something is wrong

  1. 30-01-2012  #1
    Mister
    Mister is offline Full Member

    something is wrong

    Mmmm suddenly computer seems to be running slow. Then I get disk errors when I back up - making me suspicious that something is not right.

    Mbam says Trojan.FakeMS, so here are my logs.

    Incidentally, aswmbr.exe crashed and robooted the computer twice, so I ran it in safe mode...hope this is ok ?

    Everything else ran OK.

    Does it look like there is anything else ?


    Malwarebytes Anti-Malware 1.60.0.1800
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: v2012.01.29.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Pw :: PETERMAIN [administrator]

    29/01/2012 8:49:17 PM
    mbam-log-2012-01-29 (20-49-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 285489
    Time elapsed: 17 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\WINDOWS\SYSTEM32\888113.QFE (Trojan.FakeMS) -> Quarantined and deleted successfully.

    (end)
  2. 30-01-2012  #2
    Mister
    Mister is offline Full Member
    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit scan 2012-01-30 07:01:44
    Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-1b ST3250820AS rev.3.AAE
    Running: i3ek6vhu.exe; Driver: C:\DOCUME~1\Pw\LOCALS~1\Temp\pxriqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA6542FC4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA69A7510]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA65666A9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA6545456]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA65454AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA65455C4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA656605D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA65453AC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA65454FE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA6545400]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA6545572]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA6542FE8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA6566D6F]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA6567025]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA6545848]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA6566BDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA6566A45]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA69A75C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA6542DB2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA654300C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA65459BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA6543AA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA6545486]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA65454D6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA65455EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA65663B9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA65453D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA6545680]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA654553E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA654542E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA6545764]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA654559C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA69A7658]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA65668C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA654396A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA6566712]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA69AF9E6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA65656D0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA6543030]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA6543054]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA6542E0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA6542F48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA6566E76]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA6542F24]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA6542F6C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA6543078]

    INT 0x63 ? 89DD5E90
    INT 0x73 ? 8A72ABF8
    INT 0x73 ? 8A72ABF8
    INT 0x73 ? 89DD5E90
    INT 0x73 ? 89DD5E90
    INT 0x73 ? 8A72ABF8
    INT 0x84 ? 89DD5E90
    INT 0xA4 ? 8A72ABF8
    INT 0xA4 ? 8A72ABF8
    INT 0xA4 ? 8A72ABF8
    INT 0xA4 ? 8A72ABF8
    INT 0xA4 ? 89DD5E90
    INT 0xA4 ? 8A72ABF8

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA69BB7A2]
    Code A5645C9C ZwRequestPort
    Code A5645D3C ZwRequestWaitReplyPort
    Code A5645BFC ZwTraceEvent
    Code \WINDOWS\system32\ntkrnlpa.exe[PAGEVRFY] [80659088] pIofCallDriver
    Code \WINDOWS\system32\ntkrnlpa.exe[PAGEVRFY] [8065971E] pIofCompleteRequest
    Code A5645C9B NtRequestPort
    Code A5645D3B NtRequestWaitReplyPort
    Code A5645BFB NtTraceEvent
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2CD8 80504574 4 Bytes CALL D0F699A8
    .text ntkrnlpa.exe!ZwCallbackReturn + 2F31 805047CD 7 Bytes [30, 54, A6, 54, 30, 54, A6]
    .text ntkrnlpa.exe!NtTraceEvent 80535156 5 Bytes JMP A5645C00
    PAGE ntkrnlpa.exe!NtRequestPort 805A2A4A 5 Bytes JMP A5645CA0
    PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A2D76 5 Bytes JMP A5645D40
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 2 Bytes CALL A654400F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EF 805A64AB 1 Byte [25]
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A69B869C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A69BA15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP A69BB7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ? jpyut.sys The system cannot find the file specified. !
    ? spon.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload B8BDA8AC 5 Bytes JMP 89DD5470
    .text win32k.sys!EngAcquireSemaphore + 20F0 BF808304 5 Bytes JMP A5645480
    .text win32k.sys!EngFreeUserMem + 5BD7 BF80EE90 5 Bytes JMP A56453E0
    .text win32k.sys!EngSetLastError + 79A8 BF8242D4 5 Bytes JMP A56455C0
    .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85198B 5 Bytes JMP A5645A20
    .text win32k.sys!XLATEOBJ_iXlate + 2EDD BF85DE70 5 Bytes JMP A5645520
    .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E514 5 Bytes JMP A6545DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E59F 5 Bytes JMP A6545FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 88 BF85F812 5 Bytes JMP A56458E0
    .text win32k.sys!EngGetCurrentCodePage + 4128 BF873F30 5 Bytes JMP A6545F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 1409 BF89A1BD 5 Bytes JMP A5645700
    .text win32k.sys!EngCopyBits + 4DEC BF89DBA0 5 Bytes JMP A5645660
    .text win32k.sys!EngEraseSurface + A9F7 BF8C2130 5 Bytes JMP A56457A0
    .text win32k.sys!EngFillPath + 1517 BF8CA592 5 Bytes JMP A6545D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CA812 5 Bytes JMP A6545D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC297 5 Bytes JMP A5645980
    .text win32k.sys!EngCreateClip + 19DF BF91348A 5 Bytes JMP A5645AC0
    .text win32k.sys!EngCreateClip + 1F6F BF913A1A 5 Bytes JMP A5645B60
    .text win32k.sys!EngCreateClip + 25B3 BF91405E 5 Bytes JMP A5645840
    .text win32k.sys!EngCreateClip + 4F2C BF9169D7 5 Bytes JMP A65460D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe[300] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\svchost.exe[488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[700] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[716] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\System32\smss.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[760] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\csrss.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[788] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
    .text C:\WINDOWS\system32\winlogon.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
    .text C:\WINDOWS\system32\winlogon.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\services.exe[856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\services.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\services.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\services.exe[856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\services.exe[856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\lsass.exe[868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\lsass.exe[868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\lsass.exe[868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\Program Files\Sandboxie\SbieSvc.exe[1152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[1172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[1172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\ctfmon.exe[1408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\ctfmon.exe[1408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[1408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\ctfmon.exe[1408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[1408] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\ctfmon.exe[1408] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\ctfmon.exe[1408] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\ctfmon.exe[1408] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\ctfmon.exe[1408] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\ctfmon.exe[1408] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\ctfmon.exe[1408] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\ctfmon.exe[1408] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\ctfmon.exe[1408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\ctfmon.exe[1408] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\ctfmon.exe[1408] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\ctfmon.exe[1408] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\ctfmon.exe[1408] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\program files\real\realplayer\update\realsched.exe[1428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\program files\real\realplayer\update\realsched.exe[1428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\program files\real\realplayer\update\realsched.exe[1428] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\program files\real\realplayer\update\realsched.exe[1428] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\program files\real\realplayer\update\realsched.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\program files\real\realplayer\update\realsched.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\program files\real\realplayer\update\realsched.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\program files\real\realplayer\update\realsched.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\program files\real\realplayer\update\realsched.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\program files\real\realplayer\update\realsched.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\program files\real\realplayer\update\realsched.exe[1428] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\program files\real\realplayer\update\realsched.exe[1428] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\program files\real\realplayer\update\realsched.exe[1428] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\program files\real\realplayer\update\realsched.exe[1428] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\program files\real\realplayer\update\realsched.exe[1428] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\program files\real\realplayer\update\realsched.exe[1428] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\program files\real\realplayer\update\realsched.exe[1428] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\program files\real\realplayer\update\realsched.exe[1428] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1520] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1520] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe[1540] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[1644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe[1792] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe[2092] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe[2100] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[2220] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2244] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\alg.exe[2320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\alg.exe[2320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\alg.exe[2320] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\alg.exe[2320] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\alg.exe[2320] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\alg.exe[2320] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\alg.exe[2320] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\System32\alg.exe[2320] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\alg.exe[2320] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\alg.exe[2320] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\System32\alg.exe[2320] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\System32\alg.exe[2320] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[2320] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[2320] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Creative\Shared Files\CamTray.exe[2332] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\RTHDCPL.EXE[2344] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\WINDOWS\RTHDCPL.EXE[2344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\RTHDCPL.EXE[2344] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\WINDOWS\RTHDCPL.EXE[2344] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\RTHDCPL.EXE[2344] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\WINDOWS\RTHDCPL.EXE[2344] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\WINDOWS\RTHDCPL.EXE[2344] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\WINDOWS\RTHDCPL.EXE[2344] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\WINDOWS\RTHDCPL.EXE[2344] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\WINDOWS\RTHDCPL.EXE[2344] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\WINDOWS\RTHDCPL.EXE[2344] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\WINDOWS\RTHDCPL.EXE[2344] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\WINDOWS\RTHDCPL.EXE[2344] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\RTHDCPL.EXE[2344] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\RTHDCPL.EXE[2344] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\RTHDCPL.EXE[2344] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\RTHDCPL.EXE[2344] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\VTTimer.exe[2368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\WINDOWS\system32\VTTimer.exe[2368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\VTTimer.exe[2368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\WINDOWS\system32\VTTimer.exe[2368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\VTTimer.exe[2368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\VTTimer.exe[2368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\VTTimer.exe[2368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\VTTimer.exe[2368] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\VTTimer.exe[2368] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\VTTimer.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\WINDOWS\system32\VTTimer.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\VTTimer.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\VTTimer.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\VTTimer.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\VTTimer.exe[2368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\VTTimer.exe[2368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\VTTimer.exe[2368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2404] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
  3. 30-01-2012  #3
    Mister
    Mister is offline Full Member
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\IDrive\IDriveE Service.exe[2436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2448] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\igfxpers.exe[2576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\WINDOWS\system32\igfxpers.exe[2576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\igfxpers.exe[2576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\WINDOWS\system32\igfxpers.exe[2576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\igfxpers.exe[2576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\igfxpers.exe[2576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\igfxpers.exe[2576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\igfxpers.exe[2576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\igfxpers.exe[2576] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\igfxpers.exe[2576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\WINDOWS\system32\igfxpers.exe[2576] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\WINDOWS\system32\igfxpers.exe[2576] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\WINDOWS\system32\igfxpers.exe[2576] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\WINDOWS\system32\igfxpers.exe[2576] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\WINDOWS\system32\igfxpers.exe[2576] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\WINDOWS\system32\igfxpers.exe[2576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\igfxpers.exe[2576] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\igfxsrvc.exe[2608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\Explorer.EXE[2652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\Explorer.EXE[2652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[2652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\Explorer.EXE[2652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[2652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\Explorer.EXE[2652] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\Explorer.EXE[2652] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\Explorer.EXE[2652] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\Explorer.EXE[2652] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\Explorer.EXE[2652] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[2652] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[2652] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\Explorer.EXE[2652] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\Explorer.EXE[2652] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\Explorer.EXE[2652] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\Explorer.EXE[2652] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\Explorer.EXE[2652] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2692] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000C01F8
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000C03FC
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] ADVAPI32.DLL!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00321014
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] ADVAPI32.DLL!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00320804
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] ADVAPI32.DLL!ChangeServiceConfigW 77E37001 5 Bytes JMP 00320A08
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] ADVAPI32.DLL!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00320C0C
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] ADVAPI32.DLL!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00320E10
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] ADVAPI32.DLL!CreateServiceA 77E37211 5 Bytes JMP 003201F8
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] ADVAPI32.DLL!CreateServiceW 77E373A9 5 Bytes JMP 003203FC
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] ADVAPI32.DLL!DeleteService 77E374B1 5 Bytes JMP 00320600
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] USER32.DLL!SetWindowsHookExW 7E42820F 5 Bytes JMP 00330804
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] USER32.DLL!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00330A08
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] USER32.DLL!SetWindowsHookExA 7E431211 5 Bytes JMP 00330600
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] USER32.DLL!SetWinEventHook 7E4317F7 5 Bytes JMP 003301F8
    .text C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe[2708] USER32.DLL!UnhookWinEvent 7E4318AC 5 Bytes JMP 003303FC
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00331014
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00330804
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00330A08
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00330C0C
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00330E10
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003301F8
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003303FC
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00330600
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00340804
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00340A08
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00340600
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003401F8
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003403FC
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe[2776] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\igfxtray.exe[2844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\WINDOWS\system32\igfxtray.exe[2844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\igfxtray.exe[2844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\WINDOWS\system32\igfxtray.exe[2844] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\igfxtray.exe[2844] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\WINDOWS\system32\igfxtray.exe[2844] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\WINDOWS\system32\igfxtray.exe[2844] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\WINDOWS\system32\igfxtray.exe[2844] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\WINDOWS\system32\igfxtray.exe[2844] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\igfxtray.exe[2844] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
    .text C:\WINDOWS\system32\igfxtray.exe[2844] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
    .text C:\WINDOWS\system32\igfxtray.exe[2844] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
    .text C:\WINDOWS\system32\igfxtray.exe[2844] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
    .text C:\WINDOWS\system32\igfxtray.exe[2844] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
    .text C:\WINDOWS\system32\igfxtray.exe[2844] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
    .text C:\WINDOWS\system32\igfxtray.exe[2844] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
    .text C:\WINDOWS\system32\igfxtray.exe[2844] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
    .text C:\WINDOWS\system32\hkcmd.exe[2852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\WINDOWS\system32\hkcmd.exe[2852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\hkcmd.exe[2852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\WINDOWS\system32\hkcmd.exe[2852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\hkcmd.exe[2852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\WINDOWS\system32\hkcmd.exe[2852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\WINDOWS\system32\hkcmd.exe[2852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\WINDOWS\system32\hkcmd.exe[2852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\WINDOWS\system32\hkcmd.exe[2852] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\hkcmd.exe[2852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
    .text C:\WINDOWS\system32\hkcmd.exe[2852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
    .text C:\WINDOWS\system32\hkcmd.exe[2852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
    .text C:\WINDOWS\system32\hkcmd.exe[2852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
    .text C:\WINDOWS\system32\hkcmd.exe[2852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
    .text C:\WINDOWS\system32\hkcmd.exe[2852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
    .text C:\WINDOWS\system32\hkcmd.exe[2852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
    .text C:\WINDOWS\system32\hkcmd.exe[2852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
    .text C:\WINDOWS\system32\r3proxy.exe[2896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\WINDOWS\system32\r3proxy.exe[2896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\r3proxy.exe[2896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\WINDOWS\system32\r3proxy.exe[2896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\r3proxy.exe[2896] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\r3proxy.exe[2896] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\r3proxy.exe[2896] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\r3proxy.exe[2896] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\r3proxy.exe[2896] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\r3proxy.exe[2896] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\WINDOWS\system32\r3proxy.exe[2896] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\r3proxy.exe[2896] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\r3proxy.exe[2896] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\r3proxy.exe[2896] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\r3proxy.exe[2896] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\r3proxy.exe[2896] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\r3proxy.exe[2896] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2916] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\taskswitch.exe[3028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\taskswitch.exe[3028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\taskswitch.exe[3028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\taskswitch.exe[3028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\taskswitch.exe[3028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\taskswitch.exe[3028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\taskswitch.exe[3028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\taskswitch.exe[3028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\taskswitch.exe[3028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\taskswitch.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
    .text C:\WINDOWS\system32\taskswitch.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
    .text C:\WINDOWS\system32\taskswitch.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
    .text C:\WINDOWS\system32\taskswitch.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
    .text C:\WINDOWS\system32\taskswitch.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
    .text C:\WINDOWS\system32\taskswitch.exe[3028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
    .text C:\WINDOWS\system32\taskswitch.exe[3028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
    .text C:\WINDOWS\system32\taskswitch.exe[3028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe[3036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\IDrive\IDrivePlugin.exe[3096] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3196] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Nero\Update\NASvc.exe[3216] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3308] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
    .text C:\Program Files\Sandboxie\SbieCtrl.exe[3348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3424] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3424] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3424] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3424] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3424] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3424] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00320804
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320A08
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00320600
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003201F8
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003203FC
    .text C:\WINDOWS\system32\svchost.exe[3508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[3508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[3508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[3508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[3508] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[3508] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[3508] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[3508] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[3508] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[3508] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[3508] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[3508] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[3508] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[3508] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[3508] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[3508] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 01121B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00320804
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320A08
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00320600
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003201F8
    .text C:\WINDOWS\system32\SearchIndexer.exe[3612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003203FC
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\iPod\bin\iPodService.exe[3788] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[3852] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000B01F8
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000B03FC
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3948] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[3980] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\system32\wuauclt.exe[4044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\wuauclt.exe[4044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[4044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\wuauclt.exe[4044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[4044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\wuauclt.exe[4044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\wuauclt.exe[4044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\wuauclt.exe[4044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\wuauclt.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\wuauclt.exe[4044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wuauclt.exe[4044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\wuauclt.exe[4044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wuauclt.exe[4044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\wuauclt.exe[4044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\wuauclt.exe[4044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\wuauclt.exe[4044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\wuauclt.exe[4044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[4084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE[4332] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE[4340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[4360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Documents and Settings\Pw\Desktop\i3ek6vhu.exe[4476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Pw\Desktop\i3ek6vhu.exe[4476] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\PopTray\PopTray.exe[4504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\PopTray\PopTray.exe[4504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\PopTray\PopTray.exe[4504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\PopTray\PopTray.exe[4504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\PopTray\PopTray.exe[4504] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\PopTray\PopTray.exe[4504] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\PopTray\PopTray.exe[4504] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\PopTray\PopTray.exe[4504] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\PopTray\PopTray.exe[4504] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\PopTray\PopTray.exe[4504] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\PopTray\PopTray.exe[4504] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\PopTray\PopTray.exe[4504] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\PopTray\PopTray.exe[4504] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\PopTray\PopTray.exe[4504] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\PopTray\PopTray.exe[4504] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\PopTray\PopTray.exe[4504] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\PopTray\PopTray.exe[4504] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\Secunia\PSI\psi.exe[4588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\IDrive\IDriveETray.exe[4832] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\IDrive\IDriveEBackground.exe[4892] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\Documents and Settings\Pw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  4. 30-01-2012  #4
    Mister
    Mister is offline Full Member
    Just realised gmer log is 446kb, and the limit on file size is under 100k. I have been having trouble posting the text directly. Instead I have zipped it to conform to the upload file size and attached. Sorry for the inconvenience for this gmer log, its really long....

