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000401F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000403FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000603FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00060600
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00061014
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00060804
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00060A08
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00060C0C
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00060E10
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000601F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00070600
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00070804
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00070A08
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000701F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe[3752] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3768] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3768] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3768] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3768] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[3768] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 001E0804
.text C:\Windows\system32\svchost.exe[3768] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 001E0A08
.text C:\Windows\system32\svchost.exe[3768] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001E01F8
.text C:\Windows\system32\svchost.exe[3768] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001E03FC
.text C:\Program Files\DellTPad\Apntex.exe[3852] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\DellTPad\Apntex.exe[3852] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\DellTPad\Apntex.exe[3852] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\DellTPad\Apntex.exe[3852] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Program Files\DellTPad\Apntex.exe[3852] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Program Files\DellTPad\Apntex.exe[3852] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\DellTPad\Apntex.exe[3852] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\DellTPad\Apntex.exe[3852] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Program Files\DellTPad\Apntex.exe[3852] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\DellTPad\Apntex.exe[3852] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00180600
.text C:\Program Files\DellTPad\Apntex.exe[3852] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00181014
.text C:\Program Files\DellTPad\Apntex.exe[3852] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00180804
.text C:\Program Files\DellTPad\Apntex.exe[3852] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00180A08
.text C:\Program Files\DellTPad\Apntex.exe[3852] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00180C0C
.text C:\Program Files\DellTPad\Apntex.exe[3852] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00180E10
.text C:\Program Files\DellTPad\Apntex.exe[3852] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001801F8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00180600
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00181014
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00180804
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00180A08
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00180C0C
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00180E10
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001801F8
.text C:\Program Files\Secunia\PSI\sua.exe[4000] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000601F8
.text C:\Program Files\Secunia\PSI\sua.exe[4000] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000603FC
.text C:\Program Files\Secunia\PSI\sua.exe[4000] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[4000] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Secunia\PSI\sua.exe[4000] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Program Files\Secunia\PSI\sua.exe[4000] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Program Files\Secunia\PSI\sua.exe[4000] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Program Files\Secunia\PSI\sua.exe[4000] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Program Files\Secunia\PSI\sua.exe[4000] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Program Files\Secunia\PSI\sua.exe[4000] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Program Files\Secunia\PSI\sua.exe[4000] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000403FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4020] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00190600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00191014
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00190804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00190A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00190C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00190E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4112] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001901F8
.text C:\Windows\system32\svchost.exe[4152] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[4152] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[4152] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4152] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[4152] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[4152] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[4152] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[4152] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[4152] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[4152] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[4152] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00171014
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00170C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00170E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00181014
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4508] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 001801F8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 001503FC
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 003703FC
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00370600
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00371014
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00370804
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00370A08
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00370C0C
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00370E10
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 003701F8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00380600
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00380804
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00380A08
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 003801F8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4688] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 003803FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4792] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] ntdll.dll!LdrLoadDll 76FF93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] ntdll.dll!LdrUnloadDll 7700B740 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] ADVAPI32.dll!CreateServiceW 76EC9EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] ADVAPI32.dll!DeleteService 76ECA07E 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] ADVAPI32.dll!SetServiceObjectSecurity 76F06CD9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] ADVAPI32.dll!ChangeServiceConfigA 76F06DD9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] ADVAPI32.dll!ChangeServiceConfigW 76F06F81 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] ADVAPI32.dll!ChangeServiceConfig2A 76F07099 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] ADVAPI32.dll!ChangeServiceConfig2W 76F071E1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] ADVAPI32.dll!CreateServiceA 76F072A1 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] USER32.dll!SetWindowsHookExA 75EC6322 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] USER32.dll!SetWindowsHookExW 75EC87AD 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] USER32.dll!UnhookWindowsHookEx 75EC98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] USER32.dll!SetWinEventHook 75EC9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4900] USER32.dll!UnhookWinEvent 75ECC06F 5 Bytes JMP 000703FC
.text C:\Users\Andrea\Desktop\e5t3oc6s.exe[5360] kernel32.dll!GetBinaryTypeW + 70 75B52467 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FD7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7402A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FDBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FCF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FD75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FCE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74008395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FDDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FCFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FCFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FC71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7405CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FFC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FCD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FC6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FC687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[548] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FD2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[744] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00250002
IAT C:\Windows\system32\services.exe[744] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00250000
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [613478CB] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [613478CB] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6134636A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [613478CB] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6134636A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [613462A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61346C41] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61346C41] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [613464F0] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6134644A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [613478CB] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6134636A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61346212] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [613461D4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61346370] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [613462A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61346C41] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61346405] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [613477FD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [6134702A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1084] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\BTHUSB \Device\00000074 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000076 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Par ameters\Keys\001e4ce046d7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Par ameters\Keys\001e4ce046d7@3816d19e1f8f 0x97 0x47 0x87 0x78 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Paramet ers\Keys\001e4ce046d7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Paramet ers\Keys\001e4ce046d7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Paramet ers\Keys\001e4ce046d7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Paramet ers\Keys\001e4ce046d7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Paramet ers\Keys\001e4ce046d7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Paramet ers\Keys\001e4ce046d7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Paramet ers\Keys\001e4ce046d7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Paramet ers\Keys\001e4ce046d7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Paramet ers\Keys\001e4ce046d7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Paramet ers\Keys\001e4ce046d7@3816d19e1f8f 0x97 0x47 0x87 0x78 ...

