Solved Red X's and Redirects

[Resolved] Red X's and Redirects

Good Morning... Avast went nuts with malware alerts, I removed what I could with my limited skills... Red X's where radio buttons used to be and page redirects, then a fake antivirus page popped up and began it's scan...

Logs:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/2/2006 10:35:32 PM
System Uptime: 6/9/2012 2:14:31 PM (10 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | PTGD2-VX
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3192/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 180 GiB total, 144.802 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (FAT32) - 466 GiB total, 268.969 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP295: 3/12/2012 6:18:13 PM - System Checkpoint
RP296: 3/13/2012 8:29:05 PM - System Checkpoint
RP297: 3/14/2012 3:00:35 AM - Software Distribution Service 3.0
RP298: 3/15/2012 9:46:03 PM - System Checkpoint
RP299: 3/16/2012 10:26:30 PM - System Checkpoint
RP300: 3/18/2012 9:23:00 AM - System Checkpoint
RP301: 3/19/2012 5:22:30 PM - System Checkpoint
RP302: 3/21/2012 8:30:00 PM - System Checkpoint
RP303: 3/23/2012 10:11:03 PM - System Checkpoint
RP304: 3/24/2012 6:31:02 PM - Installed Windows Internet Explorer 8.
RP305: 3/24/2012 6:32:26 PM - Software Distribution Service 3.0
RP306: 3/24/2012 6:59:54 PM - Software Distribution Service 3.0
RP307: 3/25/2012 9:15:02 PM - System Checkpoint
RP308: 3/26/2012 10:27:13 PM - System Checkpoint
RP309: 3/29/2012 1:15:00 PM - System Checkpoint
RP310: 3/30/2012 2:29:56 PM - System Checkpoint
RP311: 4/5/2012 4:32:50 PM - System Checkpoint
RP312: 4/6/2012 5:06:50 PM - System Checkpoint
RP313: 4/7/2012 6:08:59 PM - System Checkpoint
RP314: 4/9/2012 12:28:36 PM - System Checkpoint
RP315: 4/13/2012 12:15:57 PM - System Checkpoint
RP316: 4/14/2012 3:00:20 AM - Software Distribution Service 3.0
RP317: 4/15/2012 6:26:08 PM - System Checkpoint
RP318: 4/17/2012 1:48:24 AM - System Checkpoint
RP319: 4/18/2012 8:48:29 AM - System Checkpoint
RP320: 4/19/2012 9:48:29 AM - System Checkpoint
RP321: 4/20/2012 11:47:56 PM - System Checkpoint
RP322: 4/23/2012 6:29:07 PM - System Checkpoint
RP323: 4/26/2012 10:22:52 PM - System Checkpoint
RP324: 4/27/2012 10:27:27 PM - System Checkpoint
RP325: 5/1/2012 11:29:31 AM - System Checkpoint
RP326: 5/2/2012 7:36:23 PM - System Checkpoint
RP327: 5/5/2012 11:35:31 AM - System Checkpoint
RP328: 5/6/2012 11:38:26 AM - System Checkpoint
RP329: 5/6/2012 3:02:40 PM - Norton_Power_Eraser_20120506150235125
RP330: 5/8/2012 4:09:48 PM - Removed NetAssistant
RP331: 5/10/2012 1:41:09 PM - Software Distribution Service 3.0
RP332: 5/11/2012 2:06:45 PM - System Checkpoint
RP333: 5/12/2012 11:48:58 AM - Software Distribution Service 3.0
RP334: 5/13/2012 11:51:20 AM - System Checkpoint
RP335: 5/14/2012 7:11:43 AM - Software Distribution Service 3.0
RP336: 5/15/2012 10:47:02 AM - System Checkpoint
RP337: 5/16/2012 7:37:11 PM - System Checkpoint
RP338: 5/17/2012 6:23:03 PM - Removed InstallIQ Updater
RP339: 5/18/2012 6:46:18 PM - System Checkpoint
RP340: 5/19/2012 7:23:22 PM - System Checkpoint
RP341: 5/21/2012 8:43:53 AM - System Checkpoint
RP342: 5/23/2012 7:19:16 AM - Software Distribution Service 3.0
RP343: 5/26/2012 11:43:16 AM - System Checkpoint
RP344: 5/28/2012 4:57:56 PM - System Checkpoint
RP345: 5/29/2012 10:06:02 AM - Removed Skypeâ„¢ 5.9
RP346: 5/30/2012 3:06:56 PM - System Checkpoint
RP347: 6/1/2012 12:54:41 PM - Removed Yahoo! Music Jukebox.
RP348: 6/3/2012 4:04:12 PM - System Checkpoint
RP349: 6/4/2012 4:42:56 PM - System Checkpoint
RP350: 6/5/2012 3:00:40 AM - Software Distribution Service 3.0
RP351: 6/7/2012 12:47:52 PM - Installed Kaspersky Security Scan.
RP352: 6/7/2012 1:08:02 PM - Removed Kaspersky Security Scan.
RP353: 6/9/2012 7:37:20 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 8.1.4
Adobe® Photoshop® Album Starter Edition 3.0
Art Explosion Publisher Pro Silver Edition
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
CCleaner
Click to DVD 2.0 Menu Data
Click to DVD 2.1.10
ClickArt Fonts 4
Crystal Wizard
DVD-MovieAlbumSE 3
DVD-RAM Driver
DVgate Plus
EPSON Printer Software
EPSON Scan
EPSON Web-To-Page
Eusing Free Registry Cleaner
File Type Assistant
Finding Notes Easy 1.5
GearDrvs
Google Talk Plugin
Google Update Helper
GoToMeeting 4.8.0.721
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
hp deskjet 9600 series
ImageMate CompactFlash USB (SDDR-31) Ver. 5.05
Intel Application Accelerator
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 2
Java(TM) 6 Update 24
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
LiveUpdate Notice (Symantec Corporation)
Logitech Desktop Messenger
Logitech MouseWare 9.79
Logitech QuickCam Software
Logitech Resource Center
Logitech® Camera Driver
MagicShop (remove only)
Malwarebytes Anti-Malware version 1.61.0.1400
Maxtor OneTouch
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works Suite Add-in for Microsoft Word
MoodLogic
Movielink eHome version 1.1
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero - Burning Rom
Nero 7 Essentials
NetLotto
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.7.00
P.I.M. II Plug-In
PdfEdit995 (installed by TaxCut)
PictureGear Studio 2.0
Realtek High Definition Audio Driver
Retrospect Express HD 1.0
RivalGaming
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skypeâ„¢ 5.9
Sonic Encoders
Sonic RecordNow!
SonicStage
SonicStage Mastering Studio 1.3
SonicStage Mastering Studio Plugins 1.3
SonicStage MP3 Add-on program
Sony Certificate PCH
Sony TV Tuner Library 1.0
Sony Video Shared Library
Tasco SkyWatch (Remove only)
TaxCut Premium 2007
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Adapter FX (MXO)
VAIO Edit Components
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Registration
VAIO SLIT-C Screen Saver
VAIO SLIT Pattern Wallpaper
VAIO Survey Standalone
VAIO System Information
VAIO Update 2
Viewpoint Media Player
Visio Standard
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip
Works Suite OS Pack
Works Synchronization
Yahoo! Install Manager
.
==== Event Viewer Messages From Past Week ========
.
6/5/2012 2:21:42 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b4648636, parameter3 b2c18af4, parameter4 00000000.
6/5/2012 2:21:39 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b4648636, parameter3 b2d3baf4, parameter4 00000000.
6/5/2012 2:21:35 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b5330636, parameter3 b3826af4, parameter4 00000000.
6/5/2012 2:21:25 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b531e636, parameter3 b3941af4, parameter4 00000000.
6/5/2012 2:21:20 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b5308636, parameter3 b3863af4, parameter4 00000000.
6/5/2012 2:21:15 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b5330636, parameter3 b39d8af4, parameter4 00000000.
6/5/2012 2:21:05 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b5336636, parameter3 b3a34af4, parameter4 00000000.
6/5/2012 2:19:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
6/5/2012 2:19:07 AM, error: Service Control Manager [7000] - The Symantec Core LC service failed to start due to the following error: The system cannot find the path specified.
6/5/2012 2:19:07 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/5/2012 2:08:27 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/5/2012 2:08:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi DMICall Fips intelppm
6/5/2012 2:07:10 AM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.67, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
6/5/2012 2:07:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ALG with arguments " " in order to run the server: {D6015EC3-FA16-4813-9CA1-DA204574F5DA}
6/5/2012 2:07:10 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
6/5/2012 12:26:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde
6/5/2012 10:53:53 PM, error: Service Control Manager [7034] - The VAIO Entertainment TV Device Arbitration Service service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The VAIO Media Video Server service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The VAIO Media Video Server (UPnP) service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The VAIO Media Video Server (HTTP) service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The VAIO Media Integrated Server service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The VAIO Media Integrated Server (UPnP) service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The VAIO Media Integrated Server (HTTP) service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The VAIO Entertainment File Import Service service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The Sony TVTA Manager service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The Sony TV Tuner Manager service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The SonicStageMonitoring service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The Retrospect Express HD Launcher service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The Logitech Process Monitor service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The IAA Event Monitor service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The DVD-RAM_Service service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 10:53:47 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 1:48:17 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
6/5/2012 1:48:17 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2012 1:48:17 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2012 1:48:17 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2012 1:48:17 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2012 1:48:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/10/2012 12:15:31 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
.
==== End Of File ===========================

