Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet shuts down suddenly, at times won't.


  • Please log in to reply
10 replies to this topic

#1 tolelady

tolelady

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 14 September 2010 - 01:07 AM

My PC is an XP Home, service pack 2.
My internet has been acting strangely lately. Sometimes it comes up with a white page or takes a couple of trys, also difficult to close at times.
These messages are now showing and the pages closes down even when I try to debug, also it closes down immediately at times when I click on something and sometimes I can't type on the search line.

dbgheap.c, line 1132, debug errorm debug assertion failed, breakpoint.
Expression:-CH1sValidHeapPointer(pUserData)

I have disabled 3rd party browser extensions, and have took off Google as my search engine.
I'm clean of malware or viruses.

Go easy on explaining to me, I'm a senior and a little slower then I'd like to be at times understanding.
Thank you.

Edited by hamluis, 14 September 2010 - 07:18 PM.
Moved to Am I Infected from XP forum ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:15 PM

Posted 14 September 2010 - 03:56 AM

Hi :thumbsup:.

What browser? What version?

You realize that not having SP3 installed...makes your system more vulnerable to malware....than it would be if you had SP3 installed?

Louis

#3 tolelady

tolelady
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 14 September 2010 - 05:56 PM

I have Internet Explorer 7.

I didn't put service pack 3 on because I was hearing people were having too many problems with it, if that's wrong I will.

Thank you.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:15 PM

Posted 14 September 2010 - 06:22 PM

Appears that you posted this over two years ago and that thread died. That thread was posted in the MRL forum for malware logs, indicating that you believed this to be a malware issue.

Is that still true?

Louis

#5 tolelady

tolelady
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 14 September 2010 - 07:10 PM

Yes I had the problem before and was able to solve it myself, no such luck this time.
I ran Malwarebytes and my antivirus this time, and it's still happening afterwards, so I don't know what to think.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:15 PM

Posted 14 September 2010 - 07:17 PM

We can move it to a forum where they can take a closer look, thereby eliminating/confirming malware as a consideration.

Louis

#7 tolelady

tolelady
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 14 September 2010 - 07:22 PM

Ok, how do we do that, lol?

#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:15 PM

Posted 14 September 2010 - 07:23 PM

Would you run a fresh updated MBAM scan and post the log please

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Chewy

No. Try not. Do... or do not. There is no try.

#9 tolelady

tolelady
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 14 September 2010 - 08:10 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4617

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

14/09/2010 8:59:57 PM
mbam-log-2010-09-14 (20-59-57).txt

Scan type: Quick scan
Objects scanned: 150824
Time elapsed: 27 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

#10 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:15 PM

Posted 14 September 2010 - 08:38 PM

Let's look a little deeper for something that might be hiding?

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
Chewy

No. Try not. Do... or do not. There is no try.

