Jump to content

Help with HJT logs


Recommended Posts

When my computer starts it says it can't find 2 programs on autocheck. They are ? and ?? The HJT logs are enclosed

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by Lawrence at 2008-12-10 16:42:36

Microsoft Windows XP Professional Service Pack 3, v.3264

System drive C: has 43 GB (73%) free of 59 GB

Total RAM: 3327 MB (78% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:42:42 PM, on 12/10/2008

Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\E_S00RP1.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

D:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\WINDOWS\SYSTEM32\HPZipm12.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\Program Files\MSI\Core Center\CoreCenter.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

D:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\avciman.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\psimreal.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Lawrence\Desktop\RSIT.exe

D:\Program Files\Trend Micro\HijackThis\Lawrence.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tw.msi.com.tw/autobios/VerChk/LSeri...nction=LMonitor

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [\\E-MACHINE\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P42 "\\E-MACHINE\EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"

O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on E-MACHINE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P48 "Auto EPSON Stylus Photo R300 Series on E-MACHINE" /O17 "\\E-MACHINE\EPSON" /M "Stylus Photo R300"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trojan Remover\Trjscan.exe /boot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"

O4 - HKCU\..\Run: [\\E-MACHINE\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P42 "\\E-MACHINE\EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"

O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - Startup: MiniMinder.lnk = D:\Program Files\MiniMind\MiniMind.exe

O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe

O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe

O4 - Global Startup: Event Reminder.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://asia.msi.com.tw

O15 - Trusted Zone: http://global.msi.com.tw

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www1.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///H:/components/hidinputmonitorx.ocx

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///H:/components/A9.ocx

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab

O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///H:/components/wmvhdrating.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE

O23 - Service: Google Updater Service (gusvc) - GARMIN Corp. - (no file)

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: nTuneService - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: PD91VMDefrag - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91VMDefrag.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

 

--

End of file - 14349 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{18462171-1948-4402-92DF-1E9831C50EE3}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-03-10 879856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-09 308832]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]

D:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-11-11 5759816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-22 652784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]

EpsonToolBandKicker Class - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-11-11 5759816]

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-03-10 879856]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]

"\\E-MACHINE\EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [2003-06-04 99840]

"EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [2003-06-04 99840]

"Auto EPSON Stylus Photo R300 Series on E-MACHINE"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [2003-06-04 99840]

"APVXDWIN"=C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE [2007-11-23 406832]

"SCANINICIO"=C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe [2007-07-11 27952]

"TrojanScanner"=D:\Program Files\Trojan Remover\Trojan Remover\Trjscan.exe [2008-11-29 1231752]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2007-12-01 15360]

"EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [2003-06-04 99840]

"\\E-MACHINE\EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [2003-06-04 99840]

"RoboForm"=D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-11-11 160592]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe

Event Reminder.lnk - D:\Program Files\Broderbund\PrintMaster\pmremind.exe

 

C:\Documents and Settings\Lawrence\Start Menu\Programs\Startup

MiniMinder.lnk - D:\Program Files\MiniMind\MiniMind.exe

Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\SYSTEM32\Ati2evxx.dll [2008-10-28 143360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]

C:\WINDOWS\SYSTEM32\avldr.dll [2007-02-15 50736]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\SYSTEM32\WgaLogon.dll [2007-04-10 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableLockWorkstation"=1

"DisableTaskMgr"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"HideShutdownScripts"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoSimpleStartMenu"=1

"NoWelcomeScreen"=1

"MaxRecentDocs"=99

"NoDriveTypeAutoRun"=145

"NoLowDiskSpaceCheck"=1

"NoRecentDocsNetHood"=1

"NoStartMenuMyMusic"=1

"NoSMMyPictures"=1

"DisallowRun"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoWelcomeScreen"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Laplink\PCmover\PCmover.exe"="C:\Program Files\Laplink\PCmover\PCmover.exe:*:Enabled:PCmover"

"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"

"D:\Program Files\internet explorer\iexplore.exe"="D:\Program Files\internet explorer\iexplore.exe:*:Enabled:Internet Explorer"

"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"

"D:\Program Files\Diskeeper Corporation\Disk Performance Analyzer for Networks\DPAN.exe"="D:\Program Files\Diskeeper Corporation\Disk Performance Analyzer for Networks\DPAN.exe:*:Enabled:Disk Performance Analyzer for Networks"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"C:\Program Files\Diskeeper Corporation\Disk Performance Analyzer for Networks\DPAN.exe"="C:\Program Files\Diskeeper Corporation\Disk Performance Analyzer for Networks\DPAN.exe:*:Enabled:Disk Performance Analyzer for Networks"

"D:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="D:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"

"D:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="D:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"

"D:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe"="D:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"

"D:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe"="D:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"

"C:\Program Files\Diskeeper Corporation\Disk Performance Analyzer for Networks\DPANUI.exe"="C:\Program Files\Diskeeper Corporation\Disk Performance Analyzer for Networks\DPANUI.exe:*:Enabled:Disk Performance Analyzer for Networks"

"C:\Program Files\Diskeeper Corporation\Disk Performance Analyzer for Networks\DPANSvc.exe"="C:\Program Files\Diskeeper Corporation\Disk Performance Analyzer for Networks\DPANSvc.exe:*:Enabled:Disk Performance Analyzer for Networks Service"

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

======List of files/folders created in the last 1 months======

 

2100-02-08 16:03:54 ----A---- C:\Program Files\ACMonitor_X73.exe

2100-02-08 15:53:34 ----A---- C:\Program Files\gtx73.ini

2008-12-10 16:41:42 ----D---- C:\rsit

2008-12-10 10:05:50 ----D---- C:\Documents and Settings\Lawrence\Application Data\FormTool 7

2008-12-10 10:05:50 ----A---- C:\WINDOWS\FormTool.INI

2008-12-10 10:04:26 ----D---- C:\Program Files\FormTool 7 Professional Setup

2008-12-04 11:00:22 ----A---- C:\WINDOWS\system32\ztvunrar36.dll

2008-12-04 11:00:22 ----A---- C:\WINDOWS\system32\ztvunace26.dll

2008-12-04 11:00:22 ----A---- C:\WINDOWS\system32\ztvcabinet.dll

2008-12-04 11:00:22 ----A---- C:\WINDOWS\system32\UNRAR3.dll

2008-12-04 11:00:22 ----A---- C:\WINDOWS\system32\unacev2.dll

2008-12-04 11:00:21 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software

2008-12-04 10:55:26 ----D---- C:\Documents and Settings\Lawrence\Application Data\Simply Super Software

2008-12-04 10:26:48 ----A---- C:\WINDOWS\system32\TRJ_NTAUTO.TMP

2008-12-04 09:13:25 ----A---- C:\WINDOWS\system32\javaws.exe

2008-12-04 09:13:25 ----A---- C:\WINDOWS\system32\javaw.exe

2008-12-04 09:13:25 ----A---- C:\WINDOWS\system32\java.exe

2008-12-04 09:00:47 ----D---- C:\Program Files\Common Files\Adobe AIR

2008-12-04 08:47:38 ----D---- C:\Program Files\Secunia

2008-12-03 06:38:21 ----D---- C:\Documents and Settings\Lawrence\Application Data\TweakNow WinSecret