 

logs continued

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Donna at 0:54:38 on 2012-06-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.536 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.connect.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [EPSON Stylus Photo RX500] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /M "Stylus Photo RX500" /EF "HKCU "
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "c:\documents and settings\donna\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [EPSON Stylus Photo RX500 (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE /P33 "EPSON Stylus Photo RX500 (Copy 1)" /O5 "LPT1:" /M "Stylus Photo RX500 "
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [EPSON Stylus Photo RX500] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500 "
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [SandIcon] c:\imagemate compactflash usb\SandIcon.Exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: yahoo.com\us.mg3.mail
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Treasures%20Of%20Montezuma/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204578463312
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://www.shockwave.com/content/luxor2/sis/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Treasures%20Of%20Montezuma/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{439D8D5E-334B-4BA1-B4A5-C12639795CC9} : DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-31 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-30 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-30 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-30 44768]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2006-1-2 118877]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-3 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S2 Symantec Core LC;Symantec Core LC; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-11 257696]
S3 gupdatem;Google Update Service (gupdatem); [x]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-12 01:59:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 0:57:48.43 ===============

 

mbam

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.03.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Donna :: YOUR-13E050B673 [administrator]

6/9/2012 7:19:27 PM
mbam-log-2012-06-09 (19-19-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217410
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-09 22:40:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD2000JD-98HBB0 rev.08.02D08
Running: 51p39qte.exe; Driver: C:\DOCUME~1\Donna\LOCALS~1\Temp\kglcqfoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB6486DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB6513A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB648785E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB64B3D5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB648C2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB648C330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB648C422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB64B3711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB648C252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB648C374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB648C29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB648C3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB6486E44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB64B4423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB64B46D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB64899A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB64B428E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB64B40F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB6513B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB6486AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB6486E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB6489D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB6487B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB648C30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB648C352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB648C446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB64B3A6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB648C278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB6489518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB648C3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB648C2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB648974C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB648C400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB6513CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB64B3F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB64879CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB64B3DC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB651DB68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB64B2D84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB6486EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB6486F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB6486B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB6486CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB64B452A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB6486C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB6486D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xB6513D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB6486F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xB6513BE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6529D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP B652874C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576705 4 Bytes CALL B648819F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7F4 7 Bytes JMP B6529D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E0536 5 Bytes JMP B6526C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF8098E2 5 Bytes JMP B648B180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C83E 5 Bytes JMP B648B07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138D6 5 Bytes JMP B648B036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C540 5 Bytes JMP B648A724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240B0 5 Bytes JMP B6489F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A1A 5 Bytes JMP B648B2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831465 5 Bytes JMP B648B4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839E9C 5 Bytes JMP B648AF3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85173B 5 Bytes JMP B6489E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC5A 5 Bytes JMP B648A7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2C4 5 Bytes JMP B648A384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E34F 5 Bytes JMP B648A562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5C2 5 Bytes JMP B6489E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF864991 5 Bytes JMP B648B0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873CC4 5 Bytes JMP B648A51C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890F01 5 Bytes JMP B648A7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8944AC 5 Bytes JMP B648B232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894F84 5 Bytes JMP B648B450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C32B 5 Bytes JMP B648A70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D8C0 5 Bytes JMP B6489FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9DB BF8C1E40 5 Bytes JMP B648A104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA2A2 5 Bytes JMP B648A1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA522 5 Bytes JMP B648A2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EBEF7 5 Bytes JMP B6489D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB46 BF8F4EFF 5 Bytes JMP B648A73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2D BF9136C2 2 Bytes JMP B6489F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A30 BF9136C5 2 Bytes [B7, F6] {MOV BH, 0xf6}
.text win32k.sys!EngCreateClip + 2601 BF914296 5 Bytes JMP B648A0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7A BF916C0F 5 Bytes JMP B648A67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 194D BF946CFD 5 Bytes JMP B648B3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\DVDRAMSV.exe[492] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004B0804
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004B0A08
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004B0600
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004B01F8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004B03FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004C1014
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004C0804
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004C0A08
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004C0C0C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004C0E10
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004C01F8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004C03FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004C0600
.text C:\WINDOWS\eHome\ehRecvr.exe[520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehRecvr.exe[520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehRecvr.exe[520] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[520] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehRecvr.exe[520] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[520] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehRecvr.exe[520] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[520] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[520] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehRecvr.exe[520] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehRecvr.exe[520] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[520] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehRecvr.exe[520] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehRecvr.exe[520] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[520] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[520] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\eHome\ehSched.exe[532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehSched.exe[532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehSched.exe[532] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[532] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehSched.exe[532] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehSched.exe[532] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehSched.exe[532] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehSched.exe[532] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[560] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\smss.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[748] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[748] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[748] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[748] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[748] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[776] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\services.exe[804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[804] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[804] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[804] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[816] ntdll.dll!LdrLoadDll

 

7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[816] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[816] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[816] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[816] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[992] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[992] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[992] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[992] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[992] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[1044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[1044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00411014
.text C:\WINDOWS\system32\ctfmon.exe[1044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00410804
.text C:\WINDOWS\system32\ctfmon.exe[1044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00410A08
.text C:\WINDOWS\system32\ctfmon.exe[1044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00410C0C
.text C:\WINDOWS\system32\ctfmon.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00410E10
.text C:\WINDOWS\system32\ctfmon.exe[1044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004101F8
.text C:\WINDOWS\system32\ctfmon.exe[1044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004103FC
.text C:\WINDOWS\system32\ctfmon.exe[1044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00410600
.text C:\WINDOWS\system32\ctfmon.exe[1044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00420804
.text C:\WINDOWS\system32\ctfmon.exe[1044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00420A08
.text C:\WINDOWS\system32\ctfmon.exe[1044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00420600
.text C:\WINDOWS\system32\ctfmon.exe[1044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004201F8
.text C:\WINDOWS\system32\ctfmon.exe[1044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004203FC
.text C:\WINDOWS\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Skype\Phone\Skype.exe[1180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Skype\Phone\Skype.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[1180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Skype\Phone\Skype.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[1180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\Program Files\Skype\Phone\Skype.exe[1180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\Program Files\Skype\Phone\Skype.exe[1180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\Program Files\Skype\Phone\Skype.exe[1180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\Program Files\Skype\Phone\Skype.exe[1180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Skype\Phone\Skype.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\Program Files\Skype\Phone\Skype.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\Program Files\Skype\Phone\Skype.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\Program Files\Skype\Phone\Skype.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\Program Files\Skype\Phone\Skype.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\Program Files\Skype\Phone\Skype.exe[1180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\Program Files\Skype\Phone\Skype.exe[1180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\Program Files\Skype\Phone\Skype.exe[1180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1224] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1224] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1224] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ALCWZRD.EXE[1496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\ALCWZRD.EXE[1496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\ALCWZRD.EXE[1496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\ALCWZRD.EXE[1496] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ALCWZRD.EXE[1496] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00711014
.text C:\WINDOWS\ALCWZRD.EXE[1496] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00710804
.text C:\WINDOWS\ALCWZRD.EXE[1496] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00710A08
.text C:\WINDOWS\ALCWZRD.EXE[1496] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00710C0C
.text C:\WINDOWS\ALCWZRD.EXE[1496] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00710E10
.text C:\WINDOWS\ALCWZRD.EXE[1496] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007101F8
.text C:\WINDOWS\ALCWZRD.EXE[1496] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007103FC
.text C:\WINDOWS\ALCWZRD.EXE[1496] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00710600
.text C:\WINDOWS\ALCWZRD.EXE[1496] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00720804
.text C:\WINDOWS\ALCWZRD.EXE[1496] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00720A08
.text C:\WINDOWS\ALCWZRD.EXE[1496] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00720600
.text C:\WINDOWS\ALCWZRD.EXE[1496] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007201F8
.text C:\WINDOWS\ALCWZRD.EXE[1496] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007203FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1580] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1580] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1668] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1668] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1668] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1668] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1668] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1668] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1668] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1668] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[1920] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] ntdll.dll!LdrLoadDll