    Here is the rest of the logs



    ***************************







    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-30 11:22:02
    -----------------------------
    11:22:02.453 OS Version: Windows 5.1.2600 Service Pack 3
    11:22:02.453 Number of processors: 2 586 0xF0B
    11:22:02.453 ComputerName: PETERMAIN UserName: Pw
    11:22:16.359 Initialize success
    11:22:17.750 AVAST engine defs: 12012900
    11:23:26.218 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    11:23:26.218 Disk 0 Vendor: Maxtor_6B200P0 BAH41G10 Size: 194481MB BusType: 3
    11:23:26.234 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-1b
    11:23:26.250 Disk 1 Vendor: ST3250820AS 3.AAE Size: 238475MB BusType: 3
    11:23:26.265 Disk 1 MBR read successfully
    11:23:26.281 Disk 1 MBR scan
    11:23:27.453 Disk 1 Windows XP default MBR code
    11:23:27.468 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 124982 MB offset 63
    11:23:28.375 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 113490 MB offset 255963645
    11:23:28.421 Disk 1 scanning sectors +488392065
    11:23:29.109 Disk 1 scanning C:\WINDOWS\system32\drivers
    11:24:03.359 Service scanning
    11:24:08.109 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
    11:24:09.515 Modules scanning
    11:24:25.781 Disk 1 trace - called modules:
    11:24:25.828 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    11:24:25.859 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a848ab8]
    11:24:25.875 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000083[0x8a7e8390]
    11:24:25.906 5 ACPI.sys[f74a3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-1b[0x8a82ad98]
    11:24:39.687 AVAST engine scan C:\WINDOWS
    11:25:10.171 AVAST engine scan C:\WINDOWS\system32
    11:37:32.640 AVAST engine scan C:\WINDOWS\system32\drivers
    11:39:58.796 AVAST engine scan C:\Documents and Settings\Pw
    12:15:49.093 AVAST engine scan C:\Documents and Settings\All Users
    12:29:32.156 Scan finished successfully
    13:07:48.593 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Pw\Desktop\Virus scans\MBR.dat"
    13:07:48.609 The log file has been saved successfully to "C:\Documents and Settings\Pw\Desktop\Virus scans\aswMBR.txt"




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 20/10/2011 11:33:17 PM
    System Uptime: 30/01/2012 1:08:55 PM (0 hours ago)
    .
    Motherboard: Intel Corporation | | DG33BU
    Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | J1PR | 2333/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 122 GiB total, 60.511 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 190 GiB total, 189.603 GiB free.
    F: is Removable
    G: is FIXED (NTFS) - 932 GiB total, 229.724 GiB free.
    H: is FIXED (NTFS) - 111 GiB total, 24.119 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP102: 8/01/2012 9:48:01 AM - System Checkpoint
    RP103: 8/01/2012 10:45:31 PM - Removed Microsoft IntelliPoint 5.5
    RP104: 9/01/2012 11:20:38 PM - System Checkpoint
    RP105: 9/01/2012 11:37:40 PM - Removed Creative WebCam Center
    RP106: 9/01/2012 11:38:00 PM - Configured Engine Installer
    RP107: 9/01/2012 11:51:43 PM - Installed Creative WebCam Center
    RP108: 9/01/2012 11:52:26 PM - Installed Engine Installer
    RP109: 10/01/2012 11:57:12 PM - System Checkpoint
    RP110: 12/01/2012 12:25:08 AM - System Checkpoint
    RP111: 13/01/2012 1:49:22 AM - System Checkpoint
    RP112: 14/01/2012 3:49:12 AM - System Checkpoint
    RP113: 15/01/2012 5:48:14 AM - System Checkpoint
    RP114: 16/01/2012 7:42:25 AM - System Checkpoint
    RP115: 16/01/2012 9:23:26 PM - Installed Solution Disk
    RP116: 16/01/2012 10:01:53 PM - Removed RemoteCapture Task
    RP117: 16/01/2012 10:02:45 PM - Removed RemoteCapture 2.7.5
    RP118: 16/01/2012 10:08:07 PM - Configured Canon Camera WIA Driver
    RP119: 17/01/2012 8:26:14 AM - Installed ScanSoft OmniPage SE 4
    RP120: 17/01/2012 8:28:40 AM - Installed PageManager
    RP121: 17/01/2012 8:30:57 AM - Installed Presto! PageManager PDF Writer
    RP122: 17/01/2012 8:31:37 AM - Printer Driver PageManager PDF Writer Installed
    RP123: 18/01/2012 8:51:27 AM - System Checkpoint
    RP124: 19/01/2012 10:31:54 AM - System Checkpoint
    RP125: 19/01/2012 5:03:00 PM - Installed Solution Disk
    RP126: 20/01/2012 5:11:58 PM - System Checkpoint
    RP127: 21/01/2012 6:37:55 PM - System Checkpoint
    RP128: 22/01/2012 7:16:57 PM - System Checkpoint
    RP129: 23/01/2012 7:39:51 PM - System Checkpoint
    RP130: 23/01/2012 9:35:27 PM - Configured Turbo Lister 2
    RP131: 23/01/2012 9:39:41 PM - Installed Turbo Lister 2.
    RP132: 24/01/2012 10:15:51 PM - System Checkpoint
    RP133: 25/01/2012 11:48:57 PM - System Checkpoint
    RP134: 27/01/2012 1:15:27 AM - System Checkpoint
    RP135: 27/01/2012 5:20:35 PM - Installed EasyBluePrint.
    RP136: 28/01/2012 5:30:56 PM - Installed ActiveState Komodo Edit 6.1.3
    RP137: 29/01/2012 5:57:22 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    µTorrent
    7-Zip 9.20
    ABBYY FineReader 6.0 Sprint
    AceFTP 3 Freeware
    Active@ ISO Burner
    ActiveState Komodo Edit 6.1.3
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Common File Installer
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Download Assistant
    Adobe Dreamweaver CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe GoLive CS (ENG)
    Adobe Help Center 1.0
    Adobe Help Viewer CS3
    Adobe Illustrator CS
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS2
    Adobe Reader for Palm OS, 3.05
    Adobe Reader X (10.1.2)
    Adobe Setup
    Adobe Shockwave Player 11.6
    Adobe SING CS3
    Adobe Stock Photos 1.0
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Advanced Outlook Express Repair v2.1
    AgentOffice
    AgentOffice 8.0
    Alt-Tab Task Switcher Powertoy for Windows XP
    AMIDiag For Windows
    Analog Factory Demo 1.2
    Any Video Converter 3.2.5
    APP Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoStudio 5.5
    ASUS Probe V2.12.09
    Audacity 1.2.6
    AUSkey software 1.4.0.3
    Auslogics Disk Defrag
    Auslogics Duplicate File Finder
    AutoSiteGallery
    avast! Free Antivirus
    AxCrypt (Remove Only)
    Backgammon
    Belarc Advisor 7.2
    Bonjour
    Cabos
    CadStd
    Call of Duty(R) 2 Demo
    Camera Window
    Canon Camera Window for ZoomBrowser EX
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon LASER SHOT LBP-1120
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon MP Navigator EX 1.1
    Canon MX850 series
    Canon My Printer
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities File Viewer Utility 1.3
    Canon Utilities PhotoStitch 3.1
    Canon Utilities RemoteCapture 2.7
    Canon Utilities Solution Menu
    Canon Utilities ZoomBrowser EX
    CCleaner
    CD-LabelPrint
    ClearType Tuning Control Panel Applet
    Common-Use Signing Interface
    Corel Applications
    Creative WebCam Center
    Creative WebCam Live! Pro/Effects Driver (1.02.05.0506)
    CTIAPI32 (remove only)
    CtiLogC (remove only)
    DAL Scanner
    Descent 3 Demo
    Doom 3 (TM) Demo
    Dream Station
    DriverMax 5
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    EASEUS Partition Master 6.0.1 Home Edition
    EASEUS Todo Backup Free 2.5.1
    Easy Plan Pro version 1.1.23.7
    EasyBluePrint
    eBay Toolbar
    ERUNT 1.1j
    ESET Online Scanner v3
    Express Thumbnail Creator 1.81
    File Viewer Utility 1.3.2
    Free Convert All Video Converter Diamond 6.1
    Free Download Manager 3.8
    Free RAR Extract Frog
    Free Registry Defrag
    FriendFinder Messenger v4.1
    FruityLoops v3.0.1
    Glary Utilities 2.41.0.1358
    Google Chrome
    Google Earth
    Google SketchUp 6
    Google SketchUp Pro 8
    Google Update Helper
    GoToMeeting 4.8.0.723
    High-Definition Video Playback
    High Definition Audio Driver Package - KB888111
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    HTML Executable HTML Viewer Runtime
    HTML Slideshow Powertoy for Windows XP
    HWiNFO32 Version 3.92
    IDrive version 3.4.1 July 27, 2011
    Image Resizer Powertoy for Windows XP
    ImgBurn
    inSSIDer 2.0
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Network Connections 15.1.29.0
    Intellisync for FNF 2.6
    Internet Explorer Q903235
    InterVideo MediaOne Gallery
    InterVideo WinDVD
    ISO Recorder
    IsoBuster 2.3
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 8
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java(TM) 6 Update 29
    Java(TM) 6 Update 7
    Jupiter-8V Demo 1.0
    jv16 PowerTools 2010
    K-Lite Codec Pack 4.0.0 (Full)
    Karaoke Sound Tools
    KoolMoves Demo
    Kyodai
    LAME v3.98.2 for Audacity
    LEADTOOLS ePrint
    LEADTOOLS ePrint 3.0
    Macromedia Extension Manager
    Macromedia Fireworks 8
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    Magical Jelly Bean KeyFinder
    Malwarebytes Anti-Malware version 1.60.0.1800
    Maxtor*MaxBlast
    Media Player Classic - Home Cinema v1.5.1.2903
    Metropix Plan Drawing
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Color Control Panel Applet for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Image Composite Editor
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Live Add-in 1.3
    Microsoft Office Live Meeting 2007
    Microsoft Office OneNote 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (RWLIVE)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Desktop Engine (RETSDATA)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XML Parser
    MixPad
    Motherboard Monitor 5
    Mozilla Firefox 9.0.1 (x86 en-GB)
    MSVCRT
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser
    Music MasterWorks v3.94
    MyVirtualHome
    Nero 11 Kwik Themes Basic
    Nero 8 Essentials
    Nero Audio Pack 1
    Nero Core Components 11
    Nero Kwik Media
    Nero Kwik Media Help (CHM)
    Nero Update
    nero.prerequisites.msi
    neroxml
    NirSoft BlueScreenView
    OneCare Advisor (Windows Live Toolbar)
    Optus Wireless Broadband
    Orbit Downloader
    Outlook Express Extraction
    Panda ActiveScan 2.0
    PDF Settings
    PDFCreator
    PerformanceTest v7.0
    PhotoStitch
    Photosynth 2.0110.0317.1042
    Picasa 3
    PictureProject
    PIXELA ImageMixer
    Platform
    Pocket Tanks 1.00b
    PopTray 2.1
    Popup Blocker (Windows Live Toolbar)
    Presto! PageManager 7.15.20
    PrintFolder 1.3
    ProSavage and Utilities
    pzizz
    Quake 3 Arena Demo
    Quake III Arena Point Release 1.32
    QuickTime
    RAW Image Task
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek AC'97 Audio
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    RealWorksLive
    ReBirth RB-338 2.01
    RemoteCapture 2.7.5
    RemoteCapture Task
    ReNamer
    S3 S3Chromo
    S3 S3Config3D
    S3 S3Display
    S3 S3Gamma2
    S3 S3Info2
    S3 S3Overlay
    S3 S3RefreshLock
    S3 S3TrayPlus
    S3GSetup
    Sandboxie 3.56 (32-bit)
    ScanSoft OmniPage SE 4
    Seagate Drive Settings Installer
    Seagate Manager Installer
    SeaTools for Windows
    Secunia PSI
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Shockwave
    Sibelius Scorch (Firefox, Opera, Netscape only)
    SiSoftware Sandra Lite 2011.SP5
    Smart Menus (Windows Live Toolbar)
    SmartDraw 2008
    Space Synthesizer 2.0
    SpeedFan (remove only)
    Spybot - Search & Destroy
    StationRipper 2.98.2
    Steinberg WaveLab v3.03d
    Storm 3.0 demo
    SUPERAntiSpyware
    Sweet Home 3D version 3.4
    System Requirements Lab for Intel
    Tabbed Browsing (Windows Live Toolbar)
    The Mobile Agent Demo
    The Power Over Money - Version 2.3
    Total Video Converter 3.71 100812
    TrueForms for AgentOffice
    Turbo Lister 2
    Tweak UI
    Ulead COOL 360 1.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    vanBasco's Karaoke Player
    VCRedistSetup
    VIA Platform Device Manager
    VIA Rhine-Family Fast-Ethernet Adapter
    VIA/S3G Display Driver
    ViewSonic Monitor Drivers
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WavePad Uninstall
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool
    Windows Installer Clean Up
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows Movie Maker 2.0
    Windows Resource Kit Tools
    Windows Support Tools
    Windows XP Service Pack 3
    Yahoo!7 Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30/01/2012 9:12:43 AM, error: System Error [1003] - Error code 000000c2, parameter1 00000040, parameter2 00000000, parameter3 80000000, parameter4 00000000.
    30/01/2012 11:18:19 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi BANTExt EUDSKACS FileDisk Fips HWiNFO32 intelppm mbmiodrvr pavboot SASDIFSV SASKUTIL sptd
    30/01/2012 10:18:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    30/01/2012 10:17:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi BANTExt EUDSKACS FileDisk Fips HWiNFO32 intelppm IPSec mbmiodrvr MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SASDIFSV SASKUTIL sptd Tcpip WS2IFSL
    30/01/2012 10:17:59 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    30/01/2012 10:17:59 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    30/01/2012 10:17:59 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    30/01/2012 10:17:59 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    30/01/2012 10:17:59 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    30/01/2012 10:17:59 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    30/01/2012 10:16:49 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
    30/01/2012 1:17:36 PM, error: System Error [1003] - Error code 1000000a, parameter1 8b058fb0, parameter2 00000002, parameter3 00000000, parameter4 804fc701.
    25/01/2012 2:18:48 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    25/01/2012 2:16:12 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort3.
    25/01/2012 2:15:27 PM, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
    24/01/2012 10:02:00 AM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:57 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:53 AM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:53 AM, error: Service Control Manager [7034] - The SQL Server (RWLIVE) service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:53 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:53 AM, error: Service Control Manager [7034] - The MSSQL$RETSDATA service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:53 AM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:53 AM, error: Service Control Manager [7034] - The @C:\Program Files\Nero\Update\NASvc.exe,-200 service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:52 AM, error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:52 AM, error: Service Control Manager [7034] - The Seagate Drive Settings Service service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:52 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:52 AM, error: Service Control Manager [7034] - The IDriveE Service service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:50 AM, error: Service Control Manager [7034] - The EASEUS Agent service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:49 AM, error: Service Control Manager [7034] - The Sandboxie Service service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:49 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:49 AM, error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
    24/01/2012 10:01:49 AM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    24/01/2012 10:01:49 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    23/01/2012 9:36:07 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    23/01/2012 10:59:01 PM, error: Print [6161] - The document TL owned by Pw failed to print on printer Canon MX850 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\PETERMAIN. Win32 error code returned by the print processor: 0 (0x0).
    23/01/2012 10:49:48 PM, error: Print [6161] - The document TL owned by Pw failed to print on printer Canon MX850 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\PETERMAIN. Win32 error code returned by the print processor: 126 (0x7e).
    .
    ==== End Of File ===========================