2008-12-02 10:48:16 ----SHD---- C:\Diskeeper

2008-12-02 10:41:51 ----D---- C:\Program Files\Common Files\Diskeeper Corporation

2008-11-26 19:22:35 ----D---- C:\Documents and Settings\All Users\Application Data\ATI

2008-11-21 15:55:57 ----A---- C:\WINDOWS\system32\HHActiveX.dll

2008-11-21 15:55:56 ----A---- C:\WINDOWS\system32\TpUtil.dll

2008-11-21 15:55:56 ----A---- C:\WINDOWS\system32\SYSTOOLS.DLL

2008-11-21 15:55:56 ----A---- C:\WINDOWS\system32\PavSHook.dll

2008-11-21 15:55:56 ----A---- C:\WINDOWS\system32\pavipc.dll

2008-11-21 15:55:55 ----D---- C:\WINDOWS\system32\PAV

2008-11-21 15:55:55 ----A---- C:\WINDOWS\system32\avldr.dll

2008-11-21 15:25:04 ----D---- C:\Program Files\Common Files\Panda Software

2008-11-19 12:28:00 ----D---- C:\WINDOWS\LastGood(2)

2008-11-19 10:34:20 ----A---- C:\WINDOWS\system32\nvunrm.exe

2008-11-19 09:39:13 ----D---- C:\Program Files\Acoustica CD Label Maker

2008-11-18 14:02:29 ----A---- C:\WINDOWS\ALCFDRTM.EXE

2008-11-18 14:02:28 ----D---- C:\WINDOWS\system32\Lang

2008-11-18 12:15:35 ----D---- C:\Program Files\Realtek AC97

2008-11-18 10:40:09 ----A---- C:\WINDOWS\system32\deploytk.dll

2008-11-13 09:01:59 ----D---- C:\Program Files\WebEx

2008-11-13 09:01:53 ----D---- C:\Documents and Settings\All Users\Application Data\Linksys

2008-11-13 09:00:37 ----D---- C:\Program Files\Linksys

 

======List of files/folders modified in the last 1 months======

 

2008-12-10 16:42:34 ----D---- C:\WINDOWS\Prefetch

2008-12-10 16:42:23 ----D---- C:\WINDOWS\system32\drivers

2008-12-10 16:41:54 ----D---- C:\WINDOWS\Temp

2008-12-10 16:37:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-10 16:00:00 ----D---- C:\Documents and Settings\Lawrence\Application Data\MailWasherPro

2008-12-10 15:49:14 ----SD---- C:\WINDOWS\Tasks

2008-12-10 15:47:23 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-10 15:46:13 ----D---- C:\WINDOWS\system32

2008-12-10 15:28:23 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop

2008-12-10 15:13:33 ----D---- C:\WINDOWS

2008-12-10 15:10:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-10 15:09:22 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2008-12-10 15:07:35 ----SHD---- C:\WINDOWS\Installer

2008-12-10 15:07:33 ----D---- C:\Config.Msi

2008-12-10 10:05:15 ----D---- C:\WINDOWS\WinSxS

2008-12-10 10:04:26 ----RD---- C:\Program Files

2008-12-10 08:59:59 ----D---- C:\My Games

2008-12-10 08:59:56 ----D---- C:\Program Files\RealArcade

2008-12-04 13:37:06 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-04 11:19:43 ----D---- C:\WINDOWS\system32\Restore

2008-12-04 10:55:39 ----D---- C:\WINDOWS\security

2008-12-04 10:36:23 ----D---- C:\WINDOWS\system32\Macromed

2008-12-04 09:38:16 ----D---- C:\Program Files\Common Files\Microsoft Shared

2008-12-04 09:25:33 ----D---- C:\Program Files\Java

2008-12-04 09:25:18 ----AD---- C:\driverback

2008-12-04 09:00:51 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2008-12-04 09:00:47 ----D---- C:\Program Files\Common Files

2008-12-03 10:36:28 ----D---- C:\WINDOWS\system32\LogFiles

2008-12-03 10:36:28 ----D---- C:\WINDOWS\Minidump

2008-12-03 10:36:28 ----D---- C:\WINDOWS\Debug

2008-12-03 10:29:05 ----AH---- C:\boot.ini

2008-12-03 10:29:05 ----A---- C:\WINDOWS\win.ini

2008-12-03 10:29:05 ----A---- C:\WINDOWS\SYSTEM.INI

2008-12-03 10:21:10 ----HD---- C:\WINDOWS\inf

2008-12-03 08:23:19 ----D---- C:\Program Files\SUPERAntiSpyware

2008-12-02 10:41:52 ----D---- C:\WINDOWS\Help

2008-11-27 09:38:09 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-11-26 20:32:08 ----D---- C:\Program Files\ATI

2008-11-26 19:20:29 ----RSD---- C:\WINDOWS\assembly

2008-11-26 19:20:17 ----D---- C:\Program Files\ATI Technologies

2008-11-26 18:36:14 ----D---- C:\WINDOWS\system32\CatRoot

2008-11-26 18:36:06 ----D---- C:\WINDOWS\ie7updates

2008-11-26 18:35:50 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-21 15:55:55 ----HD---- C:\Program Files\InstallShield Installation Information

2008-11-21 15:36:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-11-21 15:27:27 ----D---- C:\Program Files\Panda Security

2008-11-21 11:56:44 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2008-11-19 12:44:02 ----D---- C:\WINDOWS\network diagnostic

2008-11-19 12:33:58 ----D---- C:\Documents and Settings\Lawrence\Application Data\VersionTracker Pro

2008-11-19 12:28:38 ----D---- C:\WINDOWS\system32\config

2008-11-19 12:28:29 ----D---- C:\WINDOWS\system32\wbem

2008-11-19 12:28:29 ----D---- C:\WINDOWS\Registration

2008-11-19 12:28:21 ----D---- C:\WINDOWS\system32\ReinstallBackups

2008-11-19 12:28:21 ----D---- C:\NVIDIA

2008-11-13 11:00:02 ----DC---- C:\WINDOWS\system32\DRVSTORE

2008-11-11 13:45:17 ----D---- C:\Program Files\Hewlett-Packard

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]

R1 APPFLT;App Filter Plugin; \??\C:\WINDOWS\system32\Drivers\APPFLT.SYS []

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]

R1 DSAFLT;DSA Filter Plugin; \??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS []

R1 FNETMON;NetMon Filter Plugin; \??\C:\WINDOWS\system32\Drivers\fnetmon.SYS []

R1 IDSFLT;Ids Filter Plugin; \??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS []

R1 NETFLTDI;Panda Net Driver [TDI Layer]; \??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS []

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\system32\Drivers\ShlDrv51.sys [2007-05-23 38968]

R1 SMSFLT;SMS Filter Plugin; \??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS []

R1 WNMFLT;Wifi Monitor Filter Plugin; \??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS []

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

R2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]

R2 cpoint;Panda CPoint Driver; C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 24760]

R2 PAVDRV;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2007-09-28 83896]

R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []

R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-04-13 62336]

R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-08-06 4122112]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-11-30 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-10-28 3341824]

R3 AvFlt;Antivirus Filter Driver; C:\WINDOWS\system32\drivers\av5flt.sys []

R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]

R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2004-09-21 11604]

R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-12-17 51729]

R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]

R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97; C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 143160]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-11-30 61824]

R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]

R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []

R3 PavSRK.sys;PavSRK.sys; \??\C:\WINDOWS\system32\PavSRK.sys []

R3 PavTPK.sys;PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys []

R3 PCAlertDriver;PCAlertDriver; \??\C:\Program Files\MSI\Core Center\NTGLM7X.sys []

R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]

R3 RushTopDevice;RushTopDevice; \??\C:\Program Files\MSI\Core Center\RushTop.sys []

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-11-30 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-11-30 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-11-30 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2007-11-30 17152]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2007-11-30 25856]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-11-30 26368]

R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148]

S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]

S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []

S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2004-11-08 24152]

S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []

S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []

S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2007-11-30 17024]

S3 FreshIO;FreshIO; \??\D:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-07-30 85969]

S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS []

S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]

S3 LLUSBFLT;LLUSBFLT; C:\WINDOWS\system32\drivers\llusbflt.sys [2005-08-03 4736]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2007-11-30 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2007-11-30 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2007-11-30 10880]

S3 NPF;Netgroup Packet Filter; \??\C:\WINDOWS\system32\drivers\packet.sys []

S3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-04-13 53376]

S3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-04-13 414464]

S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-09-06 47360]

S3 PLUsbbc2;High-Speed USB Bridge Cable Driver; C:\WINDOWS\System32\Drivers\usbbc2.sys [2005-08-03 8960]

S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2007-11-30 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2007-11-30 15232]

S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2007-11-30 15104]

S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2008-07-31 22768]

S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]

S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-06-27 207488]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2007-11-30 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [2007-11-30 5504]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 BlueSoleil Hid Service;BlueSoleil Hid Service; D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2004-11-05 106496]

R2 Diskeeper;Diskeeper; D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2008-11-22 1333016]

R2 EPSON_PM_RPCV2_01;EPSON V3 Service2(03); C:\WINDOWS\system32\E_S00RP1.EXE [2004-02-19 65536]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; D:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]

R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe [2007-07-12 169264]

R2 PAVFNSVR;Panda Function Service; C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe [2007-07-12 173360]

R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe [2007-06-14 63024]

R2 PAVSRV;Panda anti-virus service; C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe [2007-09-28 148272]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\HPZipm12.exe [2007-08-09 73728]

R2 pmshellsrv;Panda Antispam Engine; C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe [2007-01-15 67120]

R2 PSHost;Panda Host Service; c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE [2007-04-04 226864]

R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe [2007-05-24 108592]

R2 TPSrv;Panda TPSrv; C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe [2007-10-24 406832]

R2 UPHClean;User Profile Hive Cleanup; D:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]

S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]

S3 nTuneService;nTuneService; D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-01-22 118784]

S3 PD91VMDefrag;PD91VMDefrag; C:\Program Files\Raxco\PerfectDisk2008\PD91VMDefrag.exe [2008-02-29 226568]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-12-01 14336]

S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-28 585728]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

S4 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]

S4 WMPNetworkSvc;WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

 

-----------------EOF-----------------

 

 

info.txt logfile of random's system information tool 1.04 2008-12-10 16:42:16

 

======Uninstall list======

 

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Acoustica CD/DVD Label Maker-->D:\Program Files\Acoustica CD Label Maker\cdlabel.exe UNINSTALL

Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}

Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Photoshop 5.5-->C:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Adobe\Photoshop 5.5\Uninst.isu" -c"D:\Program Files\Adobe\Photoshop 5.5\Uninst.dll"

Adobe Photoshop v4.0-->C:\WINDOWS\uninst.exe -fD:\Adobe\Photoshop\DeIsL1.isu

Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}

Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

AI RoboForm (All Users)-->"D:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"

Any Video Converter 2.6.6-->"C:\Program Files\Any Video Converter\unins000.exe"

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Ashampoo Burning Studio 8.04-->"D:\Program Files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe"

Ashampoo WinOptimizer 4.51-->"D:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe"

Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9

ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6974

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}

AutoStreamer-->MsiExec.exe /X{4218F0E1-CBAF-4D68-B6FE-B3504770829F}

Avery DesignPro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\Setup.exe" -uninst

Avery Wizard 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{EB7A2041-6A16-4BAC-8079-43B985673C2C}

Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG

BlueSoleil-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9

Broderbund Media Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26346FB6-4F69-453D-95CE-B6BA3A5382F8}\setup.exe" -l0x9 AddRem

Calendar Creator 10-->MsiExec.exe /I{DF77CB62-E0CC-4FE8-AB67-9B35CC7BD5B8}

Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}

CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"

Comcast Assisted Support Controls-->MsiExec.exe /I{472BAE05-68E8-44A9-B496-8FB0C0F57ACF}

Core Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Co

Link to post
Share on other sites

Hi mehoop1506,

 

Please clarify what you mean by 'can't find 2 programs on autocheck' (the autocheck part is what throws me).

 

Please open HijackThis to the Misc Tools section.

In the StartupList section, place a check in both boxes then click Generate StartupList log.

Post the contents of that log here.

Link to post
Share on other sites

This is my Startup list that you wanted me to post.

 

StartupList report, 12/17/2008, 1:08:47 PM

StartupList version: 1.52.2

Started from : D:\Program Files\Trend Micro\HijackThis\HijackThis.EXE

Detected: Windows XP SP3, v.3264 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.5730.0013)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\E_S00RP1.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE

C:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\WINDOWS\SYSTEM32\HPZipm12.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\Program Files\MSI\Core Center\CoreCenter.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\WINDOWS\system32\svchost.exe

D:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe

c:\program files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Lawrence\Start Menu\Programs\Startup]

MiniMinder.lnk = D:\Program Files\MiniMind\MiniMind.exe

Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe

Event Reminder.lnk = ?

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide

Logitech Utility = Logi_MwX.Exe

\\E-MACHINE\EPSON Stylus Photo R300 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P42 "\\E-MACHINE\EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"

EPSON Stylus Photo R300 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

Auto EPSON Stylus Photo R300 Series on E-MACHINE = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P48 "Auto EPSON Stylus Photo R300 Series on E-MACHINE" /O17 "\\E-MACHINE\EPSON" /M "Stylus Photo R300"

APVXDWIN = "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

SCANINICIO = "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"

TrojanScanner = D:\Program Files\Trojan Remover\Trojan Remover\Trjscan.exe /boot

QuickTime Task = "D:\Program Files\QuickTime\qttask.exe" -atboottime

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

EPSON Stylus Photo R300 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"

\\E-MACHINE\EPSON Stylus Photo R300 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P42 "\\E-MACHINE\EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"

RoboForm = "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

[not active]

*No values found*

 

[OptionalComponents]

=

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

 

--------------------------------------------------

 

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

 

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *

StubPath = C:\WINDOWS\system32\ieudinit.exe

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

 

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

 

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: NO!)