 

7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[1960] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wdfmgr.exe[2068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\wdfmgr.exe[2068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[2068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\wdfmgr.exe[2068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[2068] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wdfmgr.exe[2068] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wdfmgr.exe[2068] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wdfmgr.exe[2068] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wdfmgr.exe[2068] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wdfmgr.exe[2068] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wdfmgr.exe[2068] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wdfmgr.exe[2068] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wdfmgr.exe[2068] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wdfmgr.exe[2068] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wdfmgr.exe[2068] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wdfmgr.exe[2068] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wdfmgr.exe[2068] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[2156] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[2192] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\RAMASST.exe[2236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\RAMASST.exe[2236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\RAMASST.exe[2236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\RAMASST.exe[2236] kernel32.dll!GetBinaryTypeW + 80

 

7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\RAMASST.exe[2236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\RAMASST.exe[2236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\RAMASST.exe[2236] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\RAMASST.exe[2236] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\RAMASST.exe[2236] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\RAMASST.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\system32\RAMASST.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\RAMASST.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\RAMASST.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\system32\RAMASST.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\system32\RAMASST.exe[2236] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\RAMASST.exe[2236] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\RAMASST.exe[2236] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00500804
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00500A08
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00500600
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005001F8
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005003FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00511014
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00510804
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00510A08
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00510C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00510E10
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005101F8
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005103FC
.text C:\WINDOWS\system32\Ati2evxx.exe[2480] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00510600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[2624] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[2688] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004C0804
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004C0A08
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004C0600
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004C01F8
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004C03FC
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004D1014
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004D0804
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004D0A08
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004D0C0C
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004D0E10
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004D01F8
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004D03FC
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004D0600
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004F0804
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004F0A08
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004F0600
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004F01F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004F03FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00501014
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00500804
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00500A08
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00500C0C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00500E10
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005001F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005003FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00500600
.text C:\WINDOWS\Explorer.EXE[2876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00411014
.text C:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00410804
.text C:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00410A08
.text C:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00410C0C
.text C:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00410E10
.text C:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004101F8
.text C:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004103FC
.text C:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00410600
.text C:\WINDOWS\Explorer.EXE[2876] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00420804
.text C:\WINDOWS\Explorer.EXE[2876] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00420A08
.text C:\WINDOWS\Explorer.EXE[2876] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00420600
.text C:\WINDOWS\Explorer.EXE[2876] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004201F8
.text C:\WINDOWS\Explorer.EXE[2876] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004203FC
.text C:\WINDOWS\system32\dllhost.exe[2964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\dllhost.exe[2964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[2964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\dllhost.exe[2964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[2964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\dllhost.exe[2964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\dllhost.exe[2964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\dllhost.exe[2964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\dllhost.exe[2964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\dllhost.exe[2964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\dllhost.exe[2964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\dllhost.exe[2964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\dllhost.exe[2964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\dllhost.exe[2964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\dllhost.exe[2964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\dllhost.exe[2964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\dllhost.exe[2964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[3060] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004D1014
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004D0804
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004D0A08
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004D0C0C
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004D0E10
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004D01F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004D03FC
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004D0600
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004E0804
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004E0A08
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004E0600
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004E01F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[3396] USER32.dll!UnhookWinEvent

 

7E4318AC 5 Bytes JMP 004E03FC
.text C:\WINDOWS\System32\alg.exe[3408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\WINDOWS\System32\alg.exe[3408] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\WINDOWS\System32\alg.exe[3408] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\WINDOWS\System32\alg.exe[3408] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\WINDOWS\System32\alg.exe[3408] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\WINDOWS\System32\alg.exe[3408] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\System32\alg.exe[3408] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\System32\alg.exe[3408] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\System32\alg.exe[3408] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\System32\alg.exe[3408] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\System32\alg.exe[3408] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\System32\alg.exe[3408] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\System32\alg.exe[3408] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] ADVAPI32.dll!DeleteService

 

77E374B1 5 Bytes JMP 003C0600
.text C:\WINDOWS\SOUNDMAN.EXE[3576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\SOUNDMAN.EXE[3576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\SOUNDMAN.EXE[3576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\SOUNDMAN.EXE[3576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\SOUNDMAN.EXE[3576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\SOUNDMAN.EXE[3576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\SOUNDMAN.EXE[3576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\SOUNDMAN.EXE[3576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\SOUNDMAN.EXE[3576] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\SOUNDMAN.EXE[3576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\SOUNDMAN.EXE[3576] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\SOUNDMAN.EXE[3576] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\SOUNDMAN.EXE[3576] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\SOUNDMAN.EXE[3576] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\SOUNDMAN.EXE[3576] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\SOUNDMAN.EXE[3576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\SOUNDMAN.EXE[3576] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004B0804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004B0A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004B0600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004B01F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004B03FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004C1014
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004C0804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004C0A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004C0C0C
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004C0E10
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004C01F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004C03FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004C0600
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004D0804
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004D0A08
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004D0600
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004D01F8
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] USER32.dll!UnhookWinEvent

 

7E4318AC 5 Bytes JMP 004D03FC
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004C1014
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004C0804
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004C0A08
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004C0C0C
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004C0E10
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004C01F8
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004C03FC
.text C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004C0600
.text C:\WINDOWS\system32\wscntfy.exe[5828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[5828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A02F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A02DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A02D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A02DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000
IAT C:\WINDOWS\system32\ctfmon.exe[1044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [024E2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [024E2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [024E2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [024E2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ALCWZRD.EXE[1496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CF2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ALCWZRD.EXE[1496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CF2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ALCWZRD.EXE[1496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CF2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ALCWZRD.EXE[1496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CF2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\WINDOWS\system32\RAMASST.exe[2236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[2236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[2236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[2236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\Ati2evxx.exe[2480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\Ati2evxx.exe[2480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\Ati2evxx.exe[2480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\Ati2evxx.exe[2480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\ImageMate CompactFlash USB\SandIcon.Exe[2764] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A62F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A62DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A62D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A62DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01192F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01192DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01192D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01192DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3240] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\WINDOWS\system32\LVCOMSX.EXE[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\LVCOMSX.EXE[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\LVCOMSX.EXE[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\LVCOMSX.EXE[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CE2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CE2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CE2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CE2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[3576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BD2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[3576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BD2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[3576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BD2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[3576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BD2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[3776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Donna\Desktop\51p39qte.exe[4852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[5828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008F2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[5828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008F2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[5828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008F2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[5828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008F2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom

 

aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Nova Development\Art Explosion Publisher Pro\1.0\Wizards\Desktop\Calendars\Year on a Page\8\xbdx11 inch\Business.npp 1
Reg HKLM\SOFTWARE\Classes\.3dp@ Vroomsap.1
Reg HKLM\SOFTWARE\Classes\.sig@ PMWPosterType
Reg HKLM\SOFTWARE\Classes\ActivePopup.1@ Popup Control
Reg HKLM\SOFTWARE\Classes\ActivePopup.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActivePopup.1\CLSID@ {8F0DD2CA-786E-11D0-A671-000092909AB2}
Reg HKLM\SOFTWARE\Classes\Communicator.Download@ Download Class
Reg HKLM\SOFTWARE\Classes\Communicator.Download\CLSID
Reg HKLM\SOFTWARE\Classes\Communicator.Download\CLSID@ {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B}
Reg HKLM\SOFTWARE\Classes\Communicator.Download\CurVer
Reg HKLM\SOFTWARE\Classes\Communicator.Download\CurVer@ Communicator.Download.1
Reg HKLM\SOFTWARE\Classes\Communicator.Download.1@ Download Class
Reg HKLM\SOFTWARE\Classes\Communicator.Download.1\CLSID
Reg HKLM\SOFTWARE\Classes\Communicator.Download.1\CLSID@ {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B}
Reg HKLM\SOFTWARE\Classes\CONNMGR.ConnMgrCtrl.1@ ConnMgr Control
Reg HKLM\SOFTWARE\Classes\CONNMGR.ConnMgrCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\CONNMGR.ConnMgrCtrl.1\CLSID@ {25E2B9D7-7C7F-4EE0-ACE5-F5492131B121}
Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl@ InstallFromTheWeb ActiveX Control
Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl\CLSID
Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl\CLSID@ {4E330863-6A11-11D0-BFD8-006097237877}
Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl\CurVer
Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl\CurVer@ IFTWCtrl.IFTWCtrl.1
Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl.1@ InstallFromTheWeb ActiveX Control
Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl.1\CLSID@ {4E330863-6A11-11D0-BFD8-006097237877}
Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj@ ImportClientObj Class
Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj\CLSID
Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj\CLSID@ {A844CD49-95EA-4ef0-92D2-BB32E68A6491}
Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj.1@ ImportClientObj Class
Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj.1\CLSID
Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj.1\CLSID@ {A844CD49-95EA-4ef0-92D2-BB32E68A6491}
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile@ Enhanced metafile
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\CLSID
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\CLSID@ {5D455741-68F5-101C-AABC-0000C0E03D82}
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\DefaultIcon@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe,-151
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\Insertable
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\Insertable@
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol@
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing@
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\server
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\server@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\verb
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\verb@
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\verb\0
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\verb\0@ &Edit
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\open
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\open\command
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\open\command@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe "%1 "
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\print
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\print\command
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\print\command@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe /p "%1 "
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\printto
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\printto\command
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\printto\command@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe /pt "%1" "%2" "%3" "%4 "
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1@ Metafile Companion Picture (32-bit)
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\CLSID
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\CLSID@ {5D455741-68F5-101C-AABC-0000C0E03D82}
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\Insertable
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol\StdFileEditing
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol\StdFileEditing\server
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol\StdFileEditing\server@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol\StdFileEditing\verb
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol\StdFileEditing\verb\0
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol\StdFileEditing\verb\0@ &Edit
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile@ Windows metafile
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\CLSID
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\CLSID@ {5D455741-68F5-101C-AABC-0000C0E03D82}
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\DefaultIcon@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe,-152
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\Insertable
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\Insertable@
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol@
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing@
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\server
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\server@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\verb
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\verb@
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\verb\0
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\verb\0@ &Edit
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\open
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\open\command
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\open\command@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe "%1 "
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\print
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\print\command
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\print\command@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe /p "%1 "
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\printto
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\printto\command
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\printto\command@ C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe /pt "%1" "%2" "%3" "%4 "
Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory@ Soap Port Connector Factory
Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory\Clsid@ {4CE546FF-9128-465E-B5C5-5A36CFC2C285}
Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory\CurVer
Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory\CurVer@ MSSOAP.ConnectorFactory.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory.1@

 

Soap Port Connector Factory
Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory.1\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory.1\Clsid@ {4CE546FF-9128-465E-B5C5-5A36CFC2C285}
Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector@ Microsoft Soap Http Connector
Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector\Clsid@ {6205B8C9-75FF-4623-A50A-88E1F14EAFF2}
Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector\CurVer
Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector\CurVer@ MSSOAP.HttpConnector.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector.1@ Microsoft Soap Http Connector
Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector.1\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector.1\Clsid@ {6205B8C9-75FF-4623-A50A-88E1F14EAFF2}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient@ Microsoft Soap SoapClient class
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient\Clsid@ {86D54F3D-652D-4ab3-A1A6-14D403F6C813}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient\CurVer
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient\CurVer@ MSSOAP.SoapClient.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient.1@ Microsoft Soap SoapClient class Version 1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient.1\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient.1\Clsid@ {86D54F3D-652D-4ab3-A1A6-14D403F6C813}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader@ Microsoft Soap SoapReader class
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader\Clsid@ {FDE424F3-AA10-471D-8A0A-6875C17B5914}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader\CurVer
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader\CurVer@ MSSOAP.SoapReader.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader.1@ Microsoft Soap SoapReader class Version 1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader.1\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader.1\Clsid@ {FDE424F3-AA10-471D-8A0A-6875C17B5914}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer@ Microsoft Soap SoapSerializer class
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer\Clsid@ {ADE424F3-AA10-471D-8A0A-687534555900}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer\CurVer
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer\CurVer@ MSSOAP.SoapSerializer.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer.1@ Microsoft Soap SoapSerializer class Version 1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer.1\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer.1\Clsid@ {ADE424F3-AA10-471D-8A0A-687534555900}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer@ Microsoft Soap SoapServer class
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer\Clsid@ {EBB2FF12-861A-42b6-B815-B1AF4D944916}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer\CurVer
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer\CurVer@ MSSOAP.SoapServer.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer.1@ Microsoft Soap SoapServer class Version 1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer.1\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer.1\Clsid@ {EBB2FF12-861A-42b6-B815-B1AF4D944916}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypefactory.1@ Microsoft SoapTypeMapperFactory Version 1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypefactory.1\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypefactory.1\Clsid@ {9C5754F7-ADF5-4D82-B181-0F8FC5EA882B}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory@ Microsoft SoapTypeMapperFactoryclass
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\Clsid@ {9C5754F7-ADF5-4D82-B181-0F8FC5EA882B}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\CurVer
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\CurVer@ MSSOAP.SoapTypeMapperFactory.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader@ Microsoft Soap WSDLReader class
Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader\Clsid@ {BB023FC5-AA10-47CE-8A0A-6875C17B5914}
Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader\CurVer
Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader\CurVer@ MSSOAP.WSDLReader.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader.1@ Microsoft Soap WSDLReader class Version 1
Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader.1\Clsid
Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader.1\Clsid@ {BB023FC5-AA10-47CE-8A0A-6875C17B5914}
Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload@ Upload Class
Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload\CLSID
Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload\CLSID@ {4C470CD2-7394-11D4-9691-00D0B707528C}
Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload\CurVer
Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload\CurVer@ NPFTPX.Upload.1
Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload.1@ Upload Class
Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload.1\CLSID
Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload.1\CLSID@ {4C470CD2-7394-11D4-9691-00D0B707528C}
Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl@ OnlineContentCtrl Class
Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl\CLSID
Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl\CLSID@ {697CA6EF-989E-48CB-A70C-35E8875D890D}
Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl\CurVer
Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl\CurVer@ OnlineContentMgr.OnlineContentCtrl.1
Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl.1@ OnlineContentCtrl Class
Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl.1\CLSID@ {697CA6EF-989E-48CB-A70C-35E8875D890D}
Reg HKLM\SOFTWARE\Classes\PMWPosterType@ Broderbund Poster Type
Reg HKLM\SOFTWARE\Classes\PMWPosterType\CLSID
Reg HKLM\SOFTWARE\Classes\PMWPosterType\CLSID@ {76F54460-046F-11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWPosterType\DefaultIcon
Reg HKLM\SOFTWARE\Classes\PMWPosterType\DefaultIcon@ C:\Program Files\Broderbund\ClickArt Fonts 4\pmwres32.dll,1
Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell
Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open
Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\command
Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\command@ C:\PROGRA~1\BRODER~1\CLICKA~1\cafonts4.exe "%1 "
Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\ddeexec@ [open( "%1 ")]
Reg HKLM\SOFTWARE\Classes\Pretzel.ClickArt.FileImport@ Pretzel.ClickArt.FileImport
Reg HKLM\SOFTWARE\Classes\Pretzel.ClickArt.FileImport\CLSID
Reg HKLM\SOFTWARE\Classes\Pretzel.ClickArt.FileImport\CLSID@ {998B9CAA-369B-41D0-A2F7-44CC1D208686}
Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab@ Microsoft Tabbed Dialog Control, version 6.0
Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CLSID
Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CLSID@ {BDC217C5-ED16-11CD-956C-0000C04E4C0A}
Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CurVer
Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CurVer@ TabDlg.SSTab.1
Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1@ Microsoft Tabbed Dialog Control, version 6.0
Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1\CLSID
Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1\CLSID@ {BDC217C5-ED16-11CD-956C-0000C04E4C0A}
Reg HKLM\SOFTWARE\Classes\Vroom.Vroom@ 3DGreetings.com Player 2.0
Reg HKLM\SOFTWARE\Classes\Vroom.Vroom\CurVer
Reg HKLM\SOFTWARE\Classes\Vroom.Vroom\CurVer@ Vroom.Vroom.1
Reg HKLM\SOFTWARE\Classes\Vroom.Vroom.1@ 3DGreetings.com Player 2.0
Reg HKLM\SOFTWARE\Classes\Vroom.Vroom.1\CLSID
Reg HKLM\SOFTWARE\Classes\Vroom.Vroom.1\CLSID@ {0C3F7D74-ADA5-4976-8908-A8189590DAFA}
Reg HKLM\SOFTWARE\Classes\Vroom.Vroom.1\Insertable
Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D@ Vroom3D Renderer
Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D\CurVer
Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D\CurVer@ Vroom3D.Vroom3D.1
Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D.1@ Vroom3D Renderer
Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D.1\CLSID
Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D.1\CLSID@ {D1331690-405A-11d3-A7E8-00902745D30B}
Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio@ VroomAudio
Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio\CurVer
Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio\CurVer@ VroomAudio.VroomAudio.1
Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio.1@ VroomAudio
Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio.1\CLSID
Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio.1\CLSID@ {EE0F92D8-1B1A-4815-BA92-E4C981A1C2DA}
Reg HKLM\SOFTWARE\Classes\VroomSap.1@DefaultIcon \ExpressIt\VroomSap.exe
Reg HKLM\SOFTWARE\Classes\VroomSap.1@ ExpressIt Player v2 File
Reg HKLM\SOFTWARE\Classes\VroomSap.1\Shell
Reg HKLM\SOFTWARE\Classes\VroomSap.1\Shell\Open
Reg HKLM\SOFTWARE\Classes\VroomSap.1\Shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VroomSap.1\Shell\Open\Command@ "\VroomSap.exe" "
Reg HKLM\SOFTWARE\Classes\{83DC6B35-719A-11D1-9828-00A0246D4780}\LocalServer32
Reg HKLM\SOFTWARE\Classes\{83DC6B35-719A-11D1-9828-00A0246D4780}\LocalServer32@ C:\PROGRA~1\BRODER~1\ClickArt Fonts 4\cafonts4.exe