    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by Pw at 13:33:45 on 2012-01-30
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2020.889 [GMT 10:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Antivirus *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
    C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe
    C:\Program Files\IDrive\IDriveE Service.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CAP3RSK.EXE
    C:\Program Files\IDrive\IDrivePlugin.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\r3proxy.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
    C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\PopTray\PopTray.exe
    C:\Program Files\Secunia\PSI\psi.exe
    C:\Program Files\IDrive\IDriveETray.exe
    C:\Program Files\IDrive\IDriveEBackground.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\taskmgr.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.au/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - No File
    BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrow serrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
    uRun: [IMC] c:\program files\friendfinder\friendfinder messenger 4\imc.exe
    uRun: [IDriveE Startup] "c:\program files\idrive\IDrvieEStartup.exe" Hide
    uRun: [Google Update] "c:\documents and settings\pw\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [WinColorReminder] c:\program files\pro imaging powertoys\microsoft color control panel applet for windows xp\WinColorReminder.exe
    uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [VTTrayp] VTtrayp.exe
    mRun: [VTTimer] VTTimer.exe
    mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
    mRun: [mdac_runonce] c:\windows\system32\RUNONCE.EXE
    mRun: [LoadQM] loadqm.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Fellowes Proxy] c:\windows\system32\r3proxy.exe
    mRun: [eBayToolbar] c:\program files\ebay\ebay toolbar2\eBayTBDaemon.exe
    mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
    mRun: [CAP3ON] c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN .EXE
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
    mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon. exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    StartupFolder: c:\docume~1\pw\startm~1\programs\startup\idrive~1. lnk - c:\program files\idrive\IDriveEReg2ini.exe
    StartupFolder: c:\docume~1\pw\startm~1\programs\startup\poptra~1. lnk - c:\program files\poptray\PopTray.exe
    StartupFolder: c:\docume~1\pw\startm~1\programs\startup\secuni~1. lnk - c:\program files\secunia\psi\psi.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\can onl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK .EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ser vic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tas kma~1.lnk - c:\windows\taskman.exe
    uPolicies-explorer: <NO NAME> = 00000000
    dPolicies-explorer: <NO NAME> = 00000000
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: &Yahoo! Search
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
    IE: Open in new background tab - c:\program files\windows live toolbar\components\en-au\msntabres.dll.mui/229?80cab6f4468f4fd5b062c28282d447ed
    IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-au\msntabres.dll.mui/230?80cab6f4468f4fd5b062c28282d447ed
    IE: Yahoo! &Dictionary
    IE: Yahoo! &Maps
    IE: Yahoo! &SMS
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    Trusted Zone: secunia.com
    DPF: DirectAnimation Java Classes
    DPF: Internet Explorer Classes for Java
    DPF: Microsoft XML Parser for Java
    DPF: {00000045-9980-0010-8000-00AA00389B71}
    DPF: {00000161-0000-0010-8000-00AA00389B71}
    DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7}
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71}
    DPF: {41564D57-9980-0010-8000-00AA00389B71}
    DPF: {4E330863-6A11-11D0-BFD8-006097237877}
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
    DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C}
    DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F}
    DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
    DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F}
    DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
    DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B}
    DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE}
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{E09BB646-9718-4293-B9DF-D3BDA6B95308} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FBB421EA-EABE-4153-B724-05CD5677A7ED} : DhcpNameServer = 192.168.1.1
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
    mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /appe /caller:win9x /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
    mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
    mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /app:wab /caller:win9x /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
    mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubaku p.sys [2011-6-4 30600]
    R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMO N.sys [2011-6-4 35720]
    R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-6-4 20744]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [2010-8-6 28552]
    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 63352]
    R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2006-7-22 6097]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [2011-10-24 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-24 314456]
    R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\euds kacs.sys [2011-6-4 14216]
    R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2009-2-20 21624]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-18 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-30 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2011-10-24 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-24 44768]
    R2 EASEUS Agent;EASEUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2011-6-4 56200]
    R2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files\seagate\drivesettings\sync\SeagateDriveSetti ngsService.exe [2011-2-10 91432]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService .exe [2009-5-1 181544]
    R2 IDriveE Service;IDriveE Service;c:\program files\idrive\IDriveE Service.exe [2011-5-28 157128]
    R2 MSSQL$RETSDATA;MSSQL$RETSDATA;c:\program files\microsoft sql server\mssql$retsdata\binn\sqlservr.exe -sretsdata --> c:\program files\microsoft sql server\mssql$retsdata\binn\sqlservr.exe -sRETSDATA [?]
    R2 MSSQL$RWLIVE;SQL Server (RWLIVE);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
    R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2011-9-23 641832]
    R3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2011-6-4 187528]
    R3 FeMouWDM;Fellowes Mouse Driver;c:\windows\system32\drivers\FeMouWDM.sys [2011-7-10 11393]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-8 14904]
    R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-6-17 128272]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c98da1135dd59c;Google Update Service (gupdate1c98da1135dd59c);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [2011-10-21 1691480]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2011-1-28 17149]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-7-28 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-7-28 8456]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-3-23 112640]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
    S3 max128k;max128k;c:\windows\system32\drivers\max128 k.sys [2004-7-3 3840]
    S3 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\common files\maxtor\schedule2\schedul2.exe [2008-6-27 431384]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-1-29 18432]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011.sp5\RpcAgentSrv.exe [2011-10-23 93848]
    S3 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\maxtor\schedule2\schedul2.exe [2008-6-27 431384]
    S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2006-7-22 299923]
    S3 SQLAgent$RETSDATA;SQLAgent$RETSDATA;c:\program files\microsoft sql server\mssql$retsdata\binn\sqlagent.exe -i retsdata --> c:\program files\microsoft sql server\mssql$retsdata\binn\sqlagent.EXE -i RETSDATA [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2011-1-28 384608]
    .
    =============== Created Last 30 ================
    .
    2012-01-29 10:47:02 -------- d-----w- c:\documents and settings\pw\application data \Malwarebytes
    2012-01-29 01:54:34 -------- d-----w- c:\documents and settings\pw\application data \eBay
    2012-01-28 19:38:30 -------- d-----w- c:\documents and settings\pw\local settings\application data\ActiveState
    2012-01-28 07:31:44 -------- d-----w- c:\program files\ActiveState Komodo Edit 6
    2012-01-28 07:01:25 -------- d-----w- c:\documents and settings\pw\application data \com.adobe.downloadassistant.AdobeDownloadAssistan t
    2012-01-28 07:01:09 -------- d-----w- c:\program files\Adobe Download Assistant
    2012-01-28 04:30:01 -------- d-----w- c:\documents and settings\pw\application data \uTorrent
    2012-01-28 03:53:24 -------- d-----w- c:\documents and settings\pw\application data \RealWorksLive
    2012-01-28 03:53:00 14744 ----a-w- c:\documents and settings\pw\application data \microsoft\identitycrl\production\ppcrlconfig.dll
    2012-01-27 07:20:46 -------- d-----w- c:\documents and settings\pw\local settings\application data\Easy Blue Print
    2012-01-27 07:20:41 -------- d-----w- c:\program files\Easy Blue Print
    2012-01-26 00:24:50 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
    2012-01-26 0003 -------- d-----w- c:\program files\common files\xing shared
    2012-01-26 00:17:06 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
    2012-01-26 00:15:03 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
    2012-01-25 05:25:43 -------- d-sh--w- C:\found.000
    2012-01-23 03:27:28 -------- d-----w- c:\program files\Sweet Home 3D
    2012-01-22 23:00:03 -------- d-----w- c:\program files\iPod
    2012-01-17 00:48:25 -------- d-----w- c:\documents and settings\pw\local settings\application data\Scansoft
    2012-01-16 22:28:44 -------- d-----w- c:\windows\system32\Color
    2012-01-16 22:28:44 -------- d-----w- c:\program files\NewSoft
    2012-01-16 22:27:08 -------- d-----w- c:\program files\common files\ScanSoft Shared
    2012-01-16 22:26:33 -------- d-----w- c:\program files\ScanSoft
    2012-01-15 23:59:29 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
    2012-01-15 23:59:29 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
    2012-01-15 23:59:29 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
    2012-01-15 23:59:29 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
    2012-01-09 13:51:44 -------- d-----w- c:\program files\Creative
    2012-01-08 13:22:45 -------- d-----w- c:\windows\CtDrvInstall
    2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2012-01-26 00:12:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-01-26 00:12:58 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-01-20 21:30:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-07 13:00:51 1885464 ----a-w- c:\windows\system32\AutoPartNt.exe
    2011-12-10 05:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-04-11 04:38:22 731000 -c--a-w- c:\program files\autoruns.exe
    2011-04-11 04:38:18 595320 -c--a-w- c:\program files\autorunsc.exe
    2004-01-29 08:11:26 2211840 -c--a-w- c:\program files\SpaceSynthesizer.dll
    2003-05-05 12:10:42 1113600 -c--a-w- c:\program files\brewlog.exe
    .
    ============= FINISH: 13:37:10.81 ===============
    Attached Files
  5. 31-01-2012  #5
    broni
    broni is offline Senior Member
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    ================================================== ======================

    Is it same computer we cleaned 4 times last year?

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"

    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.


    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  6. 01-02-2012  #6
    Mister
    Mister is offline Full Member
    Hi, thank you once again for your time...apreciated.

    Yes, this computer was cleaned here last year. Thank you. Only once though. The others were separate computers, which I checked and cleaned with you at the same time.

    Combofix ran no probs - log follows ...