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-13 01:28:31
-----------------------------
01:28:31.452 OS Version: Windows 6.0.6002 Service Pack 2
01:28:31.453 Number of processors: 2 586 0xF0D
01:28:31.455 ComputerName: ANDREA-PC UserName: Andrea
01:28:36.774 Initialize success
01:28:37.659 AVAST engine defs: 11101201
01:29:07.613 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
01:29:07.619 Disk 0 Vendor: TOSHIBA_MK1646GSX LB112D Size: 152627MB BusType: 3
01:29:09.899 Disk 0 MBR read successfully
01:29:09.907 Disk 0 MBR scan
01:29:09.914 Disk 0 Windows VISTA default MBR code
01:29:09.927 Disk 0 scanning sectors +312578048
01:29:10.203 Disk 0 scanning C:\Windows\system32\drivers
01:30:28.313 Service scanning
01:30:30.640 Modules scanning
01:31:30.269 Disk 0 trace - called modules:
01:31:30.301 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
01:31:30.307 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a35130]
01:31:30.313 3 CLASSPNP.SYS[885a18b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84a40030]
01:31:31.960 AVAST engine scan C:\Windows
01:31:46.084 AVAST engine scan C:\Windows\system32
01:34:06.809 AVAST engine scan C:\Windows\system32\drivers
01:34:17.920 AVAST engine scan C:\Users\Andrea
01:36:49.025 AVAST engine scan C:\ProgramData
01:39:27.288 Disk 0 MBR has been saved successfully to "C:\Users\Andrea\Desktop\MBR.dat"
01:39:27.303 The log file has been saved successfully to "C:\Users\Andrea\Desktop\aswMBR.txt"