.pif: HIDDEN! (arrow overlay: NO!)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

(no name) - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}

(no name) - D:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

RoboForm - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll - {724d43a9-0d85-11d4-9908-00400523e39a}

(no name) - C:\Program Files\Java\jre6\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

(no name) - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

(no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}

JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

(no name) - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

AppleSoftwareUpdate.job

Check Updates for Windows Live Toolbar.job

MP Scheduled Scan.job

trupd.job

User_Feed_Synchronization-{18462171-1948-4402-92DF-1E9831C50EE3}.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Microsoft XML Parser for Java]

CODEBASE = file:///C:/WINDOWS/Java/classes/xmldso.cab

 

[Microsoft Office Template and Media Control]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL

CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

 

[PCPitstop Utility]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll

CODEBASE = http://www1.pcpitstop.com/betapit/PCPitStop.CAB

 

[HidInputMonitorX Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\HIDINP~1.OCX

CODEBASE = file:///H:/components/hidinputmonitorx.ocx

 

[ActiveScan 2.0 Installer Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\as2stubie.dll

CODEBASE = http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

 

[A9Helper.A9]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\A9.ocx

CODEBASE = file:///H:/components/A9.ocx

 

[Windows Live Safety Center Base Module]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll

CODEBASE = http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab

 

[WMVHDRatingCtrl Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\wmvhdrating.ocx

CODEBASE = file:///H:/components/wmvhdrating.ocx

 

[Java Plug-in 1.6.0_11]

InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]

CODEBASE = http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab

 

[Java Plug-in 1.6.0_11]

InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[Java Plug-in 1.6.0_11]

InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_11.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx

CODEBASE = https://fpdownload.macromedia.com/get/shock...ash/swflash.cab

 

[{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}]

InProcServer32 = C:\Program Files\WebEx\ieatgpc.dll

 

[PCPitstop Exam]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll

CODEBASE = http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

NameSpace #4: C:\WINDOWS\System32\nwprovau.dll

Protocol #1: C:\Program Files\Panda Security\Panda Internet Security 2008\pavlsp.dll

Protocol #2: C:\Program Files\Panda Security\Panda Internet Security 2008\pavlsp.dll

Protocol #3: C:\Program Files\Panda Security\Panda Internet Security 2008\pavlsp.dll

Protocol #4: C:\WINDOWS\system32\mswsock.dll

Protocol #5: C:\WINDOWS\system32\mswsock.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\rsvpsp.dll

Protocol #8: C:\WINDOWS\system32\rsvpsp.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

Protocol #19: C:\WINDOWS\system32\mswsock.dll

Protocol #20: C:\WINDOWS\system32\mswsock.dll

Protocol #21: C:\WINDOWS\system32\mswsock.dll

Protocol #22: C:\WINDOWS\system32\mswsock.dll

Protocol #23: C:\WINDOWS\system32\mswsock.dll

Protocol #24: C:\WINDOWS\system32\mswsock.dll

Protocol #25: C:\WINDOWS\system32\mswsock.dll

Protocol #26: C:\WINDOWS\system32\mswsock.dll

Protocol #27: C:\WINDOWS\system32\mswsock.dll

Protocol #28: C:\WINDOWS\system32\mswsock.dll

Protocol #29: C:\WINDOWS\system32\mswsock.dll

Protocol #30: C:\Program Files\Panda Security\Panda Internet Security 2008\pavlsp.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)

Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

AMD Processor Driver: system32\DRIVERS\AmdK8.sys (system)

App Filter Plugin: \??\C:\WINDOWS\system32\Drivers\APPFLT.SYS (system)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)

RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)

Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)

Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (disabled)

ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)

ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)

ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)

Antivirus Filter Driver: \SystemRoot\system32\drivers\av5flt.sys (manual start)

Belarc SMBios Access: \SystemRoot\System32\Drivers\BANTExt.sys (system)

Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Bluetooth Audio Service: system32\DRIVERS\blueletaudio.sys (manual start)

BlueSoleil Hid Service: D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (autostart)

Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Bluetooth PAN Network Adapter: system32\DRIVERS\btnetdrv.sys (manual start)

Bluetooth Audio Device: system32\drivers\btaudio.sys (manual start)

Bluetooth USB For Bluetooth Service: System32\Drivers\btcusb.sys (manual start)

Bluetooth Virtual Communications Driver: system32\DRIVERS\btport.sys (manual start)

Bluetooth HID Enumerator: system32\DRIVERS\vbtenum.sys (manual start)

Bluetooth HID Manager Service: System32\Drivers\BTHidMgr.sys (system)

Bluetooth Bus Enumerator: system32\DRIVERS\btkrnl.sys (manual start)

Bluetooth LAN Access Server: system32\DRIVERS\btwdndis.sys (manual start)

Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)

CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)

Panda Anti-Dialer: \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys (manual start)

COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Panda CPoint Driver: system32\Drivers\cpoint.sys (autostart)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Disk Driver: system32\DRIVERS\disk.sys (system)

Diskeeper: "D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe" (autostart)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: system32\DRIVERS\dmio.sys (system)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

DSA Filter Plugin: \??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS (system)

Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)

EPSON V3 Service2(03): C:\WINDOWS\system32\E_S00RP1.EXE (autostart)

ERSvc: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)

Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

NetMon Filter Plugin: \??\C:\WINDOWS\system32\Drivers\fnetmon.SYS (system)

Windows Presentation Foundation Font Cache 3.0.0.0: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)

FreshIO: \??\D:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys (manual start)

Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)

gmer: System32\DRIVERS\gmer.sys (manual start)

GMSIPCI: \??\H:\INSTALL\GMSIPCI.SYS (manual start)

Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)

grmnusb: system32\drivers\grmnusb.sys (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

HP Port Resolver: C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE (manual start)

HP Status Server: C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (manual start)

IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)

Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)

USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)

InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)

Ids Filter Plugin: \??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS (system)

Windows CardSpace: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)

CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)

IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)

IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)

IPSEC driver: system32\DRIVERS\ipsec.sys (system)

IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)

Java Quick Starter: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" (autostart)

Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Logitech PS/2 Mouse Filter Driver: system32\DRIVERS\L8042pr2.Sys (manual start)

Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

LightScribeService Direct Disc Labeling Service: "D:\Program Files\Common Files\LightScribe\LSSrvc.exe" (autostart)

LLUSBFLT: system32\drivers\llusbflt.sys (manual start)

TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Logitech Mouse Class Filter Driver: system32\DRIVERS\LMouFlt2.Sys (manual start)

Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)

Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)

WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)

Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)

Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)

Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)

NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)

Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)

Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)

NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)

NetBIOS Interface: system32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Panda Net Driver [TDI Layer]: \??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS (system)