    ComboFix 12-01-30.02 - Pw 01/02/2012 7:35.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2020.711 [GMT 10:00]
    Running from: c:\documents and settings\Pw\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Start Menu\Programs\Startup\taskman.exe.lnk
    c:\documents and settings\Pw\Start Menu\Programs\Startup\PopTray.exe.lnk
    c:\documents and settings\Pw\System
    c:\documents and settings\Pw\System\win_qs8.jqx
    c:\documents and settings\Pw\WINDOWS
    c:\program files\Mail Bomber
    c:\program files\Mail Bomber\alternat.txt
    c:\program files\Mail Bomber\discounts.txt
    c:\program files\Mail Bomber\freegift.txt
    c:\program files\Mail Bomber\license.txt
    c:\program files\Mail Bomber\mailsend.cnt
    c:\program files\Mail Bomber\mailsend.dat
    c:\program files\Mail Bomber\mailsend.hlp
    c:\program files\Mail Bomber\mailsend.opt
    c:\program files\Mail Bomber\readme.txt
    c:\program files\Mail Bomber\unins000.dat
    c:\program files\Mail Bomber\unins000.exe
    c:\windows\help\wmplayer.bak
    c:\windows\system32\_000005_.tmp.dll
    c:\windows\system32\_000016_.tmp.dll
    c:\windows\system32\_000017_.tmp.dll
    c:\windows\system32\_000018_.tmp.dll
    c:\windows\system32\_000019_.tmp.dll
    c:\windows\system32\_000020_.tmp.dll
    c:\windows\system32\_000025_.tmp.dll
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\PowerToyReadme.htm
    c:\windows\WINDOWS
    c:\windows\WINDOWS\OLAGNT32.INI
    c:\windows\WindowsUpdate.log . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-30 14:14 . 2012-01-31 15:00 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-01-30 07:50 . 2012-01-30 07:50 -------- d-----w- c:\documents and settings\Pw\Application Data \Dynamic
    2012-01-30 07:50 . 2012-01-30 08:48 -------- d-----w- c:\documents and settings\Pw\Application Data \SiteClasses
    2012-01-30 07:50 . 2012-01-30 08:48 -------- d-----w- c:\documents and settings\Pw\Application Data \Sites
    2012-01-29 10:47 . 2012-01-29 10:47 -------- d-----w- c:\documents and settings\Pw\Application Data \Malwarebytes
    2012-01-29 01:54 . 2012-01-29 01:54 -------- d-----w- c:\documents and settings\Pw\Application Data \eBay
    2012-01-29 01:54 . 2012-01-29 01:54 -------- d-----w- c:\documents and settings\Pw\Application Data \InstallShield
    2012-01-28 19:38 . 2012-01-28 19:38 -------- d-----w- c:\documents and settings\Pw\Local Settings\Application Data\ActiveState
    2012-01-28 07:31 . 2012-01-28 07:32 -------- d-----w- c:\program files\ActiveState Komodo Edit 6
    2012-01-28 07:05 . 2012-01-28 07:10 -------- d-----w- c:\documents and settings\Pw\Application Data \Apple Computer
    2012-01-28 07:01 . 2012-01-28 07:01 -------- d-----w- c:\documents and settings\Pw\Application Data \com.adobe.downloadassistant.AdobeDownloadAssistan t
    2012-01-28 07:01 . 2012-01-28 07:01 -------- d-----w- c:\program files\Adobe Download Assistant
    2012-01-28 06:17 . 2012-01-28 06:17 -------- d-----w- c:\documents and settings\Pw\Application Data \Canon
    2012-01-28 04:30 . 2012-01-28 06:15 -------- d-----w- c:\documents and settings\Pw\Application Data \uTorrent
    2012-01-28 03:53 . 2012-01-30 07:53 -------- d-----w- c:\documents and settings\Pw\Application Data \RealWorksLive
    2012-01-28 03:52 . 2012-01-28 03:52 -------- d-----w- c:\documents and settings\Pw\Application Data \Creative
    2012-01-27 07:20 . 2012-01-27 07:27 -------- d-----w- c:\documents and settings\Pw\Local Settings\Application Data\Easy Blue Print
    2012-01-27 07:20 . 2012-01-27 07:20 -------- d-----w- c:\program files\Easy Blue Print
    2012-01-26 00:24 . 2012-01-26 00:24 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
    2012-01-26 00:21 . 2012-01-26 00:21 -------- d-----w- c:\program files\Common Files\xing shared
    2012-01-26 00:17 . 2012-01-26 00:17 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
    2012-01-26 00:15 . 2012-01-26 00:15 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
    2012-01-25 05:25 . 2012-01-25 05:25 -------- d-----w- C:\found.000
    2012-01-23 03:27 . 2012-01-23 03:27 -------- d-----w- c:\program files\Sweet Home 3D
    2012-01-22 23:00 . 2012-01-22 23:00 -------- d-----w- c:\program files\iPod
    2012-01-17 00:48 . 2012-01-17 00:48 -------- d-----w- c:\documents and settings\Pw\Local Settings\Application Data\Scansoft
    2012-01-16 22:28 . 2012-01-16 22:28 -------- d-----w- c:\windows\system32\Color
    2012-01-16 22:28 . 2012-01-16 22:28 -------- d-----w- c:\program files\NewSoft
    2012-01-16 22:27 . 2012-01-16 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
    2012-01-16 22:27 . 2012-01-16 22:27 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
    2012-01-16 22:26 . 2012-01-16 22:26 -------- d-----w- c:\program files\ScanSoft
    2012-01-16 12:31 . 2012-01-16 12:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2012-01-16 12:30 . 2012-01-16 12:30 -------- d--h--w- c:\program files\CanonBJ
    2012-01-15 23:59 . 2012-01-15 23:59 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2012-01-15 23:59 . 2012-01-15 23:59 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2012-01-15 23:59 . 2012-01-15 23:59 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2012-01-15 23:59 . 2012-01-15 23:59 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2012-01-09 13:51 . 2012-01-09 13:52 -------- d-----w- c:\program files\Creative
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2012-01-26 00:12 . 2005-04-01 11:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-01-26 00:12 . 2005-04-01 11:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-01-20 21:30 . 2011-10-25 12:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-07 13:00 . 2008-04-02 14:06 1885464 ----a-w- c:\windows\system32\AutoPartNt.exe
    2011-12-10 05:24 . 2008-08-26 13:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-28 18:01 . 2011-10-24 03:55 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 18:01 . 2011-10-24 03:55 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-28 17:53 . 2011-10-24 03:56 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:53 . 2011-10-24 03:56 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-28 17:52 . 2011-10-24 03:56 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-28 17:52 . 2011-10-24 03:56 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-28 17:52 . 2011-10-24 03:56 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-11-28 17:51 . 2011-10-24 03:56 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-11-28 17:51 . 2011-10-24 03:56 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-11-28 17:48 . 2011-10-24 03:56 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-11-23 13:25 . 2004-09-08 13:05 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2004-09-08 13:05 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-09-08 13:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-09-08 13:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-09-08 13:05 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-11 04:38 . 2011-04-11 04:38 731000 -c--a-w- c:\program files\autoruns.exe
    2011-04-11 04:38 . 2011-04-11 04:38 595320 -c--a-w- c:\program files\autorunsc.exe
    2004-01-29 08:11 . 2004-01-29 08:11 2211840 -c--a-w- c:\program files\SpaceSynthesizer.dll
    2003-05-05 12:10 . 2005-10-22 09:05 1113600 -c--a-w- c:\program files\brewlog.exe
    2009-08-08 15:11 . 2009-08-08 15:11 10437264 -c--a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
    2009-08-08 15:30 . 2009-08-08 15:30 107760 -c--a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
    2003-01-13 01:20 . 2008-12-06 08:21 278528 -c--a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
    1999-04-30 06:00 . 2008-12-06 08:21 98304 -c--a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
    2012-01-15 23:59 . 2011-10-07 23:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-12-03 2260480]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 412432]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
    "IMC"="c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe" [2008-01-14 4053102]
    "IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2011-06-24 185800]
    "WinColorReminder"="c:\program files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe" [2005-10-31 101120]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "VTTrayp"="VTtrayp.exe" [2004-01-30 135168]
    "VTTimer"="VTTimer.exe" [2004-01-15 49152]
    "Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "RTHDCPL"="RTHDCPL.EXE" [2010-09-07 19573352]
    "Persistence"="c:\windows\system32\igfxpers.ex e" [2010-01-28 142360]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
    "mdac_runonce"="c:\windows\SYSTEM32\RUNONCE.EX E" [2008-04-14 14336]
    "LoadQM"="loadqm.exe" [2000-05-03 7536]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE " [2001-08-23 44032]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-28 141336]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-28 173592]
    "Fellowes Proxy"="c:\windows\system32\r3proxy.exe" [2004-03-25 86016]
    "eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-03-19 632048]
    "CoolSwitch"="c:\windows\system32\taskswitch.e xe" [2002-03-19 45632]
    "CAP3ON"="c:\windows\system32\spool\drivers\w32x86 \3\CAP3ONN.EXE" [2007-01-19 28288]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\w3 2x86\3\WrtMon.exe" [2006-09-19 20480]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.e xe" [2004-08-04 44544]
    .
    c:\documents and settings\Pw\Start Menu\Programs\Startup\
    IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2011-5-28 304584]
    Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE [2002-7-19 38976]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "<NO NAME>"= 00000000
    .
    [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
    "<NO NAME>"= 00000000
    .
    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-01 113024]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *sprestrt
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Pw^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Pw^Start Menu^Programs^Startup^Seagate Product Registration.lnk]
    path=c:\documents and settings\Pw\Start Menu\Programs\Startup\Seagate Product Registration.lnk
    backup=c:\windows\pss\Seagate Product Registration.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    2008-06-27 07:03 136472 -c--a-w- c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2007-09-13 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2007-10-25 16:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxTrApp]
    2003-07-18 14:32 247296 -c--a-w- c:\windows\NETCOMM\CNXTRAPP.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
    2011-06-16 00:01 9245096 -c--a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
    2011-06-16 00:01 9245096 -c--a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
    2011-04-25 10:27 733576 -c--a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
    2011-04-22 08:26 69000 -c--a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePrint 3.0 Service]
    2003-03-24 04:26 58368 -c--a-w- c:\progra~1\LEADTE~1\LEADTOOLS ePrint 3.0\Bin\ePrint3.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
    2011-12-28 03:40 6148096 ----a-w- c:\progra~1\FREEDO~1\fdm.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
    2007-05-20 23:37 124512 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
    2009-05-01 04:35 185640 -c--a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Maxtor Scheduler2 Service]
    2008-06-27 07:03 136472 -c--a-w- c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBM 5]
    2004-06-11 23:40 594944 ----a-w- c:\program files\Motherboard Monitor 5\MBM5.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-06-01 00:17 5252408 -c--a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2007-06-13 00:39 73728 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-10-24 23:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-09-13 10:44 2424560 -c--a-w- c:\program files\SUPERAntiSpyware\9f50d2b9-4922-4117-9ce9-179a24f292a8.com
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-01-26 00:13 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "BlueSoleil Hid Service"=2 (0x2)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
    "LeechGet"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Visicom Media\\AceFTP 3 freeware\\aceftp3free.exe"=
    "c:\\Program Files\\Free Download Manager\\fdm.exe"=
    "c:\\WINDOWS\\System32\\mmc.exe"=
    "c:\\Games\\Descent3Demo\\main.exe"=
    "c:\\Q3Ademo\\quake3.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\SYSTEM32\\rtcshare.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\SYSTEM32\\java.exe"=
    "c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Cabos\\Cabos.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe" =
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP5\\RpcAgentSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP5\\WNt500x86\\RpcSandraSrv.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\SYSTEM32\DRIVERS\eubaku p.sys [4/06/2011 1:43 PM 30600]
    R0 EUBKMON;EUBKMON;c:\windows\SYSTEM32\DRIVERS\EUBKMO N.sys [4/06/2011 1:43 PM 35720]
    R0 EUFS;EUFS;c:\windows\SYSTEM32\DRIVERS\eufs.sys [4/06/2011 1:43 PM 20744]
    R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboo t.sys [6/08/2010 11:10 PM 28552]
    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\SYSTEM32\DRIVERS\sfdrv01a.sys [5/07/2006 10:46 PM 63352]
    R0 sonyhcb;Sony Digital Imaging Base;c:\windows\SYSTEM32\DRIVERS\sonyhcb.sys [22/07/2006 4:17 PM 6097]
    R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [27/10/2011 5:41 PM 691696]
    R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.s ys [24/10/2011 1:56 PM 435032]
    R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [24/10/2011 1:56 PM 314456]
    R1 EUDSKACS;EUDSKACS;c:\windows\SYSTEM32\DRIVERS\euds kacs.sys [4/06/2011 1:43 PM 14216]
    R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [20/02/2009 1:23 AM 21624]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [18/02/2010 4:25 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 4:41 AM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [30/06/2010 3:48 AM 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswF sBlk.sys [24/10/2011 1:56 PM 20568]
    R2 EASEUS Agent;EASEUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [4/06/2011 1:40 PM 56200]
    R2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe [10/02/2011 11:00 AM 91432]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService .exe [1/05/2009 2:35 PM 181544]
    R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [28/05/2011 11:47 AM 157128]
    R2 MSSQL$RETSDATA;MSSQL$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA [?]