---- EOF - GMER 1.0.15 ----

 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-10 00:13:21
-----------------------------
00:13:21.791 OS Version: Windows 5.1.2600 Service Pack 3
00:13:21.791 Number of processors: 2 586 0x304
00:13:21.791 ComputerName: YOUR-13E050B673 UserName: Donna
00:13:28.884 Initialize success
00:13:38.712 AVAST engine defs: 12060901
00:13:43.103 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
00:13:43.103 Disk 0 Vendor: WDC_WD2000JD-98HBB0 08.02D08 Size: 190782MB BusType: 3
00:13:43.166 Disk 0 MBR read successfully
00:13:43.181 Disk 0 MBR scan
00:13:43.306 Disk 0 unknown MBR code
00:13:43.353 Disk 0 Partition 1 00 12 Compaq diag NTFS 6149 MB offset 63
00:13:43.416 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 184629 MB offset 12594960
00:13:43.447 Disk 0 scanning sectors +390716865
00:13:43.697 Disk 0 scanning C:\WINDOWS\system32\drivers
00:14:23.916 Service scanning
00:14:41.150 Modules scanning
00:15:13.041 Disk 0 trace - called modules:
00:15:13.072 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
00:15:13.416 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8733aab8]
00:15:13.431 3 CLASSPNP.SYS[f77cffd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8733bb00]
00:15:13.775 AVAST engine scan C:\WINDOWS
00:15:45.056 AVAST engine scan C:\WINDOWS\system32
00:21:07.369 AVAST engine scan C:\WINDOWS\system32\drivers
00:21:43.259 AVAST engine scan C:\Documents and Settings\Donna
00:34:21.619 AVAST engine scan C:\Documents and Settings\All Users
00:37:20.416 Scan finished successfully
00:53:40.353 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Donna\Desktop\MBR.dat "
00:53:40.369 The log file has been saved successfully to "C:\Documents and Settings\Donna\Desktop\aswMBR.txt "


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-10 00:13:21
-----------------------------
00:13:21.791 OS Version: Windows 5.1.2600 Service Pack 3
00:13:21.791 Number of processors: 2 586 0x304
00:13:21.791 ComputerName: YOUR-13E050B673 UserName: Donna
00:13:28.884 Initialize success
00:13:38.712 AVAST engine defs: 12060901
00:13:43.103 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
00:13:43.103 Disk 0 Vendor: WDC_WD2000JD-98HBB0 08.02D08 Size: 190782MB BusType: 3
00:13:43.166 Disk 0 MBR read successfully
00:13:43.181 Disk 0 MBR scan
00:13:43.306 Disk 0 unknown MBR code
00:13:43.353 Disk 0 Partition 1 00 12 Compaq diag NTFS 6149 MB offset 63
00:13:43.416 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 184629 MB offset 12594960
00:13:43.447 Disk 0 scanning sectors +390716865
00:13:43.697 Disk 0 scanning C:\WINDOWS\system32\drivers
00:14:23.916 Service scanning
00:14:41.150 Modules scanning
00:15:13.041 Disk 0 trace - called modules:
00:15:13.072 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
00:15:13.416 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8733aab8]
00:15:13.431 3 CLASSPNP.SYS[f77cffd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8733bb00]
00:15:13.775 AVAST engine scan C:\WINDOWS
00:15:45.056 AVAST engine scan C:\WINDOWS\system32
00:21:07.369 AVAST engine scan C:\WINDOWS\system32\drivers
00:21:43.259 AVAST engine scan C:\Documents and Settings\Donna
00:34:21.619 AVAST engine scan C:\Documents and Settings\All Users
00:37:20.416 Scan finished successfully
00:53:40.353 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Donna\Desktop\MBR.dat "
00:53:40.369 The log file has been saved successfully to "C:\Documents and Settings\Donna\Desktop\aswMBR.txt "
00:54:16.759 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Donna\Desktop\MBR.dat "
00:54:16.759 The log file has been saved successfully to "C:\Documents and Settings\Donna\Desktop\aswMBR.txt "

 

Thank you for your help Broni, you're an angel!

 

Sorry for the abandonment, I appreciate the second chance!

Will do Bootkit Remover now...

 