PANDA NDIS IM Filter Miniport v1.5.0.97: system32\DRIVERS\netimflt.sys (manual start)

Net Logon: %SystemRoot%\system32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Net.Tcp Port Sharing Service: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)

1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)

Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

NMIndexingService: "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe" (manual start)

Netgroup Packet Filter: \??\C:\WINDOWS\system32\drivers\packet.sys (manual start)

NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

nTuneService: D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService (manual start)

nvata: system32\DRIVERS\nvata.sys (system)

Service for NVIDIA® nForce Audio Enumerator: system32\drivers\nvax.sys (manual start)

NVIDIA nForce 10/100/1000 Mbps Ethernet : system32\DRIVERS\NVENETFD.sys (manual start)

nvgts: system32\DRIVERS\nvgts.sys (system)

NVIDIA Network Bus Enumerator: system32\DRIVERS\nvnetbus.sys (manual start)

Service for NVIDIA® nForce Audio: system32\drivers\nvapu.sys (manual start)

NVR0Dev: \??\C:\WINDOWS\nvoclock.sys (manual start)

IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)

VIA OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)

Panda Software Controller: "C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe" (autostart)

Parallel port driver: system32\DRIVERS\parport.sys (manual start)

pavboot: system32\drivers\pavboot.sys (system)

pavdrv: system32\DRIVERS\pavdrv51.sys (autostart)

Panda Function Service: "C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe" (autostart)

Panda Process Protection Driver: \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (autostart)

Panda Process Protection Service: "C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe" (autostart)

PavSRK.sys: \??\C:\WINDOWS\system32\PavSRK.sys (manual start)

Panda anti-virus service: "C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe" (autostart)

PavTPK.sys: \??\C:\WINDOWS\system32\PavTPK.sys (manual start)

PCAlertDriver: \??\C:\Program Files\MSI\Core Center\NTGLM7X.sys (manual start)

PCI Bus Driver: system32\DRIVERS\pci.sys (system)

PCIIde: system32\DRIVERS\pciide.sys (system)

VSO Software pcouffin: System32\Drivers\pcouffin.sys (manual start)

PD91VMDefrag: "C:\Program Files\Raxco\PerfectDisk2008\PD91VMDefrag.exe" (manual start)

PLFlash DeviceIoControl Service: C:\WINDOWS\system32\IoctlSvc.exe (disabled)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

High-Speed USB Bridge Cable Driver: System32\Drivers\usbbc2.sys (manual start)

Pml Driver HPZ12: C:\WINDOWS\SYSTEM32\HPZipm12.exe (autostart)

Panda Antispam Engine: C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe (autostart)

IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)

WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)

Processor Driver: system32\DRIVERS\processr.sys (system)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)

Panda Host Service: "c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE" (autostart)

PSI: system32\DRIVERS\psi_mf.sys (manual start)

Panda IManager Service: "C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe" (autostart)

Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)

PxHelp20: System32\Drivers\PxHelp20.sys (system)

Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)

Direct Parallel: system32\DRIVERS\raspti.sys (manual start)

Rdbss: system32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)

Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)

RushTopDevice: \??\C:\Program Files\MSI\Core Center\RushTop.sys (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)

SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)

SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: system32\DRIVERS\secdrv.sys (autostart)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)

Serial port driver: system32\DRIVERS\serial.sys (system)

Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Panda File Shield Driver: system32\Drivers\ShlDrv51.sys (system)

BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)

SMS Filter Plugin: \??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS (system)

Acronis Snapshots Manager: system32\DRIVERS\snapman.sys (system)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

System Restore Filter Driver: system32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: system32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)

BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)

Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{547F343F-1B64-4849-9C44-DD9369BA5134} (manual start)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)

Terminal Device Driver: system32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)

tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)

Panda TPSrv: "C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe" (autostart)

TrkWks: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

TVICHW32: \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS (manual start)

Microcode Update Driver: system32\DRIVERS\update.sys (manual start)

User Profile Hive Cleanup: D:\Program Files\UPHClean\uphclean.exe (autostart)

Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)

USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)

Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)

Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)

USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)

Motorola USB Modem Driver for MPT: system32\DRIVERS\usbsermpt.sys (manual start)

USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)

Virtual Serial port driver: system32\DRIVERS\VComm.sys (manual start)

Bluetooth VComm Manager Service: System32\Drivers\VcommMgr.sys (manual start)

VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)

Vinyl AC'97 Audio Controller (WDM): system32\drivers\vinyl97.sys (manual start)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)

Microsoft WDM Virtual Wave Driver (WDM): system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Windows Defender: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Windows Live Setup Service: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" (manual start)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)

WMPNetworkSvc: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (disabled)

Wifi Monitor Filter Plugin: \??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS (system)

Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)

Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)

Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: C:\Program Files\Panda Security\Panda Internet Security 2008\Downloads\PavExp\PavExp.sig

 

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*Registry key not found*

 

--------------------------------------------------

 

End of report, 45,367 bytes

Report generated in 0.172 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Link to post
Share on other sites

I'm not seeing anything in your logs that identifies the source of the error messages. Please describe them in more detail.

 

Download GMER

 

Right click and extract it to it's own folder on the desktop.

 

Open the program and click on the Rootkit tab.

Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.

Click on Scan.

When the scan has completed, click Copy and paste the results (if any) into this topic.

Link to post
Share on other sites

As you requested.

 

 

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-18 10:01:35

Windows 5.1.2600 Service Pack 3, v.3264

 

 

---- System - GMER 1.0.14 ----

 

SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Process Protection driver/Panda Software International) ZwTerminateProcess [0x9FDFEA70]

SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Process Protection driver/Panda Software International) ZwTerminateThread [0x9FDFDE40]

SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0x9FEC86D0]

SSDT \??\C:\WINDOWS\system32\PavSRK.sys ZwWriteVirtualMemory [0xB00824E8]

 

---- Kernel code sections - GMER 1.0.14 ----

 

? C:\WINDOWS\system32\PavTPK.sys The system cannot find the file specified. !

? C:\WINDOWS\system32\PavSRK.sys The system cannot find the file specified. !

? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

? system32\drivers\av5flt.sys The system cannot find the file specified. !