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Andrea at 1:41:00 on 2011-10-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.719 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z017&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.e xe" -quiet
uRun: [Google Update] "c:\users\andrea\appdata\local\google\update\Googl eUpdate.exe" /c
uRun: [MusicManager] "c:\users\andrea\appdata\local\programs\google\mus icmanager\MusicManager.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4F8CC207-7B55-435E-B2AE-C5D37FBBF25F} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\andrea\appdata\roaming\mozilla\firefox\pr ofiles\wgsvwugj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z017&form=ZGAPHP
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\users\andrea\appdata\local\google\update\1.3.21 .69\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [2011-8-29 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-29 320856]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filereposi tory\stwrt.inf_c09c50a2\AEstSrv.exe [2011-8-30 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2011-8-29 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2011-8-29 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-29 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-8-29 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-4 366152]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-8-10 45288]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2011-9-4 22216]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EX E [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-13 05:07:52 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{722bd4c6-a43b-4ab4-954b-fbe2aaaa42b4}\offreg.dll
2011-10-12 04:19:31 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{722bd4c6-a43b-4ab4-954b-fbe2aaaa42b4}\mpengine.dll
2011-10-12 04:18:15 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-12 04:18:13 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 04:18:13 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 04:18:13 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 04:18:13 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 04:18:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 04:18:07 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 04:18:06 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 04:18:05 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 04:18:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-20 00:07:19 -------- d-----w- c:\users\andrea\appdata\local\HP
2011-09-19 02:53:02 -------- d-----w- c:\users\andrea\appdata\local\Programs
.
==================== Find3M ====================
.
2011-09-27 11:47:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-01 04:11:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:13:06 76 --sh--r- c:\windows\CT4CET.bin
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 06:01:53 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-08-30 16:00:24 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-08-30 15:59:34 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2011-08-30 15:59:33 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-08-30 15:59:33 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-08-30 15:59:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-08-30 15:59:33 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-08-30 15:59:33 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-08-30 15:59:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-08-30 15:59:33 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-08-30 02:34:28 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-08-30 02:34:25 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-08-30 00:22:19 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-08-30 00:20:42 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2011-08-29 23:54:48 23552 ----a-w- c:\windows\system32\lpk.dll
2011-08-29 23:54:48 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-08-29 23:51:15 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-08-29 23:51:14 272896 ----a-w- c:\windows\system32\polstore.dll
2011-08-29 23:46:32 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-08-29 23:46:32 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-08-29 23:46:32 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-08-29 23:46:32 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-08-29 23:46:32 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-08-29 23:46:32 10240 ----a-w- c:\windows\system32\finger.exe
2011-08-29 23:46:31 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-08-29 23:46:31 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-08-29 23:43:37 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-08-29 23:43:36 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-08-29 23:43:36 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-08-29 23:43:36 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-08-29 23:43:36 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-08-29 23:43:36 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-08-29 23:43:33 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-08-29 23:42:34 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-08-29 23:42:33 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-08-29 23:42:32 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-08-29 23:41:24 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-08-29 23:38:58 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-08-29 23:38:58 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-08-29 23:38:58 2048 ----a-w- c:\windows\system32\mferror.dll
2011-08-29 23:34:08 71680 ----a-w- c:\windows\system32\atl.dll
2011-08-29 23:28:34 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-08-29 23:27:45 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-08-29 23:27:45 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-08-29 23:24:06 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-08-29 23:15:43 623616 ----a-w- c:\windows\system32\localspl.dll
2011-08-29 23:11:31 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-08-29 23:10:50 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-08-29 23:10:49 9728 ----a-w- c:\windows\system32\lsass.exe
2011-08-29 23:10:49 72704 ----a-w- c:\windows\system32\secur32.dll
2011-08-29 23:10:49 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-08-29 23:10:49 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-08-29 23:10:49 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-08-29 23:07:59 6917120 ----a-w- c:\windows\system32\NlsLexicons0c1a.dll
2011-08-29 23:07:59 4495360 ----a-w- c:\windows\system32\NlsData0816.dll
2011-08-29 23:07:59 1965056 ----a-w- c:\windows\system32\NlsData0c1a.dll
2011-08-29 23:07:59 1965056 ----a-w- c:\windows\system32\NlsData081a.dll
2011-08-29 23:05:23 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-08-29 23:03:22 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-08-29 23:03:22 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-08-29 23:02:11 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-08-29 23:02:11 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-08-29 23:02:10 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-08-29 22:58:17 98304 ----a-w- c:\windows\system32\cabview.dll
2011-08-29 2217 37888 ----a-w- c:\windows\system32\printcom.dll
2011-08-29 22:55:29 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-08-29 22:15:18 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-08-29 19:22:46 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-08-29 19:22:26 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-08-29 1928 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-08-29 19:20:39 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-08-29 19:20:39 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-08-29 19:20:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-08-29 19:18:47 243712 ----a-w- c:\windows\system32\rastls.dll