    R2 MSSQL$RWLIVE;SQL Server (RWLIVE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/12/2010 6:29 PM 29293408]
    R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [23/09/2011 6:37 PM 641832]
    R3 EUDISK;EASEUS Disk Enumerator;c:\windows\SYSTEM32\DRIVERS\eudisk.sys [4/06/2011 1:43 PM 187528]
    R3 FeMouWDM;Fellowes Mouse Driver;c:\windows\SYSTEM32\DRIVERS\FeMouWDM.sys [10/07/2011 11:37 PM 11393]
    R3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [8/07/2010 12:05 AM 14904]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
    S2 gupdate1c98da1135dd59c;Google Update Service (gupdate1c98da1135dd59c);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 4:05 PM 133104]
    S3 Ambfilt;Ambfilt;c:\windows\SYSTEM32\DRIVERS\Ambfil t.sys [21/10/2011 12:45 AM 1691480]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 11:58 AM 11336]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\DNINDIS5.sys [28/01/2011 7:27 PM 17149]
    S3 epmntdrv;epmntdrv;c:\windows\SYSTEM32\epmntdrv.sys [28/07/2010 11:05 AM 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\SYSTEM32\EuGdiDrv.sys [28/07/2010 11:05 AM 8456]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\SYSTEM32\DRIVERS\ewusbnet.sys [23/03/2011 2:53 PM 112640]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 4:05 PM 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 max128k;max128k;c:\windows\SYSTEM32\DRIVERS\max128 k.sys [3/07/2004 7:17 PM 3840]
    S3 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27/06/2008 5:03 PM 431384]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DR IVERS\mbamswissarmy.sys [31/01/2012 12:14 AM 40776]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\SYSTEM32\DRIVERS\netaapl.sys [29/01/2011 4:02 PM 18432]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [23/10/2011 8:24 AM 93848]
    S3 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27/06/2008 5:03 PM 431384]
    S3 sonyhcs;Sony Digital Imaging Video;c:\windows\SYSTEM32\DRIVERS\sonyhcs.sys [22/07/2006 4:17 PM 299923]
    S3 SQLAgent$RETSDATA;SQLAgent$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\SYSTEM32\DRIVERS\WPN111.sys [28/01/2011 7:27 PM 384608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    2003-05-01 23:08 7168 -c--a-w- c:\windows\SYSTEM32\updcrl.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
    .
    2012-01-29 c:\windows\Tasks\Auslogics Disk Defrag Disk Defrag Console Defragmentation.job
    - c:\program files\Auslogics\Auslogics Disk Defrag\cdefrag.exe [2011-02-07 00:30]
    .
    2011-12-03 c:\windows\Tasks\Auslogics Disk Defrag Disk Defrag Start On Windows Logon.job
    - c:\program files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe [2011-02-07 00:30]
    .
    2012-01-31 c:\windows\Tasks\CCleaner.job
    - c:\progra~1\CCleaner\CCleaner.exe [2011-01-24 15:25]
    .
    2012-01-25 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2011-07-05 06:09]
    .
    2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 06:05]
    .
    2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 06:05]
    .
    2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1214440339-839522115-1003Core.job
    - c:\documents and settings\Pw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-07 04:50]
    .
    2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1214440339-839522115-1003UA.job
    - c:\documents and settings\Pw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-07 04:50]
    .
    2012-01-31 c:\windows\Tasks\Maintenance-Disk cleanup.job
    - c:\windows\SYSTEM32\cleanmgr.exe [2004-09-08 00:12]
    .
    2012-01-31 c:\windows\Tasks\Malwarebytes' Anti-Malware scan.job
    - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-08-26 07:50]
    .
    2012-01-31 c:\windows\Tasks\Malwarebytes' Anti-Malware update.job
    - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-08-26 07:50]
    .
    2012-01-28 c:\windows\Tasks\Maxtor MaxBlast.job
    - c:\progra~1\Maxtor\MaxBlast\MaxBlast.exe [2008-06-27 07:45]
    .
    2012-01-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1214440339-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 06:02]
    .
    2012-01-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1214440339-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 06:02]
    .
    2012-01-30 c:\windows\Tasks\REALWORKS Live.job
    - c:\program files\RealWorksLive\RWLink.exe [2010-03-16 06:54]
    .
    2012-01-31 c:\windows\Tasks\User_Feed_Synchronization-{76F70D15-FDCF-4219-BADA-73DD83C657B9}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 18:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: &Yahoo! Search
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?80cab6f4468f4fd5b062c28282d447ed
    IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?80cab6f4468f4fd5b062c28282d447ed
    IE: Yahoo! &Dictionary
    IE: Yahoo! &Maps
    IE: Yahoo! &SMS
    Trusted Zone: secunia.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: DirectAnimation Java Classes
    DPF: Internet Explorer Classes for Java
    DPF: Microsoft XML Parser for Java
    DPF: {00000045-9980-0010-8000-00AA00389B71}
    DPF: {00000161-0000-0010-8000-00AA00389B71}
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
    DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE}
    DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B}
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-NBJ - c:\program files\Ahead\Nero BackItUp\NBJ.exe
    AddRemove-Shockwave - c:\windows\SYSTEM32\MACROMED\SHOCKW~2\UNWISE.EXE
    .
    .
    .
    ************************************************** ************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2012-02-01 08:22
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    ************************************************** ************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentV ersion\Shell Extensions\Approved\{64EC29B4-1159-FAA0-C48C-8BA29C2BC31D}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iahiobpkekpjlinoci"=hex:6b,61,69,70,64,70,70,6b,6 a,70,6c,6c,66,66,67,63,68,68,
    66,6e,66,70,00,00
    "hanjepphepclmfbe"=hex:6b,61,69,70,64,70,70,6b,6a, 70,6c,6c,66,66,67,63,68,68,
    66,6e,66,70,00,00
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
    "Licence0"="REMOVED"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
    @DACL=(02 0000)
    @="Wireless"
    "DllName"=expand:"gptext.dll"
    "NoGPOListChanges"=dword:00000001
    "NoUserPolicy"=dword:00000001
    "ProcessGroupPolicy"="ProcessWIRELESSPolicy"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
    @DACL=(02 0000)
    @="Folder Redirection"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
    "DllName"=expand:"fdeploy.dll"
    "NoMachinePolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "PerUserLocalSettings"=dword:00000001
    "NoGPOListChanges"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "EventSources"=multi:"(Folder Redirection,Application)\00\00"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
    @DACL=(02 0000)
    @="Microsoft Disk Quota"
    "NoMachinePolicy"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "NoBackgroundPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "RequiresSuccessfulRegistry"=dword:00000001
    "EnableAsynchronousProcessing"=dword:00000000
    "DllName"=expand:"dskquota.dll"
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
    @DACL=(02 0000)
    @="QoS Packet Scheduler"
    "ProcessGroupPolicy"="ProcessPSCHEDPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
    @DACL=(02 0000)
    @="Scripts"
    "ProcessGroupPolicy"="ProcessScriptsGroupPolic y"
    "ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyE x"
    "GenerateGroupPolicy"="GenerateScriptsGroupPol icy"
    "DllName"=expand:"gptext.dll"
    "NoSlowLink"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "NotifyLinkTransition"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
    @DACL=(02 0000)
    @="Internet Explorer Zonemapping"
    "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
    "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap "
    "NoGPOListChanges"=dword:00000001
    "RequiresSucessfulRegistry"=dword:00000001
    "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3051"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
    @DACL=(02 0000)
    @="Windows Search Group Policy Extension"
    "DllName"=expand:"%SystemRoot%\\System32\\srchadmi n.dll"
    "EnableAsynchronousProcessing"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000001
    "NoMachinePolicy"=dword:00000000
    "NoSlowLink"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
    @DACL=(02 0000)
    @="Internet Explorer User Accelerators"
    "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3051"
    "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
    "NoGPOListChanges"=dword:00000001
    "ProcessGroupPolicy"="ProcessGroupPolicyForActivit ies"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyForActiv itiesEx"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
    @DACL=(02 0000)
    "ProcessGroupPolicy"="SceProcessSecurityPolicy GPO"
    "GenerateGroupPolicy"="SceGenerateGroupPolicy"
    "ExtensionRsopPlanningDebugLevel"=dword:000000 01
    "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGP OEx"
    "ExtensionDebugLevel"=dword:00000001
    "DllName"=expand:"scecli.dll"
    @="Security"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "EnableAsynchronousProcessing"=dword:00000001
    "MaxNoGPOListChangesInterval"=dword:000003c0
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
    @DACL=(02 0000)
    "ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
    @="Internet Explorer Branding"
    "NoSlowLink"=dword:00000001
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000001
    "NoMachinePolicy"=dword:00000001
    "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3014"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
    @DACL=(02 0000)
    "ProcessGroupPolicy"="SceProcessEFSRecoveryGPO "
    "DllName"=expand:"scecli.dll"
    @="EFS recovery"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
    @DACL=(02 0000)
    @="802.3 Group Policy"
    "DisplayName"=expand:"@dot3gpclnt.dll,-100"
    "ProcessGroupPolicyEx"="ProcessLANPolicyEx"
    "GenerateGroupPolicy"="GenerateLANPolicy"
    "DllName"=expand:"dot3gpclnt.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
    @DACL=(02 0000)
    @="Microsoft Offline Files"
    "DllName"=expand:"%SystemRoot%\\System32\\cscui.dl l"
    "EnableAsynchronousProcessing"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000000
    "NoMachinePolicy"=dword:00000000
    "NoSlowLink"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
    @DACL=(02 0000)
    @="Software Installation"
    "DllName"=expand:"appmgmts.dll"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsE x"
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "NoBackgroundPolicy"=dword:00000000
    "RequiresSucessfulRegistry"=dword:00000000
    "NoSlowLink"=dword:00000001
    "PerUserLocalSettings"=dword:00000001
    "EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Applicatio n)\00\00"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
    @DACL=(02 0000)
    @="Internet Explorer Machine Accelerators"
    "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3051"
    "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
    "NoGPOListChanges"=dword:00000001
    "ProcessGroupPolicy"="ProcessGroupPolicyForActivit ies"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyForActiv itiesEx"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
    @DACL=(02 0000)
    @="IP Security"
    "ProcessGroupPolicy"="ProcessIPSECPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    @DACL=(02 0000)
    "DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
    "Logon"="SABWINLOLogon"
    "Logoff"="SABWINLOLogoff"
    "Startup"="SABWINLOStartup"
    "Shutdown"="SABWINLOShutdown"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=expand:"crypt32.dll"
    "Logoff"="ChainWlxLogoffEvent"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=expand:"cryptnet.dll"
    "Logoff"="CryptnetWlxLogoffEvent"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    @DACL=(02 0000)
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000001
    "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy .dll"
    "Startup"="WlDimsStartup"
    "Shutdown"="WlDimsShutdown"
    "Logon"="WlDimsLogon"
    "Logoff"="WlDimsLogoff"
    "StartShell"="WlDimsStartShell"
    "Lock"="WlDimsLock"
    "Unlock"="WlDimsUnlock"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    @DACL=(02 0000)
    @=""
    "DLLName"="igfxdev.dll"
    "Asynchronous"=dword:00000001
    "Impersonate"=dword:00000001
    "Unlock"="WinlogonUnlockEvent"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    @DACL=(02 0000)
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "DllName"=expand:"wlnotify.dll"
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    @DACL=(02 0000)
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=expand:"sclgntfy.dll"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    @DACL=(02 0000)
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "DllName"=expand:"wlnotify.dll"
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    @DACL=(02 0000)
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEven t"
    "Logoff"="UnregisterTicketExpiredNotificationEvent "
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t]
    @DACL=(02 0000)
    "HelpAssistant"=dword:00000000
    "TsInternetUser"=dword:00000000
    "SQLAgentCmdExec"=dword:00000000
    "NetShowServices"=dword:00000000
    "IWAM_"=dword:00010000
    "IUSR_"=dword:00010000
    "VUSR_"=dword:00010000
    "ASPNET"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(5492)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\IDrive\IDriveEView.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Sandboxie\SbieSvc.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\CAP3RSK.EXE
    c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe
    c:\program files\IDrive\IDrivePlugin.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\VTTimer.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\spool\drivers\w32x86\3\WrtProc .exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE
    c:\program files\IDrive\IDriveETray.exe
    c:\program files\IDrive\IDriveEBackground.exe
    c:\windows\system32\scrnsave.scr
    .
    ************************************************** ************************
    .
    Completion time: 2012-02-01 09:41:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-31 23:41
    .
    Pre-Run: 63,426,854,400 bytes free
    Post-Run: 63,309,218,816 bytes free
    .
    - - End Of File - - A71A811AB8A6A2CDBB3137D616D5DB76
  7. 01-02-2012  #7
    broni
    broni is offline Senior Member
    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\WindowsUpdate.log