 

---- User code sections - GMER 1.0.14 ----

 

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!CloseServiceHandle 77DE6CC5 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!OpenServiceW 77DE6FDD 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!StartServiceA 77DEFB38 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!StartServiceW 77DF3E74 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!ControlService 77DF49DD 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!OpenServiceA 77DF4C36 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!LsaAddAccountRights 77E1ABC9 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!DeleteService 77E37489 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\Explorer.EXE[332] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA30F5A

.text C:\WINDOWS\Explorer.EXE[332] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F8E0F5A

.text C:\WINDOWS\Explorer.EXE[332] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F8B0F5A

.text C:\WINDOWS\Explorer.EXE[332] USER32.dll!GetKeyState 7E41C4F9 6 Bytes JMP 5F9A0F5A

.text C:\WINDOWS\Explorer.EXE[332] USER32.dll!GetAsyncKeyState 7E41CDAF 6 Bytes JMP 5F910F5A

.text C:\WINDOWS\Explorer.EXE[332] USER32.dll!BeginDeferWindowPos 7E41D435 6 Bytes JMP 5F880F5A

.text C:\WINDOWS\Explorer.EXE[332] USER32.dll!GetKeyboardState 7E41F4B6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] USER32.dll!GetKeyboardState + 4 7E41F4BA 2 Bytes [ 98, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] USER32.dll!CreateAcceleratorTableW 7E427B99 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] USER32.dll!CreateAcceleratorTableW + 4 7E427B9D 2 Bytes [ 9E, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] USER32.dll!SetWindowsHookExW 7E42DFFE 6 Bytes JMP 5FA00F5A

.text C:\WINDOWS\Explorer.EXE[332] USER32.dll!SetWindowsHookExA 7E431221 6 Bytes JMP 5F850F5A

.text C:\WINDOWS\Explorer.EXE[332] USER32.dll!AttachThreadInput 7E431E62 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[332] USER32.dll!AttachThreadInput + 4 7E431E66 2 Bytes [ 95, 5F ]

.text C:\WINDOWS\Explorer.EXE[332] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A

.text C:\WINDOWS\Explorer.EXE[332] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!CloseServiceHandle 77DE6CC5 6 Bytes JMP 5F100F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!OpenServiceW 77DE6FDD 6 Bytes JMP 5F220F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!StartServiceA 77DEFB38 6 Bytes JMP 5F250F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!StartServiceW 77DF3E74 6 Bytes JMP 5F280F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!ControlService 77DF49DD 6 Bytes JMP 5F130F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!OpenServiceA 77DF4C36 6 Bytes JMP 5F1F0F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!LsaAddAccountRights 77E1ABC9 6 Bytes JMP 5F2B0F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 6 Bytes JMP 5F040F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 6 Bytes JMP 5F070F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F160F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F190F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ADVAPI32.dll!DeleteService 77E37489 6 Bytes JMP 5F1C0F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA30F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F8E0F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F8B0F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] USER32.dll!GetKeyState 7E41C4F9 6 Bytes JMP 5F9A0F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] USER32.dll!GetAsyncKeyState 7E41CDAF 6 Bytes JMP 5F910F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] USER32.dll!BeginDeferWindowPos 7E41D435 6 Bytes JMP 5F880F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] USER32.dll!GetKeyboardState 7E41F4B6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] USER32.dll!GetKeyboardState + 4 7E41F4BA 2 Bytes [ 98, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] USER32.dll!CreateAcceleratorTableW 7E427B99 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] USER32.dll!CreateAcceleratorTableW + 4 7E427B9D 2 Bytes [ 9E, 5F ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] USER32.dll!SetWindowsHookExW 7E42DFFE 6 Bytes JMP 5FA00F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] USER32.dll!SetWindowsHookExA 7E431221 6 Bytes JMP 5F850F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] USER32.dll!AttachThreadInput 7E431E62 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[396] USER32.dll!AttachThreadInput + 4 7E431E66 2 Bytes [ 95, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!CloseServiceHandle 77DE6CC5 6 Bytes JMP 5F100F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!OpenServiceW 77DE6FDD 6 Bytes JMP 5F220F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!StartServiceA 77DEFB38 6 Bytes JMP 5F250F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!StartServiceW 77DF3E74 6 Bytes JMP 5F280F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!ControlService 77DF49DD 6 Bytes JMP 5F130F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!OpenServiceA 77DF4C36 6 Bytes JMP 5F1F0F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!LsaAddAccountRights 77E1ABC9 6 Bytes JMP 5F2B0F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F2E0F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 6 Bytes JMP 5F040F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 6 Bytes JMP 5F070F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 6 Bytes JMP 5F0A0F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 6 Bytes JMP 5F0D0F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F160F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F190F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ADVAPI32.dll!DeleteService 77E37489 6 Bytes JMP 5F1C0F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] USER32.dll!GetKeyState 7E41C4F9 6 Bytes JMP 5FA00F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] USER32.dll!GetAsyncKeyState 7E41CDAF 6 Bytes JMP 5F970F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] USER32.dll!BeginDeferWindowPos 7E41D435 6 Bytes JMP 5F8E0F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] USER32.dll!GetKeyboardState 7E41F4B6 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] USER32.dll!GetKeyboardState + 4 7E41F4BA 2 Bytes [ 9E, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] USER32.dll!CreateAcceleratorTableW 7E427B99 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] USER32.dll!CreateAcceleratorTableW + 4 7E427B9D 2 Bytes [ A4, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] USER32.dll!SetWindowsHookExW 7E42DFFE 6 Bytes JMP 5FA60F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] USER32.dll!SetWindowsHookExA 7E431221 6 Bytes JMP 5F8B0F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] USER32.dll!AttachThreadInput 7E431E62 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] USER32.dll!AttachThreadInput + 4 7E431E66 2 Bytes [ 9B, 5F ]

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A

.text D:\Program Files\Common Files\LightScribe\LSSrvc.exe[532] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!CloseServiceHandle 77DE6CC5 6 Bytes JMP 5F100F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!OpenServiceW 77DE6FDD 6 Bytes JMP 5F220F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!StartServiceA 77DEFB38 6 Bytes JMP 5F250F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!StartServiceW 77DF3E74 6 Bytes JMP 5F280F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!ControlService 77DF49DD 6 Bytes JMP 5F130F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!OpenServiceA 77DF4C36 6 Bytes JMP 5F1F0F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!LsaAddAccountRights 77E1ABC9 6 Bytes JMP 5F2B0F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F2E0F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 6 Bytes JMP 5F040F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 6 Bytes JMP 5F070F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 6 Bytes JMP 5F0A0F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 6 Bytes JMP 5F0D0F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F160F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F190F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ADVAPI32.dll!DeleteService 77E37489 6 Bytes JMP 5F1C0F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] USER32.dll!GetKeyState 7E41C4F9 6 Bytes JMP 5FA00F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] USER32.dll!GetAsyncKeyState 7E41CDAF 6 Bytes JMP 5F970F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] USER32.dll!BeginDeferWindowPos 7E41D435 6 Bytes JMP 5F8E0F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] USER32.dll!GetKeyboardState 7E41F4B6 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] USER32.dll!GetKeyboardState + 4 7E41F4BA 2 Bytes [ 9E, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] USER32.dll!CreateAcceleratorTableW 7E427B99 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] USER32.dll!CreateAcceleratorTableW + 4 7E427B9D 2 Bytes [ A4, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] USER32.dll!SetWindowsHookExW 7E42DFFE 6 Bytes JMP 5FA60F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] USER32.dll!SetWindowsHookExA 7E431221 6 Bytes JMP 5F8B0F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] USER32.dll!AttachThreadInput 7E431E62 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] USER32.dll!AttachThreadInput + 4 7E431E66 2 Bytes [ 9B, 5F ]

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A

.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[800] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text C:\Program Files\MSI\Core Center\CoreCenter.exe[936] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Byte

Link to post
Share on other sites

This is the second part as I could not get it all in one post, I will have a total of 3 posts