2011-08-29 19:18:27 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-08-29 19:16:56 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-08-29 19:16:56 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-08-29 19:16:56 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-08-29 19:16:56 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-08-29 19:16:56 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-08-29 19:16:56 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-08-29 19:16:55 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-08-29 19:16:55 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-08-29 19:16:55 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-08-29 19:16:55 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2011-08-29 19:16:08 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-08-29 19:15:26 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-08-29 18:13:02 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-08-29 18:12:39 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-08-29 18:12:24 33792 ----a-w- c:\windows\system32\wuapp.exe
.
============= FINISH: 1:44:00.40 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/29/2011 3:03:21 PM
System Uptime: 10/13/2011 12:01:39 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0WP007
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | Microprocessor | 1667/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 82.361 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.236 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP111: 10/1/2011 7:48:33 PM - Scheduled Checkpoint
RP112: 10/4/2011 3:00:44 AM - Windows Update
RP113: 10/4/2011 9:49:56 PM - Windows Update
RP114: 10/6/2011 1:37:32 AM - Scheduled Checkpoint
RP115: 10/7/2011 12:00:25 AM - Scheduled Checkpoint
RP116: 10/7/2011 2:08:28 AM - Windows Update
RP117: 10/8/2011 1:38:45 AM - Scheduled Checkpoint
RP118: 10/9/2011 1:40:40 AM - Scheduled Checkpoint
RP119: 10/10/2011 12:00:09 AM - Scheduled Checkpoint
RP120: 10/10/2011 2:17:38 PM - Scheduled Checkpoint
RP121: 10/11/2011 11:18:27 PM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVerMedia HC82 Express-Card Hybrid Analog
AVerMedia MCE Encoder x86 3.0.1.0
Bonjour
BufferChm
C4700
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows
Coupons.com Toolbar
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager
Dell Resource CD
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Destinations
DeviceDiscovery
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
ImgBurn
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 27
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliType Pro 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Diagnostic Tool
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
Network
PS_AIO_06_C4700_SW_Min
QuickSet
QuickTime
QuickTransfer
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Scan
Search Toolbar
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2584066)
Shop for HP Supplies
SigmaTel Audio
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Outlook Social Connector (KB2583935)
VLC media player 1.1.11
WebReg
WIDCOMM Bluetooth Software 6.0.1.3100
Windows 7 Upgrade Advisor
WinRAR 4.01 (32-bit)
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
10/9/2011 5:54:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
10/9/2011 10:46:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
10/8/2011 9:50:12 PM, Error: EventLog [6008] - The previous system shutdown at 3:32:13 PM on 10/8/2011 was unexpected.
10/8/2011 10:53:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the STacSV service.
10/7/2011 11:30:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
10/7/2011 10:51:23 PM, Error: EventLog [6008] - The previous system shutdown at 10:49:54 PM on 10/7/2011 was unexpected.
10/6/2011 9:00:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service.
10/6/2011 4:15:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
10/13/2011 12:07:22 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/12/2011 12:16:27 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
10/12/2011 11:34:10 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
10/11/2011 10:45:24 PM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
10/10/2011 1:23:32 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
.
==== End Of File ===========================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ComboFix 11-10-13.05 - Andrea 10/13/2011 20:07:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1118 [GMT -5:00]
Running from: c:\users\Andrea\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))
.
.
2011-10-14 01:17 . 2011-10-14 01:18 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2011-10-14 01:17 . 2011-10-14 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-12 04:19 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{722BD4C6-A43B-4AB4-954B-FBE2AAAA42B4}\mpengine.dll
2011-10-12 04:18 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 04:18 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 04:18 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 04:18 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 04:18 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 04:18 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 04:18 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 04:18 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 04:18 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 04:18 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-04 08:08 . 2011-10-04 08:08 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-09-20 00:07 . 2011-09-20 00:07 -------- d-----w- c:\users\Andrea\AppData\Local\HP
2011-09-19 02:53 . 2011-09-19 02:53 -------- d-----w- c:\users\Andrea\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-09-27 11:47 . 2011-08-30 18:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 20:45 . 2011-08-30 00:47 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-08-30 00:47 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-08-30 00:47 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-08-30 00:47 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-08-30 00:47 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-08-30 00:47 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-08-30 00:47 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-08-30 00:47 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-01 04:11 . 2011-09-01 04:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-31 22:00 . 2011-09-05 04:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 06:04 . 2011-08-31 06:04 45056 ----a-r- c:\users\Andrea\AppData\Roaming\Microsoft\Installe r\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF2 97A603021_1.exe
2011-08-31 06:01 . 2011-08-31 06:01 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-08-30 16:01 . 2011-08-30 16:01 161792 ----a-w- c:\windows\system32\msls31.dll
2011-08-30 16:01 . 2011-08-30 16:01 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-30 16:01 . 2011-08-30 16:01 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-30 16:01 . 2011-08-30 16:01 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-30 16:01 . 2011-08-30 16:01 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-08-30 16:01 . 2011-08-30 16:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-30 16:01 . 2011-08-30 16:01 367104 ----a-w- c:\windows\system32\html.iec
2011-08-30 16:01 . 2011-08-30 16:01 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-08-30 16:01 . 2011-08-30 16:01 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-30 16:01 . 2011-08-30 16:01 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-30 16:01 . 2011-08-30 16:01 152064 ----a-w- c:\windows\system32\wextract.exe
2011-08-30 16:01 . 2011-08-30 16:01 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-08-30 16:01 . 2011-08-30 16:01 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-30 16:01 . 2011-08-30 16:01 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-08-30 16:01 . 2011-08-30 16:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-30 16:01 . 2011-08-30 16:01 11776 ----a-w- c:\windows\system32\mshta.exe
2011-08-30 16:01 . 2011-08-30 16:01 101888 ----a-w- c:\windows\system32\admparse.dll
2011-08-30 16:01 . 2011-08-30 16:01 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-30 16:00 . 2011-08-30 16:00 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-08-30 16:00 . 2011-08-30 16:00 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-08-30 16:00 . 2011-08-30 16:00 98816 ----a-w- c:\windows\system32\mfps.dll