RegNull::
[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{64EC29B4-1159-FAA0-C48C-8BA29C2BC31D}*]

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"=-

ClearJavaCache::

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  8. 01-02-2012  #8
    Mister
    Mister is offline Full Member
    Thank you.

    It ran with one error, "pev.3xe encountered an error and needs to close" see screenshot. It happened on the stage 50. I closed and then combofix completed and produced this log.



    ComboFix 12-01-31.01 - Pw 01/02/2012 12:06:03.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2020.999 [GMT 10:00]
    Running from: c:\documents and settings\Pw\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Pw\Desktop\cfscript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-30 14:14 . 2012-01-31 15:00 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-01-30 07:50 . 2012-01-30 07:50 -------- d-----w- c:\documents and settings\Pw\Application Data \Dynamic
    2012-01-30 07:50 . 2012-01-30 08:48 -------- d-----w- c:\documents and settings\Pw\Application Data \SiteClasses
    2012-01-30 07:50 . 2012-01-30 08:48 -------- d-----w- c:\documents and settings\Pw\Application Data \Sites
    2012-01-29 10:47 . 2012-01-29 10:47 -------- d-----w- c:\documents and settings\Pw\Application Data \Malwarebytes
    2012-01-29 01:54 . 2012-01-29 01:54 -------- d-----w- c:\documents and settings\Pw\Application Data \eBay
    2012-01-29 01:54 . 2012-01-29 01:54 -------- d-----w- c:\documents and settings\Pw\Application Data \InstallShield
    2012-01-28 19:38 . 2012-01-28 19:38 -------- d-----w- c:\documents and settings\Pw\Local Settings\Application Data\ActiveState
    2012-01-28 07:31 . 2012-01-28 07:32 -------- d-----w- c:\program files\ActiveState Komodo Edit 6
    2012-01-28 07:05 . 2012-01-28 07:10 -------- d-----w- c:\documents and settings\Pw\Application Data \Apple Computer
    2012-01-28 07:01 . 2012-01-28 07:01 -------- d-----w- c:\documents and settings\Pw\Application Data \com.adobe.downloadassistant.AdobeDownloadAssistan t
    2012-01-28 07:01 . 2012-01-28 07:01 -------- d-----w- c:\program files\Adobe Download Assistant
    2012-01-28 06:17 . 2012-01-28 06:17 -------- d-----w- c:\documents and settings\Pw\Application Data \Canon
    2012-01-28 04:30 . 2012-01-28 06:15 -------- d-----w- c:\documents and settings\Pw\Application Data \uTorrent
    2012-01-28 03:53 . 2012-01-30 07:53 -------- d-----w- c:\documents and settings\Pw\Application Data \RealWorksLive
    2012-01-28 03:52 . 2012-01-28 03:52 -------- d-----w- c:\documents and settings\Pw\Application Data \Creative
    2012-01-27 07:20 . 2012-01-27 07:27 -------- d-----w- c:\documents and settings\Pw\Local Settings\Application Data\Easy Blue Print
    2012-01-27 07:20 . 2012-01-27 07:20 -------- d-----w- c:\program files\Easy Blue Print
    2012-01-26 00:24 . 2012-01-26 00:24 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
    2012-01-26 00:21 . 2012-01-26 00:21 -------- d-----w- c:\program files\Common Files\xing shared
    2012-01-26 00:17 . 2012-01-26 00:17 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
    2012-01-26 00:15 . 2012-01-26 00:15 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
    2012-01-25 05:25 . 2012-01-25 05:25 -------- d-----w- C:\found.000
    2012-01-23 03:27 . 2012-01-23 03:27 -------- d-----w- c:\program files\Sweet Home 3D
    2012-01-22 23:00 . 2012-01-22 23:00 -------- d-----w- c:\program files\iPod
    2012-01-17 00:48 . 2012-01-17 00:48 -------- d-----w- c:\documents and settings\Pw\Local Settings\Application Data\Scansoft
    2012-01-16 22:28 . 2012-01-16 22:28 -------- d-----w- c:\windows\system32\Color
    2012-01-16 22:28 . 2012-01-16 22:28 -------- d-----w- c:\program files\NewSoft
    2012-01-16 22:27 . 2012-01-16 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
    2012-01-16 22:27 . 2012-01-16 22:27 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
    2012-01-16 22:26 . 2012-01-16 22:26 -------- d-----w- c:\program files\ScanSoft
    2012-01-16 12:31 . 2012-01-16 12:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2012-01-16 12:30 . 2012-01-16 12:30 -------- d--h--w- c:\program files\CanonBJ
    2012-01-15 23:59 . 2012-01-15 23:59 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2012-01-15 23:59 . 2012-01-15 23:59 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2012-01-15 23:59 . 2012-01-15 23:59 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2012-01-15 23:59 . 2012-01-15 23:59 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2012-01-09 13:51 . 2012-01-09 13:52 -------- d-----w- c:\program files\Creative
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2012-01-26 00:12 . 2005-04-01 11:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-01-26 00:12 . 2005-04-01 11:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-01-20 21:30 . 2011-10-25 12:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-07 13:00 . 2008-04-02 14:06 1885464 ----a-w- c:\windows\system32\AutoPartNt.exe
    2011-12-10 05:24 . 2008-08-26 13:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-28 18:01 . 2011-10-24 03:55 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 18:01 . 2011-10-24 03:55 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-28 17:53 . 2011-10-24 03:56 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:53 . 2011-10-24 03:56 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-28 17:52 . 2011-10-24 03:56 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-28 17:52 . 2011-10-24 03:56 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-28 17:52 . 2011-10-24 03:56 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-11-28 17:51 . 2011-10-24 03:56 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-11-28 17:51 . 2011-10-24 03:56 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-11-28 17:48 . 2011-10-24 03:56 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-11-23 13:25 . 2004-09-08 13:05 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2004-09-08 13:05 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-09-08 13:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-09-08 13:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-09-08 13:05 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-11 04:38 . 2011-04-11 04:38 731000 -c--a-w- c:\program files\autoruns.exe
    2011-04-11 04:38 . 2011-04-11 04:38 595320 -c--a-w- c:\program files\autorunsc.exe
    2004-01-29 08:11 . 2004-01-29 08:11 2211840 -c--a-w- c:\program files\SpaceSynthesizer.dll
    2003-05-05 12:10 . 2005-10-22 09:05 1113600 -c--a-w- c:\program files\brewlog.exe
    2009-08-08 15:11 . 2009-08-08 15:11 10437264 -c--a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
    2009-08-08 15:30 . 2009-08-08 15:30 107760 -c--a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
    2003-01-13 01:20 . 2008-12-06 08:21 278528 -c--a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
    1999-04-30 06:00 . 2008-12-06 08:21 98304 -c--a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
    2012-01-15 23:59 . 2011-10-07 23:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-31_22.22.33 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-01 00:22 . 2012-02-01 00:22 294804 c:\windows\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat
    + 2011-10-21 07:13 . 2012-02-01 02:36 7766016 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2011-10-21 07:13 . 2012-01-31 22:24 7766016 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-12-03 2260480]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 412432]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
    "IMC"="c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe" [2008-01-14 4053102]
    "IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2011-06-24 185800]
    "WinColorReminder"="c:\program files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe" [2005-10-31 101120]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "VTTrayp"="VTtrayp.exe" [2004-01-30 135168]
    "VTTimer"="VTTimer.exe" [2004-01-15 49152]
    "Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "RTHDCPL"="RTHDCPL.EXE" [2010-09-07 19573352]
    "Persistence"="c:\windows\system32\igfxpers.ex e" [2010-01-28 142360]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
    "mdac_runonce"="c:\windows\SYSTEM32\RUNONCE.EX E" [2008-04-14 14336]
    "LoadQM"="loadqm.exe" [2000-05-03 7536]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE " [2001-08-23 44032]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-28 141336]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-28 173592]
    "Fellowes Proxy"="c:\windows\system32\r3proxy.exe" [2004-03-25 86016]
    "eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-03-19 632048]
    "CoolSwitch"="c:\windows\system32\taskswitch.e xe" [2002-03-19 45632]
    "CAP3ON"="c:\windows\system32\spool\drivers\w32x86 \3\CAP3ONN.EXE" [2007-01-19 28288]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\w3 2x86\3\WrtMon.exe" [2006-09-19 20480]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.e xe" [2004-08-04 44544]
    .
    c:\documents and settings\Pw\Start Menu\Programs\Startup\
    IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2011-5-28 304584]
    Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE [2002-7-19 38976]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "<NO NAME>"= 00000000
    .
    [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
    "<NO NAME>"= 00000000
    .
    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-01 113024]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *sprestrt
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Pw^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Pw^Start Menu^Programs^Startup^Seagate Product Registration.lnk]
    path=c:\documents and settings\Pw\Start Menu\Programs\Startup\Seagate Product Registration.lnk
    backup=c:\windows\pss\Seagate Product Registration.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    2008-06-27 07:03 136472 -c--a-w- c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2007-09-13 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2007-10-25 16:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxTrApp]
    2003-07-18 14:32 247296 -c--a-w- c:\windows\NETCOMM\CNXTRAPP.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
    2011-06-16 00:01 9245096 -c--a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
    2011-06-16 00:01 9245096 -c--a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
    2011-04-25 10:27 733576 -c--a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
    2011-04-22 08:26 69000 -c--a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePrint 3.0 Service]
    2003-03-24 04:26 58368 -c--a-w- c:\progra~1\LEADTE~1\LEADTOOLS ePrint 3.0\Bin\ePrint3.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
    2011-12-28 03:40 6148096 ----a-w- c:\progra~1\FREEDO~1\fdm.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
    2007-05-20 23:37 124512 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
    2009-05-01 04:35 185640 -c--a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Maxtor Scheduler2 Service]
    2008-06-27 07:03 136472 -c--a-w- c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBM 5]
    2004-06-11 23:40 594944 ----a-w- c:\program files\Motherboard Monitor 5\MBM5.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-06-01 00:17 5252408 -c--a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2007-06-13 00:39 73728 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-10-24 23:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-09-13 10:44 2424560 -c--a-w- c:\program files\SUPERAntiSpyware\9f50d2b9-4922-4117-9ce9-179a24f292a8.com
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-01-26 00:13 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "BlueSoleil Hid Service"=2 (0x2)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
    "LeechGet"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Visicom Media\\AceFTP 3 freeware\\aceftp3free.exe"=
    "c:\\Program Files\\Free Download Manager\\fdm.exe"=
    "c:\\WINDOWS\\System32\\mmc.exe"=
    "c:\\Games\\Descent3Demo\\main.exe"=
    "c:\\Q3Ademo\\quake3.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\SYSTEM32\\rtcshare.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\SYSTEM32\\java.exe"=
    "c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Cabos\\Cabos.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe" =
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP5\\RpcAgentSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP5\\WNt500x86\\RpcSandraSrv.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\SYSTEM32\DRIVERS\eubaku p.sys [4/06/2011 1:43 PM 30600]
    R0 EUBKMON;EUBKMON;c:\windows\SYSTEM32\DRIVERS\EUBKMO N.sys [4/06/2011 1:43 PM 35720]
    R0 EUFS;EUFS;c:\windows\SYSTEM32\DRIVERS\eufs.sys [4/06/2011 1:43 PM 20744]
    R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboo t.sys [6/08/2010 11:10 PM 28552]
    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\SYSTEM32\DRIVERS\sfdrv01a.sys [5/07/2006 10:46 PM 63352]
    R0 sonyhcb;Sony Digital Imaging Base;c:\windows\SYSTEM32\DRIVERS\sonyhcb.sys [22/07/2006 4:17 PM 6097]
    R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [27/10/2011 5:41 PM 691696]
    R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.s ys [24/10/2011 1:56 PM 435032]
    R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [24/10/2011 1:56 PM 314456]
    R1 EUDSKACS;EUDSKACS;c:\windows\SYSTEM32\DRIVERS\euds kacs.sys [4/06/2011 1:43 PM 14216]
    R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [20/02/2009 1:23 AM 21624]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [18/02/2010 4:25 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 4:41 AM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [30/06/2010 3:48 AM 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswF sBlk.sys [24/10/2011 1:56 PM 20568]
    R2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe [10/02/2011 11:00 AM 91432]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService .exe [1/05/2009 2:35 PM 181544]
    R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [28/05/2011 11:47 AM 157128]
    R2 MSSQL$RETSDATA;MSSQL$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA [?]