 

 

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!CloseServiceHandle 77DE6CC5 6 Bytes JMP 5F100F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!OpenServiceW 77DE6FDD 6 Bytes JMP 5F220F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!StartServiceA 77DEFB38 6 Bytes JMP 5F250F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!StartServiceW 77DF3E74 6 Bytes JMP 5F280F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!ControlService 77DF49DD 6 Bytes JMP 5F130F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!OpenServiceA 77DF4C36 6 Bytes JMP 5F1F0F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!LsaAddAccountRights 77E1ABC9 6 Bytes JMP 5F2B0F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 6 Bytes JMP 5F040F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 6 Bytes JMP 5F070F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F160F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F190F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ADVAPI32.dll!DeleteService 77E37489 6 Bytes JMP 5F1C0F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA30F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F8E0F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F8B0F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] USER32.dll!GetKeyState 7E41C4F9 6 Bytes JMP 5F9A0F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] USER32.dll!GetAsyncKeyState 7E41CDAF 6 Bytes JMP 5F910F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] USER32.dll!BeginDeferWindowPos 7E41D435 6 Bytes JMP 5F880F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] USER32.dll!GetKeyboardState 7E41F4B6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] USER32.dll!GetKeyboardState + 4 7E41F4BA 2 Bytes [ 98, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] USER32.dll!CreateAcceleratorTableW 7E427B99 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] USER32.dll!CreateAcceleratorTableW + 4 7E427B9D 2 Bytes [ 9E, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] USER32.dll!SetWindowsHookExW 7E42DFFE 6 Bytes JMP 5FA00F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] USER32.dll!SetWindowsHookExA 7E431221 6 Bytes JMP 5F850F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] USER32.dll!AttachThreadInput 7E431E62 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] USER32.dll!AttachThreadInput + 4 7E431E66 2 Bytes [ 95, 5F ]

.text C:\Program Files\Outlook Express\msimn.exe[1532] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A

.text C:\Program Files\Outlook Express\msimn.exe[1532] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] USER32.dll!GetKeyState 7E41C4F9 6 Bytes JMP 5FA00F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] USER32.dll!GetAsyncKeyState 7E41CDAF 6 Bytes JMP 5F970F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] USER32.dll!BeginDeferWindowPos 7E41D435 6 Bytes JMP 5F8E0F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] USER32.dll!GetKeyboardState 7E41F4B6 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] USER32.dll!GetKeyboardState + 4 7E41F4BA 2 Bytes [ 9E, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] USER32.dll!CreateAcceleratorTableW 7E427B99 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] USER32.dll!CreateAcceleratorTableW + 4 7E427B9D 2 Bytes [ A4, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] USER32.dll!SetWindowsHookExW 7E42DFFE 6 Bytes JMP 5FA60F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] USER32.dll!SetWindowsHookExA 7E431221 6 Bytes JMP 5F8B0F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] USER32.dll!AttachThreadInput 7E431E62 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] USER32.dll!AttachThreadInput + 4 7E431E66 2 Bytes [ 9B, 5F ]

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!CloseServiceHandle 77DE6CC5 6 Bytes JMP 5F100F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!OpenServiceW 77DE6FDD 6 Bytes JMP 5F220F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!StartServiceA 77DEFB38 6 Bytes JMP 5F250F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!StartServiceW 77DF3E74 6 Bytes JMP 5F280F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!ControlService 77DF49DD 6 Bytes JMP 5F130F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!OpenServiceA 77DF4C36 6 Bytes JMP 5F1F0F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!LsaAddAccountRights 77E1ABC9 6 Bytes JMP 5F2B0F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F2E0F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 6 Bytes JMP 5F040F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 6 Bytes JMP 5F070F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 6 Bytes JMP 5F0A0F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 6 Bytes JMP 5F0D0F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F160F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F190F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ADVAPI32.dll!DeleteService 77E37489 6 Bytes JMP 5F1C0F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A

.text D:\Program Files\UPHClean\uphclean.exe[1760] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!CloseServiceHandle 77DE6CC5 6 Bytes JMP 5F100F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!OpenServiceW 77DE6FDD 6 Bytes JMP 5F220F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!StartServiceA 77DEFB38 6 Bytes JMP 5F250F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!StartServiceW 77DF3E74 6 Bytes JMP 5F280F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!ControlService 77DF49DD 6 Bytes JMP 5F130F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!OpenServiceA 77DF4C36 6 Bytes JMP 5F1F0F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!LsaAddAccountRights 77E1ABC9 6 Bytes JMP 5F2B0F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F2E0F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 6 Bytes JMP 5F040F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 6 Bytes JMP 5F070F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 6 Bytes JMP 5F0A0F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 6 Bytes JMP 5F0D0F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F160F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F190F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ADVAPI32.dll!DeleteService 77E37489 6 Bytes JMP 5F1C0F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] USER32.dll!GetKeyState 7E41C4F9 6 Bytes JMP 5FA00F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] USER32.dll!GetAsyncKeyState 7E41CDAF 6 Bytes JMP 5F970F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] USER32.dll!BeginDeferWindowPos 7E41D435 6 Bytes JMP 5F8E0F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] USER32.dll!GetKeyboardState 7E41F4B6 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] USER32.dll!GetKeyboardState + 4 7E41F4BA 2 Bytes [ 9E, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] USER32.dll!CreateAcceleratorTableW 7E427B99 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] USER32.dll!CreateAcceleratorTableW + 4 7E427B9D 2 Bytes [ A4, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] USER32.dll!SetWindowsHookExW 7E42DFFE 6 Bytes JMP 5FA60F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] USER32.dll!SetWindowsHookExA 7E431221 6 Bytes JMP 5F8B0F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] USER32.dll!AttachThreadInput 7E431E62 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] USER32.dll!AttachThreadInput + 4 7E431E66 2 Bytes [ 9B, 5F ]

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A

.text D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[2036] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] USER32.dll!GetKeyState 7E41C4F9 6 Bytes JMP 5FA00F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] USER32.dll!GetAsyncKeyState 7E41CDAF 6 Bytes JMP 5F970F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] USER32.dll!BeginDeferWindowPos 7E41D435 6 Bytes JMP 5F8E0F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] USER32.dll!GetKeyboardState 7E41F4B6 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] USER32.dll!GetKeyboardState + 4 7E41F4BA 2 Bytes [ 9E, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] USER32.dll!CreateAcceleratorTableW 7E427B99 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] USER32.dll!CreateAcceleratorTableW + 4 7E427B9D 2 Bytes [ A4, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] USER32.dll!SetWindowsHookExW 7E42DFFE 6 Bytes JMP 5FA60F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] USER32.dll!SetWindowsHookExA 7E431221 6 Bytes JMP 5F8B0F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] USER32.dll!AttachThreadInput 7E431E62 3 Bytes [ FF, 25, 1E ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] USER32.dll!AttachThreadInput + 4 7E431E66 2 Bytes [ 9B, 5F ]

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!CloseServiceHandle 77DE6CC5 6 Bytes JMP 5F100F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!OpenServiceW 77DE6FDD 6 Bytes JMP 5F220F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!StartServiceA 77DEFB38 6 Bytes JMP 5F250F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!StartServiceW 77DF3E74 6 Bytes JMP 5F280F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!ControlService 77DF49DD 6 Bytes JMP 5F130F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!OpenServiceA 77DF4C36 6 Bytes JMP 5F1F0F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!LsaAddAccountRights 77E1ABC9 6 Bytes JMP 5F2B0F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F2E0F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 6 Bytes JMP 5F040F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 6 Bytes JMP 5F070F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 6 Bytes JMP 5F0A0F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 6 Bytes JMP 5F0D0F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F160F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F190F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ADVAPI32.dll!DeleteService 77E37489 6 Bytes JMP 5F1C0F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A

.text D:\Program Files\Logitech\MouseWare\system\em_exec.exe[2068] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\HPZipm12.exe[2748] ntdll.dll!NtU

Link to post
Share on other sites

This is the end of the report.