.\debug.cpp(238) : Debug log started at 10.06.2012 - 17:21:33
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x00229000 "\WINDOWS\system32\ntoskrnl.exe "
.\debug.cpp(256) : 0x80700000 0x00020d00 "\WINDOWS\system32\hal.dll "
.\debug.cpp(256) : 0xf7c6f000 0x00002000 "\WINDOWS\system32\KDCOM.DLL "
.\debug.cpp(256) : 0xf7b7f000 0x00003000 "\WINDOWS\system32\BOOTVID.dll "
.\debug.cpp(256) : 0xf7720000 0x0002e000 "ACPI.sys "
.\debug.cpp(256) : 0xf7c71000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS "
.\debug.cpp(256) : 0xf770f000 0x00011000 "pci.sys "
.\debug.cpp(256) : 0xf776f000 0x0000a000 "isapnp.sys "
.\debug.cpp(256) : 0xf777f000 0x00010000 "ohci1394.sys "
.\debug.cpp(256) : 0xf778f000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS "
.\debug.cpp(256) : 0xf7d37000 0x00001000 "pciide.sys "
.\debug.cpp(256) : 0xf79ef000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS "
.\debug.cpp(256) : 0xf7c73000 0x00002000 "intelide.sys "
.\debug.cpp(256) : 0xf779f000 0x0000b000 "MountMgr.sys "
.\debug.cpp(256) : 0xf76f0000 0x0001f000 "ftdisk.sys "
.\debug.cpp(256) : 0xf7c75000 0x00002000 "dmload.sys "
.\debug.cpp(256) : 0xf76ca000 0x00026000 "dmio.sys "
.\debug.cpp(256) : 0xf79f7000 0x00005000 "PartMgr.sys "
.\debug.cpp(256) : 0xf77af000 0x0000d000 "VolSnap.sys "
.\debug.cpp(256) : 0xf76b2000 0x00018000 "atapi.sys "
.\debug.cpp(256) : 0xf763f000 0x00073000 "iaStor.sys "
.\debug.cpp(256) : 0xf77bf000 0x00009000 "disk.sys "
.\debug.cpp(256) : 0xf77cf000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS "
.\debug.cpp(256) : 0xf761f000 0x00020000 "fltmgr.sys "
.\debug.cpp(256) : 0xf760d000 0x00012000 "sr.sys "
.\debug.cpp(256) : 0xf77df000 0x00009000 "PxHelp20.sys "
.\debug.cpp(256) : 0xf75f6000 0x00017000 "KSecDD.sys "
.\debug.cpp(256) : 0xf7569000 0x0008d000 "Ntfs.sys "
.\debug.cpp(256) : 0xf753c000 0x0002d000 "NDIS.sys "
.\debug.cpp(256) : 0xf7522000 0x0001a000 "Mup.sys "
.\debug.cpp(256) : 0xf780f000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys "
.\debug.cpp(256) : 0xf78ff000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys "
.\debug.cpp(256) : 0xf6bfe000 0x000de000 "\SystemRoot\system32\DRIVERS\ati2mtag.sys "
.\debug.cpp(256) : 0xf6bea000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS "
.\debug.cpp(256) : 0xf6bc2000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys "
.\debug.cpp(256) : 0xf7ae7000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys "
.\debug.cpp(256) : 0xf6b9e000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS "
.\debug.cpp(256) : 0xf7aef000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys "
.\debug.cpp(256) : 0xf6add000 0x000c1000 "\SystemRoot\system32\DRIVERS\smrt.sys "
.\debug.cpp(256) : 0xf791f000 0x0000d000 "\SystemRoot\system32\DRIVERS\STREAM.SYS "
.\debug.cpp(256) : 0xf6aba000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys "
.\debug.cpp(256) : 0xf6a9b000 0x0001f000 "\SystemRoot\system32\DRIVERS\e1000325.sys "
.\debug.cpp(256) : 0xf792f000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys "
.\debug.cpp(256) : 0xf7af7000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys "
.\debug.cpp(256) : 0xf793f000 0x0000c000 "\SystemRoot\system32\DRIVERS\L8042pr2.Sys "
.\debug.cpp(256) : 0xf794f000 0x00010000 "\SystemRoot\system32\DRIVERS\LMouFlt2.Sys "
.\debug.cpp(256) : 0xf7aff000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys "
.\debug.cpp(256) : 0xf7b07000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys "
.\debug.cpp(256) : 0xf6a87000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys "
.\debug.cpp(256) : 0xf795f000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys "
.\debug.cpp(256) : 0xf796f000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys "
.\debug.cpp(256) : 0xf797f000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys "
.\debug.cpp(256) : 0xf7c57000 0x00003000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys "
.\debug.cpp(256) : 0xf7d7a000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys "
.\debug.cpp(256) : 0xf79df000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys "
.\debug.cpp(256) : 0xf7c5f000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys "
.\debug.cpp(256) : 0xf6a70000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys "
.\debug.cpp(256) : 0xf781f000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys "
.\debug.cpp(256) : 0xf782f000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys "
.\debug.cpp(256) : 0xf7b0f000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS "
.\debug.cpp(256) : 0xf69bf000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys "
.\debug.cpp(256) : 0xf783f000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys "
.\debug.cpp(256) : 0xf7b17000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys "
.\debug.cpp(256) : 0xf7b1f000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys "
.\debug.cpp(256) : 0xf698f000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys "
.\debug.cpp(256) : 0xf784f000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys "
.\debug.cpp(256) : 0xf7cdb000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys "
.\debug.cpp(256) : 0xf6931000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys "
.\debug.cpp(256) : 0xf74ee000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys "
.\debug.cpp(256) : 0xf788f000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS "
.\debug.cpp(256) : 0xee6f3000 0x0021e000 "\SystemRoot\system32\drivers\RtkHDAud.sys "
.\debug.cpp(256) : 0xee6cf000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys "
.\debug.cpp(256) : 0xf78af000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys "
.\debug.cpp(256) : 0xee6a7000 0x00028000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys "
.\debug.cpp(256) : 0xee5a8000 0x000ff000 "\SystemRoot\system32\DRIVERS\HSF_DP.sys "
.\debug.cpp(256) : 0xee501000 0x000a7000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys "
.\debug.cpp(256) : 0xf7b2f000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS "
.\debug.cpp(256) : 0xf78bf000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys "
.\debug.cpp(256) : 0xf7ce7000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS "
.\debug.cpp(256) : 0xf7b37000 0x00005000 "\SystemRoot\system32\DRIVERS\flpydisk.sys "
.\debug.cpp(256) : 0xf7cf7000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS "
.\debug.cpp(256) : 0xf7e06000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS "
.\debug.cpp(256) : 0xf7cf9000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS "
.\debug.cpp(256) : 0xf7b47000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS "
.\debug.cpp(256) : 0xf7b4f000 0x00006000 "\SystemRoot\System32\drivers\vga.sys "
.\debug.cpp(256) : 0xf7cfb000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS "
.\debug.cpp(256) : 0xf7cfd000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys "
.\debug.cpp(256) : 0xb6709000 0x00017000 "\SystemRoot\System32\Drivers\meiudf.sys "
.\debug.cpp(256) : 0xb66f8000 0x00011000 "\SystemRoot\System32\Drivers\Udfs.SYS "
.\debug.cpp(256) : 0xf7b57000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS "
.\debug.cpp(256) : 0xf7b5f000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS "
.\debug.cpp(256) : 0xf7c0b000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys "
.\debug.cpp(256) : 0xb66e5000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys "
.\debug.cpp(256) : 0xb668c000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys "
.\debug.cpp(256) : 0xf78ef000 0x0000c000 "\SystemRoot\System32\Drivers\aswTdi.SYS "
.\debug.cpp(256) : 0xb6666000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys "
.\debug.cpp(256) : 0xb6616000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys "
.\debug.cpp(256) : 0xf790f000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys "
.\debug.cpp(256) : 0xf7b67000 0x00007000 "\SystemRoot\System32\Drivers\aswRdr.SYS "
.\debug.cpp(256) : 0xb65f4000 0x00022000 "\SystemRoot\System32\drivers\afd.sys "
.\debug.cpp(256) : 0xf798f000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys "
.\debug.cpp(256) : 0xf799f000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys "
.\debug.cpp(256) : 0xb65c9000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys "
.\debug.cpp(256) : 0xb6559000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys "
.\debug.cpp(256) : 0xf79af000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS "
.\debug.cpp(256) : 0xf7e11000 0x00001000 "\SystemRoot\system32\DRIVERS\DMICall.sys "
.\debug.cpp(256) : 0xb6508000 0x00051000 "\SystemRoot\System32\Drivers\aswSP.SYS "
.\debug.cpp(256) : 0xb646e000 0x0009a000 "\SystemRoot\System32\Drivers\aswSnx.SYS "
.\debug.cpp(256) : 0xf6a60000 0x0000b000 "\SystemRoot\System32\Drivers\Aavmker4.SYS "
.\debug.cpp(256) : 0xf7a4f000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS "
.\debug.cpp(256) : 0xf6a40000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS "
.\debug.cpp(256) : 0xb642e000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys "
.\debug.cpp(256) : 0xf7ca5000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS "
.\debug.cpp(256) : 0xbf800000 0x001c7000 "\SystemRoot\System32\win32k.sys "
.\debug.cpp(256) : 0xb6652000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys "
.\debug.cpp(256) : 0xf7a67000 0x00005000 "\SystemRoot\System32\watchdog.sys "
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys "
.\debug.cpp(256) : 0xf7e5f000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys "
.\debug.cpp(256) : 0xbf012000 0x00039000 "\SystemRoot\System32\ati2dvag.dll "
.\debug.cpp(256) : 0xbf04b000 0x0003c000 "\SystemRoot\System32\ati2cqag.dll "
.\debug.cpp(256) : 0xbf087000 0x00227000 "\SystemRoot\System32\ati3duag.dll "
.\debug.cpp(256) : 0xbf2ae000 0x00076000 "\SystemRoot\System32\ativvaxx.dll "
.\debug.cpp(256) : 0xb53e2000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS "
.\debug.cpp(256) : 0xbf324000 0x00047000 "\SystemRoot\System32\ATMFD.DLL "
.\debug.cpp(256) : 0xb5336000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS "
.\debug.cpp(256) : 0xb52ae000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys "
.\debug.cpp(256) : 0xb5084000 0x00016000 "\SystemRoot\System32\Drivers\aswMon2.SYS "
.\debug.cpp(256) : 0xb4e77000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys "
.\debug.cpp(256) : 0xb4d8b000 0x00003000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys "
.\debug.cpp(256) : 0xb4c17000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys "
.\debug.cpp(256) : 0xb4a27000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys "
.\debug.cpp(256) : 0xf7a6f000 0x00006000 "\??\C:\WINDOWS\system32\drivers\symlcbrd.sys "