    R2 MSSQL$RWLIVE;SQL Server (RWLIVE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/12/2010 6:29 PM 29293408]
    R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [23/09/2011 6:37 PM 641832]
    R3 EUDISK;EASEUS Disk Enumerator;c:\windows\SYSTEM32\DRIVERS\eudisk.sys [4/06/2011 1:43 PM 187528]
    R3 FeMouWDM;Fellowes Mouse Driver;c:\windows\SYSTEM32\DRIVERS\FeMouWDM.sys [10/07/2011 11:37 PM 11393]
    R3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [8/07/2010 12:05 AM 14904]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
    S2 EASEUS Agent;EASEUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [4/06/2011 1:40 PM 56200]
    S2 gupdate1c98da1135dd59c;Google Update Service (gupdate1c98da1135dd59c);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 4:05 PM 133104]
    S3 Ambfilt;Ambfilt;c:\windows\SYSTEM32\DRIVERS\Ambfil t.sys [21/10/2011 12:45 AM 1691480]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 11:58 AM 11336]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\DNINDIS5.sys [28/01/2011 7:27 PM 17149]
    S3 epmntdrv;epmntdrv;c:\windows\SYSTEM32\epmntdrv.sys [28/07/2010 11:05 AM 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\SYSTEM32\EuGdiDrv.sys [28/07/2010 11:05 AM 8456]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\SYSTEM32\DRIVERS\ewusbnet.sys [23/03/2011 2:53 PM 112640]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 4:05 PM 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 max128k;max128k;c:\windows\SYSTEM32\DRIVERS\max128 k.sys [3/07/2004 7:17 PM 3840]
    S3 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27/06/2008 5:03 PM 431384]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DR IVERS\mbamswissarmy.sys [31/01/2012 12:14 AM 40776]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\SYSTEM32\DRIVERS\netaapl.sys [29/01/2011 4:02 PM 18432]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [23/10/2011 8:24 AM 93848]
    S3 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27/06/2008 5:03 PM 431384]
    S3 sonyhcs;Sony Digital Imaging Video;c:\windows\SYSTEM32\DRIVERS\sonyhcs.sys [22/07/2006 4:17 PM 299923]
    S3 SQLAgent$RETSDATA;SQLAgent$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\SYSTEM32\DRIVERS\WPN111.sys [28/01/2011 7:27 PM 384608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    2003-05-01 23:08 7168 -c--a-w- c:\windows\SYSTEM32\updcrl.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
    .
    2012-01-29 c:\windows\Tasks\Auslogics Disk Defrag Disk Defrag Console Defragmentation.job
    - c:\program files\Auslogics\Auslogics Disk Defrag\cdefrag.exe [2011-02-07 00:30]
    .
    2011-12-03 c:\windows\Tasks\Auslogics Disk Defrag Disk Defrag Start On Windows Logon.job
    - c:\program files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe [2011-02-07 00:30]
    .
    2012-01-31 c:\windows\Tasks\CCleaner.job
    - c:\progra~1\CCleaner\CCleaner.exe [2011-01-24 15:25]
    .
    2012-01-25 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2011-07-05 06:09]
    .
    2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 06:05]
    .
    2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 06:05]
    .
    2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1214440339-839522115-1003Core.job
    - c:\documents and settings\Pw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-07 04:50]
    .
    2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1214440339-839522115-1003UA.job
    - c:\documents and settings\Pw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-07 04:50]
    .
    2012-01-31 c:\windows\Tasks\Maintenance-Disk cleanup.job
    - c:\windows\SYSTEM32\cleanmgr.exe [2004-09-08 00:12]
    .
    2012-01-31 c:\windows\Tasks\Malwarebytes' Anti-Malware scan.job
    - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-08-26 07:50]
    .
    2012-01-31 c:\windows\Tasks\Malwarebytes' Anti-Malware update.job
    - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-08-26 07:50]
    .
    2012-01-28 c:\windows\Tasks\Maxtor*MaxBlast.job
    - c:\progra~1\Maxtor\MaxBlast\MaxBlast.exe [2008-06-27 07:45]
    .
    2012-01-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1214440339-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 06:02]
    .
    2012-01-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1214440339-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 06:02]
    .
    2012-01-30 c:\windows\Tasks\REALWORKS Live.job
    - c:\program files\RealWorksLive\RWLink.exe [2010-03-16 06:54]
    .
    2012-02-01 c:\windows\Tasks\User_Feed_Synchronization-{76F70D15-FDCF-4219-BADA-73DD83C657B9}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 18:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: &Yahoo! Search
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?80cab6f4468f4fd5b062c28282d447ed
    IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?80cab6f4468f4fd5b062c28282d447ed
    IE: Yahoo! &Dictionary
    IE: Yahoo! &Maps
    IE: Yahoo! &SMS
    Trusted Zone: secunia.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: DirectAnimation Java Classes
    DPF: Internet Explorer Classes for Java
    DPF: Microsoft XML Parser for Java
    DPF: {00000045-9980-0010-8000-00AA00389B71}
    DPF: {00000161-0000-0010-8000-00AA00389B71}
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
    DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE}
    DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B}
    FF - ProfilePath -
    .
    .
    ************************************************** ************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2012-02-01 12:39
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    ************************************************** ************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentV ersion\Shell Extensions\Approved\{64EC29B4-1159-FAA0-C48C-8BA29C2BC31D}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iahiobpkekpjlinoci"=hex:6b,61,69,70,64,70,70,6b,6 a,70,6c,6c,66,66,67,63,68,68,
    66,6e,66,70,00,00
    "hanjepphepclmfbe"=hex:6b,61,69,70,64,70,70,6b,6a, 70,6c,6c,66,66,67,63,68,68,
    66,6e,66,70,00,00
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
    "Licence0"="REMOVED"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
    @DACL=(02 0000)
    @="Wireless"
    "DllName"=expand:"gptext.dll"
    "NoGPOListChanges"=dword:00000001
    "NoUserPolicy"=dword:00000001
    "ProcessGroupPolicy"="ProcessWIRELESSPolicy"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
    @DACL=(02 0000)
    @="Folder Redirection"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
    "DllName"=expand:"fdeploy.dll"
    "NoMachinePolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "PerUserLocalSettings"=dword:00000001
    "NoGPOListChanges"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "EventSources"=multi:"(Folder Redirection,Application)\00\00"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
    @DACL=(02 0000)
    @="Microsoft Disk Quota"
    "NoMachinePolicy"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "NoBackgroundPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "RequiresSuccessfulRegistry"=dword:00000001
    "EnableAsynchronousProcessing"=dword:00000000
    "DllName"=expand:"dskquota.dll"
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
    @DACL=(02 0000)
    @="QoS Packet Scheduler"
    "ProcessGroupPolicy"="ProcessPSCHEDPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
    @DACL=(02 0000)
    @="Scripts"
    "ProcessGroupPolicy"="ProcessScriptsGroupPolic y"
    "ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyE x"
    "GenerateGroupPolicy"="GenerateScriptsGroupPol icy"
    "DllName"=expand:"gptext.dll"
    "NoSlowLink"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "NotifyLinkTransition"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
    @DACL=(02 0000)
    @="Internet Explorer Zonemapping"
    "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
    "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap "
    "NoGPOListChanges"=dword:00000001
    "RequiresSucessfulRegistry"=dword:00000001
    "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3051"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
    @DACL=(02 0000)
    @="Windows Search Group Policy Extension"
    "DllName"=expand:"%SystemRoot%\\System32\\srchadmi n.dll"
    "EnableAsynchronousProcessing"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000001
    "NoMachinePolicy"=dword:00000000
    "NoSlowLink"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
    @DACL=(02 0000)
    @="Internet Explorer User Accelerators"
    "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3051"
    "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
    "NoGPOListChanges"=dword:00000001
    "ProcessGroupPolicy"="ProcessGroupPolicyForActivit ies"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyForActiv itiesEx"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
    @DACL=(02 0000)
    "ProcessGroupPolicy"="SceProcessSecurityPolicy GPO"
    "GenerateGroupPolicy"="SceGenerateGroupPolicy"
    "ExtensionRsopPlanningDebugLevel"=dword:000000 01
    "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGP OEx"
    "ExtensionDebugLevel"=dword:00000001
    "DllName"=expand:"scecli.dll"
    @="Security"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "EnableAsynchronousProcessing"=dword:00000001
    "MaxNoGPOListChangesInterval"=dword:000003c0
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
    @DACL=(02 0000)
    "ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
    @="Internet Explorer Branding"
    "NoSlowLink"=dword:00000001
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000001
    "NoMachinePolicy"=dword:00000001
    "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3014"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
    @DACL=(02 0000)
    "ProcessGroupPolicy"="SceProcessEFSRecoveryGPO "
    "DllName"=expand:"scecli.dll"
    @="EFS recovery"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
    @DACL=(02 0000)
    @="802.3 Group Policy"
    "DisplayName"=expand:"@dot3gpclnt.dll,-100"
    "ProcessGroupPolicyEx"="ProcessLANPolicyEx"
    "GenerateGroupPolicy"="GenerateLANPolicy"
    "DllName"=expand:"dot3gpclnt.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
    @DACL=(02 0000)
    @="Microsoft Offline Files"
    "DllName"=expand:"%SystemRoot%\\System32\\cscui.dl l"
    "EnableAsynchronousProcessing"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000000
    "NoMachinePolicy"=dword:00000000
    "NoSlowLink"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
    @DACL=(02 0000)
    @="Software Installation"
    "DllName"=expand:"appmgmts.dll"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsE x"
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "NoBackgroundPolicy"=dword:00000000
    "RequiresSucessfulRegistry"=dword:00000000
    "NoSlowLink"=dword:00000001
    "PerUserLocalSettings"=dword:00000001
    "EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Applicatio n)\00\00"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
    @DACL=(02 0000)
    @="Internet Explorer Machine Accelerators"
    "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3051"
    "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
    "NoGPOListChanges"=dword:00000001
    "ProcessGroupPolicy"="ProcessGroupPolicyForActivit ies"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyForActiv itiesEx"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
    @DACL=(02 0000)
    @="IP Security"
    "ProcessGroupPolicy"="ProcessIPSECPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    @DACL=(02 0000)
    "DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
    "Logon"="SABWINLOLogon"
    "Logoff"="SABWINLOLogoff"
    "Startup"="SABWINLOStartup"
    "Shutdown"="SABWINLOShutdown"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=expand:"crypt32.dll"
    "Logoff"="ChainWlxLogoffEvent"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=expand:"cryptnet.dll"
    "Logoff"="CryptnetWlxLogoffEvent"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    @DACL=(02 0000)
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000001
    "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy .dll"
    "Startup"="WlDimsStartup"
    "Shutdown"="WlDimsShutdown"
    "Logon"="WlDimsLogon"
    "Logoff"="WlDimsLogoff"
    "StartShell"="WlDimsStartShell"
    "Lock"="WlDimsLock"
    "Unlock"="WlDimsUnlock"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    @DACL=(02 0000)
    @=""
    "DLLName"="igfxdev.dll"
    "Asynchronous"=dword:00000001
    "Impersonate"=dword:00000001
    "Unlock"="WinlogonUnlockEvent"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    @DACL=(02 0000)
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "DllName"=expand:"wlnotify.dll"
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    @DACL=(02 0000)
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=expand:"sclgntfy.dll"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    @DACL=(02 0000)
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "DllName"=expand:"wlnotify.dll"
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    @DACL=(02 0000)
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEven t"
    "Logoff"="UnregisterTicketExpiredNotificationEvent "
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t]
    @DACL=(02 0000)
    "HelpAssistant"=dword:00000000
    "TsInternetUser"=dword:00000000
    "SQLAgentCmdExec"=dword:00000000
    "NetShowServices"=dword:00000000
    "IWAM_"=dword:00010000
    "IUSR_"=dword:00010000
    "VUSR_"=dword:00010000
    "ASPNET"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(5172)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-02-01 12:53:52
    ComboFix-quarantined-files.txt 2012-02-01 02:53
    ComboFix2.txt 2012-01-31 23:41
    .
    Pre-Run: 63,366,696,448 bytes free
    Post-Run: 63,355,141,120 bytes free
    .
    - - End Of File - - 8EEFEFF9F86241BFB171EB9A8F6C6D45
    Attached Images
  9. 01-02-2012  #9
    broni
    broni is offline Senior Member
    You just re-run Combofix.
    You didn't run my script.
    Re-read my instructions and redo.
  10. 01-02-2012  #10
    Mister
    Mister is offline Full Member
    Save 20% on AVG Internet Security 2012 Suite!
    Thank you again for your kind assistance.