 

 

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!CloseServiceHandle 77DE6CC5 6 Bytes JMP 5F100F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!OpenServiceW 77DE6FDD 6 Bytes JMP 5F220F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!StartServiceA 77DEFB38 6 Bytes JMP 5F250F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!StartServiceW 77DF3E74 6 Bytes JMP 5F280F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!ControlService 77DF49DD 6 Bytes JMP 5F130F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!OpenServiceA 77DF4C36 6 Bytes JMP 5F1F0F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!LsaAddAccountRights 77E1ABC9 6 Bytes JMP 5F2B0F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 6 Bytes JMP 5F040F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 6 Bytes JMP 5F070F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F160F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F190F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ADVAPI32.dll!DeleteService 77E37489 6 Bytes JMP 5F1C0F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] USER32.dll!GetKeyState 7E41C4F9 6 Bytes JMP 5FA00F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] USER32.dll!GetAsyncKeyState 7E41CDAF 6 Bytes JMP 5F970F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] USER32.dll!BeginDeferWindowPos 7E41D435 6 Bytes JMP 5F8E0F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] USER32.dll!GetKeyboardState 7E41F4B6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] USER32.dll!GetKeyboardState + 4 7E41F4BA 2 Bytes [ 9E, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] USER32.dll!CreateAcceleratorTableW 7E427B99 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] USER32.dll!CreateAcceleratorTableW + 4 7E427B9D 2 Bytes [ A4, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] USER32.dll!SetWindowsHookExW 7E42DFFE 6 Bytes JMP 5FA60F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] USER32.dll!SetWindowsHookExA 7E431221 6 Bytes JMP 5F8B0F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] USER32.dll!AttachThreadInput 7E431E62 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] USER32.dll!AttachThreadInput + 4 7E431E66 2 Bytes [ 9B, 5F ]

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A

.text C:\Program Files\Secunia\PSI\psi.exe[3880] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text E:\Gmer\gmer\gmer.exe[4304] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text E:\Gmer\gmer\gmer.exe[4304] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text E:\Gmer\gmer\gmer.exe[4304] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text E:\Gmer\gmer\gmer.exe[4304] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text E:\Gmer\gmer\gmer.exe[4304] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A

.text E:\Gmer\gmer\gmer.exe[4304] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A

.text E:\Gmer\gmer\gmer.exe[4304] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A

.text E:\Gmer\gmer\gmer.exe[4304] USER32.dll!GetKeyState 7E41C4F9 6 Bytes JMP 5FA00F5A

.text E:\Gmer\gmer\gmer.exe[4304] USER32.dll!GetAsyncKeyState 7E41CDAF 6 Bytes JMP 5F970F5A

.text E:\Gmer\gmer\gmer.exe[4304] USER32.dll!BeginDeferWindowPos 7E41D435 6 Bytes JMP 5F8E0F5A

.text E:\Gmer\gmer\gmer.exe[4304] USER32.dll!GetKeyboardState 7E41F4B6 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] USER32.dll!GetKeyboardState + 4 7E41F4BA 2 Bytes [ 9E, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] USER32.dll!CreateAcceleratorTableW 7E427B99 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] USER32.dll!CreateAcceleratorTableW + 4 7E427B9D 2 Bytes [ A4, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] USER32.dll!SetWindowsHookExW 7E42DFFE 6 Bytes JMP 5FA60F5A

.text E:\Gmer\gmer\gmer.exe[4304] USER32.dll!SetWindowsHookExA 7E431221 6 Bytes JMP 5F8B0F5A

.text E:\Gmer\gmer\gmer.exe[4304] USER32.dll!AttachThreadInput 7E431E62 3 Bytes [ FF, 25, 1E ]

.text E:\Gmer\gmer\gmer.exe[4304] USER32.dll!AttachThreadInput + 4 7E431E66 2 Bytes [ 9B, 5F ]

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!CloseServiceHandle 77DE6CC5 6 Bytes JMP 5F100F5A

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!OpenServiceW 77DE6FDD 6 Bytes JMP 5F220F5A

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!StartServiceA 77DEFB38 6 Bytes JMP 5F250F5A

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!StartServiceW 77DF3E74 6 Bytes JMP 5F280F5A

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!ControlService 77DF49DD 6 Bytes JMP 5F130F5A

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!OpenServiceA 77DF4C36 6 Bytes JMP 5F1F0F5A

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!LsaAddAccountRights 77E1ABC9 6 Bytes JMP 5F2B0F5A

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F2E0F5A

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 6 Bytes JMP 5F040F5A

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 6 Bytes JMP 5F070F5A

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 6 Bytes JMP 5F0A0F5A

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 6 Bytes JMP 5F0D0F5A

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F160F5A

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F190F5A

.text E:\Gmer\gmer\gmer.exe[4304] ADVAPI32.dll!DeleteService 77E37489 6 Bytes JMP 5F1C0F5A

.text E:\Gmer\gmer\gmer.exe[4304] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A

.text E:\Gmer\gmer\gmer.exe[4304] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A

.text E:\Gmer\gmer\gmer.exe[4304] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A

.text E:\Gmer\gmer\gmer.exe[4304] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A

 

---- Devices - GMER 1.0.14 ----

 

Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Software)

 

AttachedDevice \FileSystem\Ntfs \Ntfs pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Software International)

AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys

AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Software)

AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Software)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Software)

AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Software)

 

---- Files - GMER 1.0.14 ----

Link to post
Share on other sites

The only thing I see that could indicate a problem is the following.

 

---- Kernel code sections - GMER 1.0.14 ----

 

? C:\WINDOWS\system32\PavTPK.sys The system cannot find the file specified. !

? C:\WINDOWS\system32\PavSRK.sys The system cannot find the file specified. !

? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

? system32\drivers\av5flt.sys The system cannot find the file specified. !

 

 

First 2 and 4th file(s) are associated with Panda. The 3rd is with the User Profile Cleanup Utility from MS. Might want to do a repair install or re-install of those two apps.

 

Again, please provide a more detailed description of the error(s) you are receiving.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...