2011-08-30 16:00 . 2011-08-30 16:00 586240 ----a-w- c:\windows\system32\stobject.dll
2011-08-30 16:00 . 2011-08-30 16:00 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-08-30 16:00 . 2011-08-30 16:00 2873344 ----a-w- c:\windows\system32\mf.dll
2011-08-30 16:00 . 2011-08-30 16:00 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-08-30 16:00 . 2011-08-30 16:00 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-08-30 16:00 . 2011-08-30 16:00 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-08-30 16:00 . 2011-08-30 16:00 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-08-30 16:00 . 2011-08-30 16:00 37376 ----a-w- c:\windows\system32\cdd.dll
2011-08-30 16:00 . 2011-08-30 16:00 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-08-30 16:00 . 2011-08-30 16:00 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-08-30 16:00 . 2011-08-30 16:00 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-08-30 16:00 . 2011-08-30 16:00 258048 ----a-w- c:\windows\system32\winspool.drv
2011-08-30 15:59 . 2011-08-30 15:59 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-08-30 15:59 . 2011-08-30 15:59 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-08-30 15:59 . 2011-08-30 15:59 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-08-30 15:59 . 2011-08-30 15:59 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-08-30 15:59 . 2011-08-30 15:59 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-08-30 15:59 . 2011-08-30 15:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-08-30 15:59 . 2011-08-30 15:59 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-08-30 15:59 . 2011-08-30 15:59 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-08-30 02:34 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-08-30 02:34 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-08-30 00:22 . 2011-08-30 00:22 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-08-30 00:20 . 2011-08-30 00:20 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-08-29 23:54 . 2011-08-29 23:54 23552 ----a-w- c:\windows\system32\lpk.dll
2011-08-29 23:54 . 2011-08-29 23:54 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-08-29 23:51 . 2011-08-29 23:51 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-08-29 23:51 . 2011-08-29 23:51 272896 ----a-w- c:\windows\system32\polstore.dll
2011-08-29 23:46 . 2011-08-29 23:46 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-08-29 23:46 . 2011-08-29 23:46 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-08-29 23:46 . 2011-08-29 23:46 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-08-29 23:46 . 2011-08-29 23:46 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-08-29 23:46 . 2011-08-29 23:46 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-08-29 23:46 . 2011-08-29 23:46 10240 ----a-w- c:\windows\system32\finger.exe
2011-08-29 23:46 . 2011-08-29 23:46 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-08-29 23:46 . 2011-08-29 23:46 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-08-29 23:43 . 2011-08-29 23:43 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-08-29 23:43 . 2011-08-29 23:43 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-08-29 23:43 . 2011-08-29 23:43 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-08-29 23:43 . 2011-08-29 23:43 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-08-29 23:43 . 2011-08-29 23:43 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-08-29 23:43 . 2011-08-29 23:43 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-08-29 23:43 . 2011-08-29 23:43 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-08-29 23:42 . 2011-08-29 23:42 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-08-29 23:42 . 2011-08-29 23:42 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-08-29 23:42 . 2011-08-29 23:42 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-08-29 23:41 . 2011-08-29 23:41 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-08-29 23:38 . 2011-08-29 23:38 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-08-29 23:38 . 2011-08-29 23:38 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-08-29 23:38 . 2011-08-29 23:38 2048 ----a-w- c:\windows\system32\mferror.dll
2011-08-29 23:34 . 2011-08-29 23:34 71680 ----a-w- c:\windows\system32\atl.dll
2011-08-29 23:28 . 2011-08-29 23:28 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-08-29 23:27 . 2011-08-29 23:27 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-08-29 23:27 . 2011-08-29 23:27 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-08-29 23:24 . 2011-08-29 23:24 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-08-29 23:15 . 2011-08-29 23:15 623616 ----a-w- c:\windows\system32\localspl.dll
2011-08-29 23:11 . 2011-08-29 23:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-08-29 23:10 . 2011-08-29 23:10 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-08-29 23:10 . 2011-08-29 23:10 9728 ----a-w- c:\windows\system32\lsass.exe
2011-08-29 23:10 . 2011-08-29 23:10 72704 ----a-w- c:\windows\system32\secur32.dll
2011-08-29 23:10 . 2011-08-29 23:10 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-08-29 23:10 . 2011-08-29 23:10 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-08-29 23:10 . 2011-08-29 23:10 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-08-29 23:08 . 2011-08-29 23:08 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2011-08-29 23:08 . 2011-08-29 23:08 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2011-08-29 23:08 . 2011-08-29 23:08 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2006-06-16 01:33 . 2011-08-31 06:21 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 23:43 . 2011-08-31 06:21 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 19:41 . 2011-08-31 06:21 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 18:10 . 2011-08-31 06:21 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 17:19 . 2011-08-31 06:21 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 23:35 . 2011-08-31 06:21 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 16:10 . 2011-08-31 06:21 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 16:42 . 2011-08-31 06:21 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 16:22 . 2011-08-31 06:21 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 16:21 . 2011-08-31 06:21 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2011-10-07 02:12 . 2011-08-30 16:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
2011-03-28 16:22 176936 ----a-w- c:\program files\Coupons.com\prxtbCoup.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\prxtbCoup.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMesse nger.exe" [2011-08-22 6276408]
"MusicManager"="c:\users\Andrea\AppData\Local\Prog rams\Google\MusicManager\MusicManager.exe" [2011-06-15 12817920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-02-12 133656]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-10 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileReposi tory\stwrt.inf_c09c50a2\aestsrv.exe [2007-09-20 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2011-09-06 54616]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-10 45288]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2011-08-31 22216]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158732446-1286898495-1315859794-1000Core.job
- c:\users\Andrea\AppData\Local\Google\Update\Google Update.exe [2011-09-19 02:52]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158732446-1286898495-1315859794-1000UA.job
- c:\users\Andrea\AppData\Local\Google\Update\Google Update.exe [2011-09-19 02:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z017&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Pr ofiles\wgsvwugj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z017&form=ZGAPHP
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-13 20:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-13 20:28:01
ComboFix-quarantined-files.txt 2011-10-14 01:27
.
Pre-Run: 90,321,309,696 bytes free
Post-Run: 89,916,334,080 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 6A8CACFC2F86AB371381B793F663F43A