#11 tolelady

tolelady
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 14 September 2010 - 10:22 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-14 23:20:17
Windows 5.1.2600 Service Pack 2
Running: 0719i50w.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ugldapob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xF77C2CD6]
SSDT \??\C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xF77C2CF0]
SSDT \??\C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xF77C1E8C]
SSDT \??\C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xF77C21BC]
SSDT \??\C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xF77C1BCC]
SSDT \??\C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xF77C25EE]
SSDT \??\C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xF77C388C]
SSDT \??\C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xF77C243E]
SSDT \??\C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xF77C1A4C]
SSDT \??\C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xF77C1EC0]
SSDT \??\C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xF77C2042]
SSDT \??\C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xF77C19A6]
SSDT \??\C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xF77C1B06]
SSDT \??\C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xF77C1F86]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2728 80501618 12 Bytes [4C, 1A, 7C, F7, C0, 1E, 7C, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[164] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0156000C
.text C:\WINDOWS\Explorer.EXE[164] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0156100C
.text C:\WINDOWS\Explorer.EXE[164] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0156200C
.text C:\WINDOWS\Explorer.EXE[164] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 0156300C
.text C:\WINDOWS\Explorer.EXE[164] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 0156700C
.text C:\WINDOWS\Explorer.EXE[164] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 0156500C
.text C:\WINDOWS\Explorer.EXE[164] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 0156600C
.text C:\WINDOWS\Explorer.EXE[164] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0156800C
.text C:\WINDOWS\Explorer.EXE[164] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 0156400C
.text C:\WINDOWS\Explorer.EXE[164] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 0156A00C
.text C:\WINDOWS\Explorer.EXE[164] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 0156900C
.text C:\Program Files\Java\jre6\bin\jqs.exe[388] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0279000C
.text C:\Program Files\Java\jre6\bin\jqs.exe[388] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0279100C
.text C:\Program Files\Java\jre6\bin\jqs.exe[388] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0279200C
.text C:\Program Files\Java\jre6\bin\jqs.exe[388] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 0279300C
.text C:\Program Files\Java\jre6\bin\jqs.exe[388] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 0279700C
.text C:\Program Files\Java\jre6\bin\jqs.exe[388] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 0279500C
.text C:\Program Files\Java\jre6\bin\jqs.exe[388] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 0279600C
.text C:\Program Files\Java\jre6\bin\jqs.exe[388] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0279800C
.text C:\Program Files\Java\jre6\bin\jqs.exe[388] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 0279900C
.text C:\Program Files\Java\jre6\bin\jqs.exe[388] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 0279400C
.text C:\Program Files\Java\jre6\bin\jqs.exe[388] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 0279A00C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[488] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008E000C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[488] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 008E100C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[488] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008E200C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[488] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 008E300C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[488] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 008E700C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[488] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 008E500C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[488] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 008E600C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[488] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 008E800C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[488] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 008E900C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[488] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 008E400C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[488] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 008EA00C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[592] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 0091000C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[592] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[592] ntdll.dll!NtCreateProcessEx 7C90D15E 3 Bytes JMP 0091100C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[592] ntdll.dll!NtCreateProcessEx + 4 7C90D162 1 Byte [84]
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[592] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0091200C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[592] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 0091300C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[592] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 0091400C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[592] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 0091A00C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[592] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 0091700C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[592] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 0091500C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[592] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 0091600C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[592] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0091800C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[592] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 0091900C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0223000C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0223100C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0223200C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 0223300C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 0223700C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 0223500C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 0223600C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0223800C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 0223400C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 0223A00C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 0223900C
.text C:\Program Files\Registry Mechanic\RegMech.exe[664] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0457000C
.text C:\Program Files\Registry Mechanic\RegMech.exe[664] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0457100C
.text C:\Program Files\Registry Mechanic\RegMech.exe[664] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0457200C
.text C:\Program Files\Registry Mechanic\RegMech.exe[664] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 0457300C
.text C:\Program Files\Registry Mechanic\RegMech.exe[664] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 0457400C
.text C:\Program Files\Registry Mechanic\RegMech.exe[664] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 0457A00C
.text C:\Program Files\Registry Mechanic\RegMech.exe[664] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 0457700C
.text C:\Program Files\Registry Mechanic\RegMech.exe[664] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 0457500C
.text C:\Program Files\Registry Mechanic\RegMech.exe[664] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 0457600C
.text C:\Program Files\Registry Mechanic\RegMech.exe[664] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0457800C
.text C:\Program Files\Registry Mechanic\RegMech.exe[664] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 0457900C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02E3000C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02E3100C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[720] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02E3200C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[720] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 02E3300C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[720] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 02E3400C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[720] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 02E3A00C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[720] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 02E3700C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[720] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 02E3500C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[720] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 02E3600C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[720] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 02E3800C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[720] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 02E3900C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[736] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 041D000C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[736] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 041D100C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[736] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 041D200C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[736] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 041D300C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[736] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 041D700C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[736] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 041D500C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[736] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 041D600C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[736] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 041D800C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[736] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 041D400C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[736] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 041DA00C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[736] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 041D900C
.text C:\WINDOWS\ALCXMNTR.EXE[788] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0092000C
.text C:\WINDOWS\ALCXMNTR.EXE[788] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0092100C
.text C:\WINDOWS\ALCXMNTR.EXE[788] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0092200C
.text C:\WINDOWS\ALCXMNTR.EXE[788] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 0092300C
.text C:\WINDOWS\ALCXMNTR.EXE[788] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 0092400C
.text C:\WINDOWS\ALCXMNTR.EXE[788] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 0092A00C
.text C:\WINDOWS\ALCXMNTR.EXE[788] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 0092700C
.text C:\WINDOWS\ALCXMNTR.EXE[788] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 0092500C
.text C:\WINDOWS\ALCXMNTR.EXE[788] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 0092600C
.text C:\WINDOWS\ALCXMNTR.EXE[788] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0092800C
.text C:\WINDOWS\ALCXMNTR.EXE[788] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 0092900C