    Sorry, I though I did run the script as per instructions. You can see "Command switches used :: c:\documents and settings\Pw\Desktop\cfscript.txt"n that log.


    However, I have done it again as requested.

    Same error occurs though, after the screen says completed stage 50

    "pev.3xe encountered an error and needs to close"

    I pressed "Don't send" , shut it down and combofix again completed and produced this log.,

    ComboFix 12-01-31.01 - Pw 01/02/2012 13:28:40.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2020.979 [GMT 10:00]
    Running from: c:\documents and settings\Pw\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Pw\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    FILE ::
    "c:\windows\WindowsUpdate.log"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-30 14:14 . 2012-01-31 15:00 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-01-30 07:50 . 2012-01-30 07:50 -------- d-----w- c:\documents and settings\Pw\Application Data \Dynamic
    2012-01-30 07:50 . 2012-01-30 08:48 -------- d-----w- c:\documents and settings\Pw\Application Data \SiteClasses
    2012-01-30 07:50 . 2012-01-30 08:48 -------- d-----w- c:\documents and settings\Pw\Application Data \Sites
    2012-01-29 10:47 . 2012-01-29 10:47 -------- d-----w- c:\documents and settings\Pw\Application Data \Malwarebytes
    2012-01-29 01:54 . 2012-01-29 01:54 -------- d-----w- c:\documents and settings\Pw\Application Data \eBay
    2012-01-29 01:54 . 2012-01-29 01:54 -------- d-----w- c:\documents and settings\Pw\Application Data \InstallShield
    2012-01-28 19:38 . 2012-01-28 19:38 -------- d-----w- c:\documents and settings\Pw\Local Settings\Application Data\ActiveState
    2012-01-28 07:31 . 2012-01-28 07:32 -------- d-----w- c:\program files\ActiveState Komodo Edit 6
    2012-01-28 07:05 . 2012-01-28 07:10 -------- d-----w- c:\documents and settings\Pw\Application Data \Apple Computer
    2012-01-28 07:01 . 2012-01-28 07:01 -------- d-----w- c:\documents and settings\Pw\Application Data \com.adobe.downloadassistant.AdobeDownloadAssistan t
    2012-01-28 07:01 . 2012-01-28 07:01 -------- d-----w- c:\program files\Adobe Download Assistant
    2012-01-28 06:17 . 2012-01-28 06:17 -------- d-----w- c:\documents and settings\Pw\Application Data \Canon
    2012-01-28 04:30 . 2012-01-28 06:15 -------- d-----w- c:\documents and settings\Pw\Application Data \uTorrent
    2012-01-28 03:53 . 2012-01-30 07:53 -------- d-----w- c:\documents and settings\Pw\Application Data \RealWorksLive
    2012-01-28 03:52 . 2012-01-28 03:52 -------- d-----w- c:\documents and settings\Pw\Application Data \Creative
    2012-01-27 07:20 . 2012-01-27 07:27 -------- d-----w- c:\documents and settings\Pw\Local Settings\Application Data\Easy Blue Print
    2012-01-27 07:20 . 2012-01-27 07:20 -------- d-----w- c:\program files\Easy Blue Print
    2012-01-26 00:24 . 2012-01-26 00:24 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
    2012-01-26 00:21 . 2012-01-26 00:21 -------- d-----w- c:\program files\Common Files\xing shared
    2012-01-26 00:17 . 2012-01-26 00:17 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
    2012-01-26 00:15 . 2012-01-26 00:15 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
    2012-01-25 05:25 . 2012-01-25 05:25 -------- d-----w- C:\found.000
    2012-01-23 03:27 . 2012-01-23 03:27 -------- d-----w- c:\program files\Sweet Home 3D
    2012-01-22 23:00 . 2012-01-22 23:00 -------- d-----w- c:\program files\iPod
    2012-01-17 00:48 . 2012-01-17 00:48 -------- d-----w- c:\documents and settings\Pw\Local Settings\Application Data\Scansoft
    2012-01-16 22:28 . 2012-01-16 22:28 -------- d-----w- c:\windows\system32\Color
    2012-01-16 22:28 . 2012-01-16 22:28 -------- d-----w- c:\program files\NewSoft
    2012-01-16 22:27 . 2012-01-16 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
    2012-01-16 22:27 . 2012-01-16 22:27 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
    2012-01-16 22:26 . 2012-01-16 22:26 -------- d-----w- c:\program files\ScanSoft
    2012-01-16 12:31 . 2012-01-16 12:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2012-01-16 12:30 . 2012-01-16 12:30 -------- d--h--w- c:\program files\CanonBJ
    2012-01-15 23:59 . 2012-01-15 23:59 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2012-01-15 23:59 . 2012-01-15 23:59 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2012-01-15 23:59 . 2012-01-15 23:59 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2012-01-15 23:59 . 2012-01-15 23:59 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2012-01-09 13:51 . 2012-01-09 13:52 -------- d-----w- c:\program files\Creative
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2012-01-26 00:12 . 2005-04-01 11:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-01-26 00:12 . 2005-04-01 11:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-01-20 21:30 . 2011-10-25 12:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-07 13:00 . 2008-04-02 14:06 1885464 ----a-w- c:\windows\system32\AutoPartNt.exe
    2011-12-10 05:24 . 2008-08-26 13:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-28 18:01 . 2011-10-24 03:55 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 18:01 . 2011-10-24 03:55 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-28 17:53 . 2011-10-24 03:56 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:53 . 2011-10-24 03:56 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-28 17:52 . 2011-10-24 03:56 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-28 17:52 . 2011-10-24 03:56 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-28 17:52 . 2011-10-24 03:56 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-11-28 17:51 . 2011-10-24 03:56 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-11-28 17:51 . 2011-10-24 03:56 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-11-28 17:48 . 2011-10-24 03:56 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-11-23 13:25 . 2004-09-08 13:05 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2004-09-08 13:05 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-09-08 13:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-09-08 13:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-09-08 13:05 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-11 04:38 . 2011-04-11 04:38 731000 -c--a-w- c:\program files\autoruns.exe
    2011-04-11 04:38 . 2011-04-11 04:38 595320 -c--a-w- c:\program files\autorunsc.exe
    2004-01-29 08:11 . 2004-01-29 08:11 2211840 -c--a-w- c:\program files\SpaceSynthesizer.dll
    2003-05-05 12:10 . 2005-10-22 09:05 1113600 -c--a-w- c:\program files\brewlog.exe
    2009-08-08 15:11 . 2009-08-08 15:11 10437264 -c--a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
    2009-08-08 15:30 . 2009-08-08 15:30 107760 -c--a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
    2003-01-13 01:20 . 2008-12-06 08:21 278528 -c--a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
    1999-04-30 06:00 . 2008-12-06 08:21 98304 -c--a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
    2012-01-15 23:59 . 2011-10-07 23:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-31_22.22.33 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-01 00:22 . 2012-02-01 00:22 294804 c:\windows\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat
    + 2011-10-21 07:13 . 2012-02-01 03:55 7766016 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2011-10-21 07:13 . 2012-01-31 22:24 7766016 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-12-03 2260480]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 412432]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
    "IMC"="c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe" [2008-01-14 4053102]
    "IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2011-06-24 185800]
    "WinColorReminder"="c:\program files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe" [2005-10-31 101120]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "VTTrayp"="VTtrayp.exe" [2004-01-30 135168]
    "VTTimer"="VTTimer.exe" [2004-01-15 49152]
    "Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "RTHDCPL"="RTHDCPL.EXE" [2010-09-07 19573352]
    "Persistence"="c:\windows\system32\igfxpers.ex e" [2010-01-28 142360]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
    "mdac_runonce"="c:\windows\SYSTEM32\RUNONCE.EX E" [2008-04-14 14336]
    "LoadQM"="loadqm.exe" [2000-05-03 7536]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE " [2001-08-23 44032]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-28 141336]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-28 173592]
    "Fellowes Proxy"="c:\windows\system32\r3proxy.exe" [2004-03-25 86016]
    "eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-03-19 632048]
    "CoolSwitch"="c:\windows\system32\taskswitch.e xe" [2002-03-19 45632]
    "CAP3ON"="c:\windows\system32\spool\drivers\w32x86 \3\CAP3ONN.EXE" [2007-01-19 28288]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\w3 2x86\3\WrtMon.exe" [2006-09-19 20480]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.e xe" [2004-08-04 44544]
    .
    c:\documents and settings\Pw\Start Menu\Programs\Startup\
    IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2011-5-28 304584]
    Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE [2002-7-19 38976]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "<NO NAME>"= 00000000
    .
    [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
    "<NO NAME>"= 00000000
    .
    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-01 113024]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *sprestrt
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Pw^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Pw^Start Menu^Programs^Startup^Seagate Product Registration.lnk]
    path=c:\documents and settings\Pw\Start Menu\Programs\Startup\Seagate Product Registration.lnk
    backup=c:\windows\pss\Seagate Product Registration.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    2008-06-27 07:03 136472 -c--a-w- c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2007-09-13 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2007-10-25 16:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxTrApp]
    2003-07-18 14:32 247296 -c--a-w- c:\windows\NETCOMM\CNXTRAPP.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
    2011-06-16 00:01 9245096 -c--a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
    2011-06-16 00:01 9245096 -c--a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
    2011-04-25 10:27 733576 -c--a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
    2011-04-22 08:26 69000 -c--a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePrint 3.0 Service]
    2003-03-24 04:26 58368 -c--a-w- c:\progra~1\LEADTE~1\LEADTOOLS ePrint 3.0\Bin\ePrint3.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
    2011-12-28 03:40 6148096 ----a-w- c:\progra~1\FREEDO~1\fdm.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
    2007-05-20 23:37 124512 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
    2009-05-01 04:35 185640 -c--a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Maxtor Scheduler2 Service]
    2008-06-27 07:03 136472 -c--a-w- c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBM 5]
    2004-06-11 23:40 594944 ----a-w- c:\program files\Motherboard Monitor 5\MBM5.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-06-01 00:17 5252408 -c--a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2007-06-13 00:39 73728 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-10-24 23:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-09-13 10:44 2424560 -c--a-w- c:\program files\SUPERAntiSpyware\9f50d2b9-4922-4117-9ce9-179a24f292a8.com
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-01-26 00:13 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "BlueSoleil Hid Service"=2 (0x2)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
    "LeechGet"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Visicom Media\\AceFTP 3 freeware\\aceftp3free.exe"=
    "c:\\Program Files\\Free Download Manager\\fdm.exe"=
    "c:\\WINDOWS\\System32\\mmc.exe"=
    "c:\\Games\\Descent3Demo\\main.exe"=
    "c:\\Q3Ademo\\quake3.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\SYSTEM32\\rtcshare.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\SYSTEM32\\java.exe"=
    "c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Cabos\\Cabos.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe" =
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP5\\RpcAgentSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP5\\WNt500x86\\RpcSandraSrv.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\SYSTEM32\DRIVERS\eubaku p.sys [4/06/2011 1:43 PM 30600]
    R0 EUBKMON;EUBKMON;c:\windows\SYSTEM32\DRIVERS\EUBKMO N.sys [4/06/2011 1:43 PM 35720]
    R0 EUFS;EUFS;c:\windows\SYSTEM32\DRIVERS\eufs.sys [4/06/2011 1:43 PM 20744]
    R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboo t.sys [6/08/2010 11:10 PM 28552]
    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\SYSTEM32\DRIVERS\sfdrv01a.sys [5/07/2006 10:46 PM 63352]
    R0 sonyhcb;Sony Digital Imaging Base;c:\windows\SYSTEM32\DRIVERS\sonyhcb.sys [22/07/2006 4:17 PM 6097]
    R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [27/10/2011 5:41 PM 691696]
    R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.s ys [24/10/2011 1:56 PM 435032]
    R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [24/10/2011 1:56 PM 314456]
    R1 EUDSKACS;EUDSKACS;c:\windows\SYSTEM32\DRIVERS\euds kacs.sys [4/06/2011 1:43 PM 14216]
    R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [20/02/2009 1:23 AM 21624]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [18/02/2010 4:25 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 4:41 AM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [30/06/2010 3:48 AM 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswF sBlk.sys [24/10/2011 1:56 PM 20568]
    R2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files\Seagate\DriveSettings\Sync\SeagateDriveSetti ngsService.exe [10/02/2011 11:00 AM 91432]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService .exe [1/05/2009 2:35 PM 181544]
    R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [28/05/2011 11:47 AM 157128]
    R2 MSSQL$RETSDATA;MSSQL$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA [?]
    R2 MSSQL$RWLIVE;SQL Server (RWLIVE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/12/2010 6:29 PM 29293408]
    R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [23/09/2011 6:37 PM 641832]
    R3 EUDISK;EASEUS Disk Enumerator;c:\windows\SYSTEM32\DRIVERS\eudisk.sys [4/06/2011 1:43 PM 187528]
    R3 FeMouWDM;Fellowes Mouse Driver;c:\windows\SYSTEM32\DRIVERS\FeMouWDM.sys [10/07/2011 11:37 PM 11393]
    R3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [8/07/2010 12:05 AM 14904]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
    S2 EASEUS Agent;EASEUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [4/06/2011 1:40 PM 56200]
    S2 gupdate1c98da1135dd59c;Google Update Service (gupdate1c98da1135dd59c);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 4:05 PM 133104]
    S3 Ambfilt;Ambfilt;c:\windows\SYSTEM32\DRIVERS\Ambfil t.sys [21/10/2011 12:45 AM 1691480]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 11:58 AM 11336]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\DNINDIS5.sys [28/01/2011 7:27 PM 17149]
    S3 epmntdrv;epmntdrv;c:\windows\SYSTEM32\epmntdrv.sys [28/07/2010 11:05 AM 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\SYSTEM32\EuGdiDrv.sys [28/07/2010 11:05 AM 8456]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\SYSTEM32\DRIVERS\ewusbnet.sys [23/03/2011 2:53 PM 112640]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 4:05 PM 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 max128k;max128k;c:\windows\SYSTEM32\DRIVERS\max128 k.sys [3/07/2004 7:17 PM 3840]
    S3 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27/06/2008 5:03 PM 431384]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DR IVERS\mbamswissarmy.sys [31/01/2012 12:14 AM 40776]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\SYSTEM32\DRIVERS\netaapl.sys [29/01/2011 4:02 PM 18432]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [23/10/2011 8:24 AM 93848]
    S3 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27/06/2008 5:03 PM 431384]
    S3 sonyhcs;Sony Digital Imaging Video;c:\windows\SYSTEM32\DRIVERS\sonyhcs.sys [22/07/2006 4:17 PM 299923]
    S3 SQLAgent$RETSDATA;SQLAgent$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\SYSTEM32\DRIVERS\WPN111.sys [28/01/2011 7:27 PM 384608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    2003-05-01 23:08 7168 -c--a-w- c:\windows\SYSTEM32\updcrl.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
    .
    2012-01-29 c:\windows\Tasks\Auslogics Disk Defrag Disk Defrag Console Defragmentation.job
    - c:\program files\Auslogics\Auslogics Disk Defrag\cdefrag.exe [2011-02-07 00:30]
    .
    2011-12-03 c:\windows\Tasks\Auslogics Disk Defrag Disk Defrag Start On Windows Logon.job
    - c:\program files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe [2011-02-07 00:30]
    .
    2012-01-31 c:\windows\Tasks\CCleaner.job
    - c:\progra~1\CCleaner\CCleaner.exe [2011-01-24 15:25]
    .
    2012-01-25 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2011-07-05 06:09]
    .
    2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 06:05]
    .
    2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 06:05]
    .
    2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1214440339-839522115-1003Core.job
    - c:\documents and settings\Pw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-07 04:50]
    .
    2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1214440339-839522115-1003UA.job
    - c:\documents and settings\Pw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-07 04:50]
    .
    2012-01-31 c:\windows\Tasks\Maintenance-Disk cleanup.job
    - c:\windows\SYSTEM32\cleanmgr.exe [2004-09-08 00:12]
    .
    2012-01-31 c:\windows\Tasks\Malwarebytes' Anti-Malware scan.job
    - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-08-26 07:50]
    .
    2012-01-31 c:\windows\Tasks\Malwarebytes' Anti-Malware update.job
    - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-08-26 07:50]
    .
    2012-01-28 c:\windows\Tasks\Maxtor*MaxBlast.job
    - c:\progra~1\Maxtor\MaxBlast\MaxBlast.exe [2008-06-27 07:45]
    .
    2012-01-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1214440339-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 06:02]
    .
    2012-01-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1214440339-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 06:02]
    .
    2012-01-30 c:\windows\Tasks\REALWORKS Live.job
    - c:\program files\RealWorksLive\RWLink.exe [2010-03-16 06:54]
    .
    2012-02-01 c:\windows\Tasks\User_Feed_Synchronization-{76F70D15-FDCF-4219-BADA-73DD83C657B9}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 18:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: &Yahoo! Search
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?80cab6f4468f4fd5b062c28282d447ed
    IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?80cab6f4468f4fd5b062c28282d447ed
    IE: Yahoo! &Dictionary
    IE: Yahoo! &Maps
    IE: Yahoo! &SMS
    Trusted Zone: secunia.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: DirectAnimation Java Classes
    DPF: Internet Explorer Classes for Java
    DPF: Microsoft XML Parser for Java
    DPF: {00000045-9980-0010-8000-00AA00389B71}
    DPF: {00000161-0000-0010-8000-00AA00389B71}
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
    DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE}
    DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B}
    FF - ProfilePath -
    .
    .
    ************************************************** ************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2012-02-01 13:58
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    ************************************************** ************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentV ersion\Shell Extensions\Approved\{64EC29B4-1159-FAA0-C48C-8BA29C2BC31D}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iahiobpkekpjlinoci"=hex:6b,61,69,70,64,70,70,6b,6 a,70,6c,6c,66,66,67,63,68,68,
    66,6e,66,70,00,00
    "hanjepphepclmfbe"=hex:6b,61,69,70,64,70,70,6b,6a, 70,6c,6c,66,66,67,63,68,68,
    66,6e,66,70,00,00
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
    "Licence0"="REMOVED"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
    @DACL=(02 0000)
    @="Wireless"
    "DllName"=expand:"gptext.dll"
    "NoGPOListChanges"=dword:00000001
    "NoUserPolicy"=dword:00000001
    "ProcessGroupPolicy"="ProcessWIRELESSPolicy"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
    @DACL=(02 0000)
    @="Folder Redirection"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
    "DllName"=expand:"fdeploy.dll"
    "NoMachinePolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "PerUserLocalSettings"=dword:00000001
    "NoGPOListChanges"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "EventSources"=multi:"(Folder Redirection,Application)\00\00"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
    @DACL=(02 0000)
    @="Microsoft Disk Quota"
    "NoMachinePolicy"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "NoBackgroundPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "RequiresSuccessfulRegistry"=dword:00000001
    "EnableAsynchronousProcessing"=dword:00000000
    "DllName"=expand:"dskquota.dll"
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
    @DACL=(02 0000)
    @="QoS Packet Scheduler"
    "ProcessGroupPolicy"="ProcessPSCHEDPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
    @DACL=(02 0000)
    @="Scripts"
    "ProcessGroupPolicy"="ProcessScriptsGroupPolic y"
    "ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyE x"
    "GenerateGroupPolicy"="GenerateScriptsGroupPol icy"
    "DllName"=expand:"gptext.dll"
    "NoSlowLink"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "NotifyLinkTransition"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
    @DACL=(02 0000)
    @="Internet Explorer Zonemapping"
    "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
    "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap "
    "NoGPOListChanges"=dword:00000001
    "RequiresSucessfulRegistry"=dword:00000001
    "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3051"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
    @DACL=(02 0000)
    @="Windows Search Group Policy Extension"
    "DllName"=expand:"%SystemRoot%\\System32\\srchadmi n.dll"
    "EnableAsynchronousProcessing"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000001
    "NoMachinePolicy"=dword:00000000
    "NoSlowLink"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
    @DACL=(02 0000)
    @="Internet Explorer User Accelerators"
    "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3051"
    "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
    "NoGPOListChanges"=dword:00000001
    "ProcessGroupPolicy"="ProcessGroupPolicyForActivit ies"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyForActiv itiesEx"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
    @DACL=(02 0000)
    "ProcessGroupPolicy"="SceProcessSecurityPolicy GPO"
    "GenerateGroupPolicy"="SceGenerateGroupPolicy"
    "ExtensionRsopPlanningDebugLevel"=dword:000000 01
    "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGP OEx"
    "ExtensionDebugLevel"=dword:00000001
    "DllName"=expand:"scecli.dll"
    @="Security"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "EnableAsynchronousProcessing"=dword:00000001
    "MaxNoGPOListChangesInterval"=dword:000003c0
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
    @DACL=(02 0000)
    "ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
    @="Internet Explorer Branding"
    "NoSlowLink"=dword:00000001
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000001
    "NoMachinePolicy"=dword:00000001
    "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3014"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
    @DACL=(02 0000)
    "ProcessGroupPolicy"="SceProcessEFSRecoveryGPO "
    "DllName"=expand:"scecli.dll"
    @="EFS recovery"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
    @DACL=(02 0000)
    @="802.3 Group Policy"
    "DisplayName"=expand:"@dot3gpclnt.dll,-100"
    "ProcessGroupPolicyEx"="ProcessLANPolicyEx"
    "GenerateGroupPolicy"="GenerateLANPolicy"
    "DllName"=expand:"dot3gpclnt.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
    @DACL=(02 0000)
    @="Microsoft Offline Files"
    "DllName"=expand:"%SystemRoot%\\System32\\cscui.dl l"
    "EnableAsynchronousProcessing"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000000
    "NoMachinePolicy"=dword:00000000
    "NoSlowLink"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
    @DACL=(02 0000)
    @="Software Installation"
    "DllName"=expand:"appmgmts.dll"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsE x"
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "NoBackgroundPolicy"=dword:00000000
    "RequiresSucessfulRegistry"=dword:00000000
    "NoSlowLink"=dword:00000001
    "PerUserLocalSettings"=dword:00000001
    "EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Applicatio n)\00\00"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
    @DACL=(02 0000)
    @="Internet Explorer Machine Accelerators"
    "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dl l.mui,-3051"
    "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll "
    "NoGPOListChanges"=dword:00000001
    "ProcessGroupPolicy"="ProcessGroupPolicyForActivit ies"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyForActiv itiesEx"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
    @DACL=(02 0000)
    @="IP Security"
    "ProcessGroupPolicy"="ProcessIPSECPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    @DACL=(02 0000)
    "DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
    "Logon"="SABWINLOLogon"
    "Logoff"="SABWINLOLogoff"
    "Startup"="SABWINLOStartup"
    "Shutdown"="SABWINLOShutdown"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=expand:"crypt32.dll"
    "Logoff"="ChainWlxLogoffEvent"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=expand:"cryptnet.dll"
    "Logoff"="CryptnetWlxLogoffEvent"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    @DACL=(02 0000)
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000001
    "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy .dll"
    "Startup"="WlDimsStartup"
    "Shutdown"="WlDimsShutdown"
    "Logon"="WlDimsLogon"
    "Logoff"="WlDimsLogoff"
    "StartShell"="WlDimsStartShell"
    "Lock"="WlDimsLock"
    "Unlock"="WlDimsUnlock"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    @DACL=(02 0000)
    @=""
    "DLLName"="igfxdev.dll"
    "Asynchronous"=dword:00000001
    "Impersonate"=dword:00000001
    "Unlock"="WinlogonUnlockEvent"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    @DACL=(02 0000)
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "DllName"=expand:"wlnotify.dll"
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    @DACL=(02 0000)
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=expand:"sclgntfy.dll"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    @DACL=(02 0000)
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "DllName"=expand:"wlnotify.dll"
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    @DACL=(02 0000)
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEven t"
    "Logoff"="UnregisterTicketExpiredNotificationEvent "
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t]
    @DACL=(02 0000)
    "HelpAssistant"=dword:00000000
    "TsInternetUser"=dword:00000000
    "SQLAgentCmdExec"=dword:00000000
    "NetShowServices"=dword:00000000
    "IWAM_"=dword:00010000
    "IUSR_"=dword:00010000
    "VUSR_"=dword:00010000
    "ASPNET"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(5012)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-02-01 14:13:10
    ComboFix-quarantined-files.txt 2012-02-01 04:13
    ComboFix2.txt 2012-02-01 02:53
    ComboFix3.txt 2012-01-31 23:41
    .
    Pre-Run: 63,367,080,960 bytes free
    Post-Run: 63,347,753,984 bytes free
    .
    - - End Of File - - B1D977EA8A6BB0E3506C06BED5894F80
+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
« windows XP re-booting | XP PC with problems »