.\debug.cpp(256) : 0xb4aa4000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys "
.\debug.cpp(256) : 0xf7d0b000 0x00002000 "\SystemRoot\system32\drivers\MSPQM.sys "
.\debug.cpp(256) : 0xf7acf000 0x00005000 "\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys "
.\debug.cpp(256) : 0xb3bee000 0x00019000 "\??\C:\DOCUME~1\Donna\LOCALS~1\Temp\kglcqfoc.sys "
.\debug.cpp(256) : 0xb40d2000 0x0000c000 "\??\C:\DOCUME~1\Donna\LOCALS~1\Temp\aswMBR.sys "
.\debug.cpp(256) : 0xf7ab7000 0x00007000 "\??\C:\DOCUME~1\Donna\LOCALS~1\Temp\mbr.sys "
.\debug.cpp(256) : 0xb3a47000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys "
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll "
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPIONEER_DVD-RW__DVR-108_________________1.10____#5&34b6c6bd&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS "
.\debug.cpp(400) : Destination "\Device\Ndis "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D: "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMBR "
.\debug.cpp(400) : Destination "\Device\aswMBR "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_4444&DEV_0016&SUBSYS_813D104D&REV_01#4&23c0b1c&0&20F0#{a799a802-a46d-11d0-a18c-00a02401dcd4} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&31a75f5f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1 "
.\debug.cpp(400) : Destination "\Device\Video0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F0A162D7-A39E-400C-8C80-D6677B48AA1C} "
.\debug.cpp(400) : Destination "\Device\{F0A162D7-A39E-400C-8C80-D6677B48AA1C} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4b47d6c6-aff7-11db-bff9-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{50b6de08-7c09-11da-949d-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP "
.\debug.cpp(400) : Destination "\Device\aswSP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F03#4&2d2d400&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000005c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D2BB5AD4-823E-4FD6-AF8E-0F3766796241} "
.\debug.cpp(400) : Destination "\Device\{D2BB5AD4-823E-4FD6-AF8E-0F3766796241} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000034 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2 "
.\debug.cpp(400) : Destination "\Device\Video1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon "
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip "
.\debug.cpp(400) : Destination "\Device\Ip "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2 "
.\debug.cpp(400) : Destination "\Device\aswSP_Pot2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_DVD_RW_DRU-830A____________________SS25____#5&34b6c6bd&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3 "
.\debug.cpp(400) : Destination "\Device\Video2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1f62b31b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_DVD_RW_DRU-830A____________________SS25____#5&34b6c6bd&0&0.1.0#{1186654d-47b8-48b9-beb9-7df113ae3c67} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&2a24b7f7&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E: "
.\debug.cpp(400) : Destination "\Device\CdRom1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev "
.\debug.cpp(400) : Destination "\Device\IPSEC "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&1253067a&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Harddisk5\DP(1)0-0+c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4 "
.\debug.cpp(400) : Destination "\Device\Video3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000033 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO SoftV92 Data Fax Modem with SmartCP "
.\debug.cpp(400) : Destination "\Device\0000006e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DMICALL "
.\debug.cpp(400) : Destination "\Device\DMICall "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY "
.\debug.cpp(400) : Destination "\Device\NDProxy "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWMON "
.\debug.cpp(400) : Destination "\Device\aswMon "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_1058&Pid_1100#57442D574341535533303137313933#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5 "
.\debug.cpp(400) : Destination "\Device\Video4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP "
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kglcqfoc "
.\debug.cpp(400) : Destination "\Device\kglcqfoc "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0880&SUBSYS_08800000&REV_0905#4&308dfb57&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e} "
.\debug.cpp(400) : Destination "\Device\0000006d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr "
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Sony&Prod_UMH-U_HS-MS&Rev_3.34#0000000BA3DA&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000079 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{50b6de04-7c09-11da-949d-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice "
.\debug.cpp(400) : Destination "\Device\WMIDataDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Sony&Prod_UMH-U_HS-SD#MMC&Rev_3.34#0000000BA3DA&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\0000007c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2659&SUBSYS_819D104D&REV_03#3&11583659&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_4444&DEV_0016&SUBSYS_813D104D&REV_01#4&23c0b1c&0&20F0#{7a5de1d3-01a1-452c-b481-4fa2b96271e8} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2d2d400&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000005b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE "
.\debug.cpp(400) : Destination "\Device\NamedPipe "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3 "
.\debug.cpp(400) : Destination "\Device\Winachsf0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSnx "
.\debug.cpp(400) : Destination "\Device\aswSnx "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G: "
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched "
.\debug.cpp(400) : Destination "\Device\PSched "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC "
.\debug.cpp(400) : Destination "\Device\Mup "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT "
.\debug.cpp(400) : Destination "\Device\IPNAT "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&a6d42ca&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice "
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0 "
.\debug.cpp(400) : Destination "\Device\USBFDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI "
.\debug.cpp(400) : Destination "\Device\ASWTDI "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswWalkStack "
.\debug.cpp(400) : Destination "\Device\aswWalkStack "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp "
.\debug.cpp(400) : Destination "\Device\Tcp "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_20030030&REV_0900#4&308dfb57&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42} "
.\debug.cpp(400) : Destination "\Device\0000006e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD "
.\debug.cpp(400) : Destination "\Device\VideoPdo0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1076&SUBSYS_81A2104D&REV_00#4&23c0b1c&0&30F0#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1 "
.\debug.cpp(400) : Destination "\Device\USBFDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000038 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{50b6de0a-7c09-11da-949d-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0 "
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer "
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN "
.\debug.cpp(400) : Destination "\DosDevices\LPT1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2 "
.\debug.cpp(400) : Destination "\Device\USBFDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000037 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H: "
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD2000JD-98HBB0_____________________08.02D08#4457572d414d4c4c303132383834_038_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-17 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1 "
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0880&SUBSYS_08800000&REV_0905#4&308dfb57&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000} "
.\debug.cpp(400) : Destination "\Device\0000006d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio "
.\debug.cpp(400) : Destination "\Device\sysaudio "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap "
.\debug.cpp(400) : Destination "\Device\FsWrap "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000036 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3 "
.\debug.cpp(400) : Destination "\Device\USBFDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0 "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2 "
.\debug.cpp(400) : Destination "\Device\Harddisk2\DR4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&1fa7b406&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4 "
.\debug.cpp(400) : Destination "\Device\USBFDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1 "
.\debug.cpp(400) : Destination "\Device\CdRom1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP_Open "
.\debug.cpp(400) : Destination "\Device\aswSP_Open "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_DVD_RW_DRU-830A____________________SS25____#5&34b6c6bd&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive3 "
.\debug.cpp(400) : Destination "\Device\Harddisk3\DR5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPIONEER_DVD-RW__DVR-108_________________1.10____#5&34b6c6bd&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000047 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000046 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global "
.\debug.cpp(400) : Destination "\GLOBAL?? "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I: "
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive4 "
.\debug.cpp(400) : Destination "\Device\Harddisk4\DR6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_15_Model_3#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000041 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0 "
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature44FDFE06Offset7E00Length7470980400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0880&SUBSYS_08800000&REV_0905#4&308dfb57&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive5 "
.\debug.cpp(400) : Destination "\Device\Harddisk5\DR7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{439D8D5E-334B-4BA1-B4A5-C12639795CC9} "
.\debug.cpp(400) : Destination "\Device\{439D8D5E-334B-4BA1-B4A5-C12639795CC9} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LogiProcMon "