Looks good.

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

OTL logfile created on: 10/13/2011 10:02:34 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Andrea\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.73% Memory free
4.21 Gb Paging File | 2.89 Gb Available in Paging File | 68.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.49 Gb Total Space | 83.92 Gb Free Space | 61.49% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.24 Gb Free Space | 32.36% Space Free | Partition Type: NTFS

Computer Name: ANDREA-PC | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/13 21:59:47 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/04/05 16:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/02/17 15:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/08/26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/02/22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/15 18:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\stacsv.exe
PRC - [2008/02/15 18:23:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\AEstSrv.exe
PRC - [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 17:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/11 23:37:56 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xm l.ni.dll
MOD - [2011/10/11 23:35:20 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/11 23:35:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni .dll
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/11/03 17:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2008/08/26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/02/15 18:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c09c50a2\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 15:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/10 16:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/04/15 13:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/02/15 18:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\prxtbCoup.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2158732446-1286898495-1315859794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Bing
IE - HKU\S-1-5-21-2158732446-1286898495-1315859794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2158732446-1286898495-1315859794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF AD 14 8F 24 67 CC 01 [binary data]
IE - HKU\S-1-5-21-2158732446-1286898495-1315859794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2158732446-1286898495-1315859794-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2158732446-1286898495-1315859794-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={s earchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z017&form=ZGAPHP"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrea\AppData\Local\Google\Update\1.3.21 .69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrea\AppData\Local\Google\Update\1.3.21 .69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/30 12:54:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/12 23:28:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/06 21:12:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/13 19:51:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/30 12:54:08 | 000,000,000 | ---D | M]

[2011/08/30 11:31:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Extensions
[2011/10/02 00:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Pr ofiles\wgsvwugj.default\extensions
[2011/09/23 14:17:13 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Pr ofiles\wgsvwugj.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2011/09/02 22:13:23 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Pr ofiles\wgsvwugj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/05 22:04:44 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Pr ofiles\wgsvwugj.default\extensions\searchtoolbar@z ugo.com
[2011/09/06 00:42:42 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Pr ofiles\wgsvwugj.default\extensions\SkipScreen@Skip Screen
[2011/09/06 00:42:43 | 000,001,919 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Pr ofiles\wgsvwugj.default\searchplugins\bing-zugo.xml
[2011/08/29 17:50:32 | 000,000,925 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Pr ofiles\wgsvwugj.default\searchplugins\conduit.xml
[2011/08/31 23:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/31 23:12:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/12 23:28:43 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\WGSVWUGJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\WGSVWUGJ.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIP SCREEN.XPI
[2011/08/29 1936 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/06 21:12:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/13 16:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/08/31 23:12:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/13 16:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/06 21:12:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========


O1 HOSTS File: ([2011/10/13 20:18:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\prxtbCoup.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\prxtbCoup.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-2158732446-1286898495-1315859794-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2158732446-1286898495-1315859794-1000..\Run: [MusicManager] C:\Users\Andrea\AppData\Local\Programs\Google\Musi cManager\MusicManager.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2158732446-1286898495-1315859794-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2158732446-1286898495-1315859794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{4F8CC207-7B55-435E-B2AE-C5D37FBBF25F}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/13 21:59:41 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe
[2011/10/13 20:28:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/13 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\temp
[2011/10/13 20:04:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/13 20:04:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/13 20:04:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/13 20:04:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/13 20:04:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/13 19:40:57 | 004,259,790 | R--- | C] (Swearware) -- C:\Users\Andrea\Desktop\ComboFix.exe
[2011/10/13 01:39:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Andrea\Desktop\dds.scr
[2011/10/13 01:27:51 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Andrea\Desktop\aswMBR.exe
[2011/09/19 19:10:17 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\My Scans
[2011/09/19 19:07:19 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\HP
[2011/09/18 21:53:09 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Music Manager
[2011/09/18 21:53:02 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Programs

========== Files - Modified Within 30 Days ==========

[2011/10/13 21:59:47 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe
[2011/10/13 21:57:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158732446-1286898495-1315859794-1000UA.job
[2011/10/13 21:57:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158732446-1286898495-1315859794-1000Core.job
[2011/10/13 21:33:57 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/13 21:33:57 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/13 20:18:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/13 19:41:12 | 004,259,790 | R--- | M] (Swearware) -- C:\Users\Andrea\Desktop\ComboFix.exe
[2011/10/13 19:35:13 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/13 19:35:13 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/13 19:33:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/13 10:53:55 | 2134,990,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/13 01:39:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Andrea\Desktop\dds.scr
[2011/10/13 01:39:27 | 000,000,512 | ---- | M] () -- C:\Users\Andrea\Desktop\MBR.dat
[2011/10/13 01:28:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Andrea\Desktop\aswMBR.exe
[2011/10/13 00:10:44 | 000,302,592 | ---- | M] () -- C:\Users\Andrea\Desktop\e5t3oc6s.exe
[2011/10/12 23:58:03 | 000,001,693 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/12 23:28:44 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/10/11 23:38:53 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/11 23:33:33 | 000,372,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/11 22:45:09 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/10/11 22:40:07 | 147,090,216 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/09 11:39:43 | 000,061,952 | ---- | M] () -- C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/03 17:46:48 | 000,001,356 | ---- | M] () -- C:\Users\Andrea\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/10/13 20:04:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/13 20:04:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/13 20:04:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/13 20:04:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/13 20:04:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/13 01:39:27 | 000,000,512 | ---- | C] () -- C:\Users\Andrea\Desktop\MBR.dat
[2011/10/13 00:10:38 | 000,302,592 | ---- | C] () -- C:\Users\Andrea\Desktop\e5t3oc6s.exe
[2011/09/18 21:52:47 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158732446-1286898495-1315859794-1000UA.job
[2011/09/18 21:52:43 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158732446-1286898495-1315859794-1000Core.job
[2011/08/31 23:15:03 | 000,061,952 | ---- | C] () -- C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/31 0147 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011/08/31 01:01:53 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011/08/30 12:43:55 | 000,208,180 | ---- | C] () -- C:\Windows\hpoins43.dat
[2011/08/30 12:43:55 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2011/08/29 22:54:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.b in
[2011/08/29 22:38:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/29 22:38:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/08/29 15:03:00 | 000,001,693 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/08/29 13:09:29 | 000,001,356 | ---- | C] () -- C:\Users\Andrea\AppData\Local\d3d9caps.dat
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,372,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2001/11/14 1200 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/09/04 17:12:48 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ImgBurn
[2011/08/31 01:01:45 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\iolo
[2011/08/31 23:32:44 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\TiVo
[2011/08/31 11:46:34 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\tmp
[2011/10/12 23:58:01 | 000,015,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/08/29 15:58:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/10/13 20:28:06 | 000,020,352 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/10/13 10:53:55 | 2134,990,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/13 10:53:52 | 2450,845,696 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/08/29 23:42:50 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/04/16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp70v .dll
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.d ll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/09/06 15:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011/08/29 2155 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/08/31 2349 | 000,000,286 | -HS- | M] () -- C:\Users\Andrea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/10/13 01:28:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Andrea\Desktop\aswMBR.exe
[2011/10/13 19:41:12 | 004,259,790 | R--- | M] (Swearware) -- C:\Users\Andrea\Desktop\ComboFix.exe
[2011/08/31 12:00:02 | 001,284,008 | ---- | M] (Coupons.com Incorporated) -- C:\Users\Andrea\Desktop\CouponPrinter.exe
[2011/10/13 00:10:44 | 000,302,592 | ---- | M] () -- C:\Users\Andrea\Desktop\e5t3oc6s.exe
[2011/10/13 21:59:47 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe
[2011/09/13 16:05:31 | 006,284,664 | ---- | M] (Microsoft Corporation) -- C:\Users\Andrea\Desktop\Silverlight.exe
[2011/09/04 23:26:28 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\TFC.exe
[2011/09/05 21:55:41 | 001,448,993 | ---- | M] () -- C:\Users\Andrea\Desktop\wrar401.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/08/31 00:23:04 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/08/31 00:22:34 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/08/31 00:22:34 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/08/31 00:22:34 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/08/31 00:22:33 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/08/31 00:22:34 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/08/29 13:09:43 | 000,000,402 | -HS- | M] () -- C:\Users\Andrea\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/08/30 13:02:25 | 000,001,277 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