.\debug.cpp(400) : Destination "\Device\LogiProcMon "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265B&SUBSYS_819D104D&REV_03#3&11583659&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_20030030&REV_0900#4&308dfb57&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4} "
.\debug.cpp(400) : Destination "\Device\0000006e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7e417026-deaf-11dd-a802-00112fdd4584} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&1fa7b406&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Sony&Prod_UMH-U_HS-XD&Rev_3.34#0000000BA3DA&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\0000007b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&3926830d&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0 "
.\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{15ECC4FE-4530-4B18-AB64-AAF4C6596D1A} "
.\debug.cpp(400) : Destination "\Device\{15ECC4FE-4530-4B18-AB64-AAF4C6596D1A} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394 "
.\debug.cpp(400) : Destination "\Device\ARP1394 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{87762C96-C6BA-4433-95F0-4602EC11E102} "
.\debug.cpp(400) : Destination "\Device\{87762C96-C6BA-4433-95F0-4602EC11E102} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\J: "
.\debug.cpp(400) : Destination "\Device\Harddisk5\DP(1)0-0+c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPIONEER_DVD-RW__DVR-108_________________1.10____#5&34b6c6bd&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F03#4&2d2d400&0#{f117b9b2-6e65-11d2-a148-00001c2053de} "
.\debug.cpp(400) : Destination "\Device\0000005c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager "
.\debug.cpp(400) : Destination "\Device\MountPointManager "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Sony&Prod_UMH-U_HS-CF&Rev_3.34#0000000BA3DA&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\0000007a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AAVMKER4 "
.\debug.cpp(400) : Destination "\Device\AavmKer4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&2a24b7f7&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&383fb3a6&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000032 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32 "
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig "
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&1253067a&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Harddisk5\DP(1)0-0+c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\K: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp "
.\debug.cpp(400) : Destination "\Device\WANARP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_4444&DEV_0016&SUBSYS_813D104D&REV_01#4&23c0b1c&0&20F0#{aa441f71-8668-4379-99b2-821a2ce6cb03} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_15_Model_3#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker "
.\debug.cpp(400) : Destination "\Device\USNTracker "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Handler "
.\debug.cpp(400) : Destination "\Device\aswSP_Handler "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_4444&DEV_0016&SUBSYS_813D104D&REV_01#4&23c0b1c&0&20F0#{a799a800-a46d-11d0-a18c-00a02401dcd4} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_4444&DEV_0016&SUBSYS_813D104D&REV_01#4&23c0b1c&0&20F0#{a799a801-a46d-11d0-a18c-00a02401dcd4} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace "
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A: "
.\debug.cpp(400) : Destination "\Device\Floppy0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_054c&Pid_01b4#0000000BA3DA#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#4&2d2d400&0#{97f76ef0-f883-11d0-af1f-0000f800845c} "
.\debug.cpp(400) : Destination "\Device\00000060 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_4444&DEV_0016&SUBSYS_813D104D&REV_01#4&23c0b1c&0&20F0#{00000000-0000-0000-0000-000000000000} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP "
.\debug.cpp(400) : Destination "\Device\NdisWanIp "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6da5b65a-596d-11dc-a7ba-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\CdRom1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&3926830d&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2d2d400&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\0000005b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265C&SUBSYS_819D104D&REV_03#3&11583659&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&b0205a9&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2658&SUBSYS_819D104D&REV_03#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6C5DB4A5-5236-471C-9E8E-F52B19533668} "
.\debug.cpp(400) : Destination "\Device\{6C5DB4A5-5236-471C-9E8E-F52B19533668} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMOUSE "
.\debug.cpp(400) : Destination "\Device\lmouse "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&559926a&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\FloppyPDO0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0 "
.\debug.cpp(400) : Destination "\Device\1394BUS0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature6B4ED26Offset1805E2000Length2D135D6200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_4444&DEV_0016&SUBSYS_813D104D&REV_01#4&23c0b1c&0&20F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&1018cd2a&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1} "
.\debug.cpp(400) : Destination "\Device\Parallel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_4444&DEV_0016&SUBSYS_813D104D&REV_01#4&23c0b1c&0&20F0#{6994ad05-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000035 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1 "
.\debug.cpp(400) : Destination "\Device\ParTechInc0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI "
.\debug.cpp(400) : Destination "\Device\NdisTapi "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan "
.\debug.cpp(400) : Destination "\Device\NdisWan "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_4444&DEV_0016&SUBSYS_813D104D&REV_01#4&23c0b1c&0&20F0#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1 "
.\debug.cpp(400) : Destination "\Device\NamedPipe\Spooler\LPT1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST "
.\debug.cpp(400) : Destination "\Device\IPMULTICAST "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0 "
.\debug.cpp(400) : Destination "\Device\MICH_AZ0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2 "
.\debug.cpp(400) : Destination "\Device\ParTechInc1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader "
.\debug.cpp(400) : Destination "\Device\DmLoader "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow "
.\debug.cpp(400) : Destination "\Device\LanmanRedirector "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{50b6de0b-7c09-11da-949d-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\Harddisk5\DP(1)0-0+c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_5B60&SUBSYS_0005104D&REV_00#4&37ad8b77&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3 "
.\debug.cpp(400) : Destination "\Device\ParTechInc2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{50b6de07-7c09-11da-949d-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\Floppy0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{50b6de09-7c09-11da-949d-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl "
.\debug.cpp(400) : Destination "\Device\FtControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr "
.\debug.cpp(400) : Destination "\Device\mbr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR "
.\debug.cpp(400) : Destination "\Device\ASWRDR "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar "
.\debug.cpp(400) : Destination "\Device\aswSP_Avar "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT "
.\debug.cpp(400) : Destination "\Device\MailSlot "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX "
.\debug.cpp(400) : Destination "\DosDevices\COM1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_00F2&SUBSYS_811E104D&REV_01#4&23c0b1c&0&18F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL "
.\debug.cpp(400) : Destination "\Device\Null "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_WD&Prod_5000AAV_External&Rev_1.65#57442D574341535533303137313933&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000078 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0880&SUBSYS_08800000&REV_0905#4&308dfb57&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio "
.\debug.cpp(400) : Destination "\Device\Ndisuio "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000003b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT "
.\debug.cpp(400) : Destination " "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NONSPOOLED_LPT1 "
.\debug.cpp(400) : Destination "\Device\Parallel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000003a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0880&SUBSYS_08800000&REV_0905#4&308dfb57&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\symlcbrd "
.\debug.cpp(400) : Destination "\Device\SymantecBiosReader "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AE354AB3-0F58-459C-9C84-454AD0EBB479} "
.\debug.cpp(400) : Destination "\Device\{AE354AB3-0F58-459C-9C84-454AD0EBB479} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265A&SUBSYS_819D104D&REV_03#3&11583659&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{147607C1-7F0C-46D8-BA82-03DB69D91EBD} "
.\debug.cpp(400) : Destination "\Device\{147607C1-7F0C-46D8-BA82-03DB69D91EBD} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo "
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo "
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`805e2000
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 99ed1954602173ef14b43a708afaa354
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 186 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1119) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1121) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1122) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1126) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1127) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1130) :
.\boot_cleaner.cpp(1152) : Done;

 

Don't know if Broni noticed this or not. You have several Java's and they are ALL outdated. Remove them from Add/Remove then go to Sun Jave and get the latest one. It is 7.4.

 

Thank you MrBill, I appreciate your post, but I will follow Broni's instructions to the letter, as he has saved me many times in the past.... It's all he asks of people seeking his help.

He usually recommends refreshing Java at the end of the cleaning process, so that nothing is added or subtracted unless he needs it to fix things. ;-)