OTL Extras logfile created on: 10/13/2011 10:02:34 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Andrea\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.73% Memory free
4.21 Gb Paging File | 2.89 Gb Available in Paging File | 68.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.49 Gb Total Space | 83.92 Gb Free Space | 61.49% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.24 Gb Free Space | 32.36% Space Free | Partition Type: NTFS

Computer Name: ANDREA-PC | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2158732446-1286898495-1315859794-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{4C8CAC8E-DCA5-4999-8A30-F9926139115B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{7E69C572-5A34-4357-8833-47A0108C1A6B}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{06EB33C6-BEA8-45CC-9C56-2CE3B5A9079B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{13AAF542-9D55-4611-A618-FBA34F91EC7F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{1978D3FB-7851-4590-85D0-2BD32B6A479C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{19FD266E-44BD-4955-A260-003852ADE9A4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{36000FB3-980D-4038-822F-E80328C9F3BE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{3C07BF5A-8551-49E7-986E-365232011274}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{5E4251B8-595C-4578-A059-50161E32964B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{655E5EC1-7E25-4B4D-94F6-E1F1E2D149DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{6A655446-078B-413C-9776-1B37502DB30E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{70AF79D4-0661-4858-9EF4-20D0372EDC11}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{74578A48-B390-47D9-AAFA-C774F190048C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8019600C-B465-418F-8A46-4185C156E7E0}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{83AA527C-02E4-4F62-8E58-ACCD5064C5DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{ABC80AE9-D5F6-48A2-944F-24529E00E8F8}" = dir=in | app=c:\users\andrea\appdata\local\temp\7zs711e\set up\hpznui01.exe |
"{B3CFF157-7496-41A9-A578-C1A513854C2C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B78F704F-D550-4350-A3B2-6DEA15B8627D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D9D5B108-B0E2-4B44-AC85-AC344414BE34}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{E129D635-A4FF-42C6-85C0-546374B5FAE6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{E5A8DDB2-9BC3-4EAF-A3FE-CE58BCB0CA52}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{F64D4297-D3AC-484E-A121-3A91C13F388A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FDB0E2AF-FB14-4A61-A580-B2D1EA917EDF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"TCP Query User{DFB5C094-BA5D-4566-AE06-0EAA9AB3E30D}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{42D8DD3A-D4C5-443D-9EA0-996AF197EE3D}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"avast" = avast! Free Antivirus
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.0.1.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F10 00F" = Conexant HDA D330 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Coupons.com Toolbar" = Coupons.com Toolbar
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ImgBurn" = ImgBurn
"InstallShield_{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Office14.SingleImage" = Microsoft Office Professional 2010
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2158732446-1286898495-1315859794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"MusicManager" = Music Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2011 2:43:44 AM | Computer Name = Andrea-PC | Source = Application Error | ID = 1000
Description = Faulting application MBR.DAT, version 0.0.0.0, time stamp 0x4cd6dda5,
faulting module MBR.DAT, version 0.0.0.0, time stamp 0x4cd6dda5, exception code
0xc0000005, fault offset 0x000392ac, process id 0x1340, application start time 0x01cc897373a40174.

Error - 10/13/2011 2:43:54 AM | Computer Name = Andrea-PC | Source = Application Error | ID = 1000
Description = Faulting application MBR.DAT, version 0.0.0.0, time stamp 0x4cd6dda5,
faulting module MBR.DAT, version 0.0.0.0, time stamp 0x4cd6dda5, exception code
0xc0000005, fault offset 0x000392ac, process id 0x1758, application start time 0x01cc897379b336d4.

Error - 10/13/2011 1:46:10 PM | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/13/2011 1:46:18 PM | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/13/2011 1:46:18 PM | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/13/2011 1:46:19 PM | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/13/2011 1:46:29 PM | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/13/2011 1:49:35 PM | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/13/2011 1:49:36 PM | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/13/2011 1:49:36 PM | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 10/13/2011 12:31:30 AM | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/13/2011 12:34:10 AM | Computer Name = Andrea-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume3.

Error - 10/13/2011 1:07:22 AM | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/13/2011 11:54:00 AM | Computer Name = Andrea-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:10:42 AM on 10/13/2011 was unexpected.

Error - 10/13/2011 11:55:09 AM | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/13/2011 1:24:01 PM | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 10/13/2011 9:05:28 PM | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/13/2011 9:06:38 PM | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 10/13/2011 9:10:58 PM | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 10/13/2011 9:18:12 PM | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >

Perfectly clean

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 27
Out of date Java installed!
Adobe Flash Player 10.3.183.10
Adobe Reader X (10.1.1)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Windows Defender MSASCui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````