.text C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe[840] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01C6000C
.text C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe[840] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 01C6100C
.text C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe[840] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01C6200C
.text C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe[840] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 01C6300C
.text C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe[840] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 01C6400C
.text C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe[840] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 01C6A00C
.text C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe[840] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 01C6700C
.text C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe[840] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 01C6500C
.text C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe[840] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 01C6600C
.text C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe[840] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 01C6800C
.text C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe[840] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 01C6900C
.text C:\WINDOWS\system32\winlogon.exe[1020] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BD000C
.text C:\WINDOWS\system32\winlogon.exe[1020] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BD100C
.text C:\WINDOWS\system32\winlogon.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BD200C
.text C:\WINDOWS\system32\winlogon.exe[1020] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 00BD300C
.text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 00BD700C
.text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 00BD500C
.text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 00BD600C
.text C:\WINDOWS\system32\winlogon.exe[1020] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 00BD800C
.text C:\WINDOWS\system32\winlogon.exe[1020] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00BD400C
.text C:\WINDOWS\system32\winlogon.exe[1020] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 00BDA00C
.text C:\WINDOWS\system32\winlogon.exe[1020] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00BD900C
.text C:\WINDOWS\system32\lsass.exe[1092] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C8000C
.text C:\WINDOWS\system32\lsass.exe[1092] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C8100C
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C8200C
.text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 00C8300C
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 00C8700C
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 00C8500C
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 00C8600C
.text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 00C8800C
.text C:\WINDOWS\system32\lsass.exe[1092] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00C8400C
.text C:\WINDOWS\system32\lsass.exe[1092] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 00C8A00C
.text C:\WINDOWS\system32\lsass.exe[1092] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00C8900C
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 022D000C
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 022D100C
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 022D200C
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 022D300C
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 022D400C
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 022DA00C
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 022D900C
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 022D700C
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 022D500C
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 022D600C
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 022D800C
.text C:\WINDOWS\system32\Ati2evxx.exe[1992] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B3000C
.text C:\WINDOWS\system32\Ati2evxx.exe[1992] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B3100C
.text C:\WINDOWS\system32\Ati2evxx.exe[1992] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B3200C
.text C:\WINDOWS\system32\Ati2evxx.exe[1992] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 00B3300C
.text C:\WINDOWS\system32\Ati2evxx.exe[1992] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00B3400C
.text C:\WINDOWS\system32\Ati2evxx.exe[1992] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 00B3A00C
.text C:\WINDOWS\system32\Ati2evxx.exe[1992] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00B3900C
.text C:\WINDOWS\system32\Ati2evxx.exe[1992] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 00B3700C
.text C:\WINDOWS\system32\Ati2evxx.exe[1992] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 00B3500C
.text C:\WINDOWS\system32\Ati2evxx.exe[1992] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 00B3600C
.text C:\WINDOWS\system32\Ati2evxx.exe[1992] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 00B3800C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2212] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0079000C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2212] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0079100C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2212] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0079200C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2212] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 0079300C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2212] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 0079400C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2212] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 0079A00C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2212] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 0079700C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2212] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 0079500C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2212] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 0079600C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2212] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0079800C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2212] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 0079900C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02D4000C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02D4100C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02D4200C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 02D4300C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 02D4700C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 02D4500C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 02D4600C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 02D4800C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 02D4400C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 02D4A00C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 02D4900C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2848] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C3000C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2848] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C3100C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2848] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C3200C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2848] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 00C3300C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2848] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 00C3700C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2848] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 00C3500C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2848] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 00C3600C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2848] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 00C3800C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2848] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00C3900C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2848] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00C3400C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2848] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 00C3A00C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 04BA000C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2888] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 04BA100C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2888] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 04BA200C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2888] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 04BA300C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2888] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 04BA700C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2888] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 04BA500C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2888] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 04BA600C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2888] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 04BA800C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2888] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 04BA400C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2888] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 04BAA00C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2888] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 04BA900C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3256] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 010E000C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3256] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 010E100C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3256] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 010E200C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3256] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 010E300C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3256] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 010E400C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3256] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 010EA00C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3256] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 010E700C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3256] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 010E500C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3256] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 010E600C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3256] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 010E800C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3256] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 010E900C
.text C:\WINDOWS\System32\alg.exe[3476] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007F000C
.text C:\WINDOWS\System32\alg.exe[3476] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 007F100C
.text C:\WINDOWS\System32\alg.exe[3476] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007F200C
.text C:\WINDOWS\System32\alg.exe[3476] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 007F300C
.text C:\WINDOWS\System32\alg.exe[3476] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 007F400C
.text C:\WINDOWS\System32\alg.exe[3476] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 007FA00C
.text C:\WINDOWS\System32\alg.exe[3476] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 007F700C
.text C:\WINDOWS\System32\alg.exe[3476] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 007F500C
.text C:\WINDOWS\System32\alg.exe[3476] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 007F600C
.text C:\WINDOWS\System32\alg.exe[3476] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 007F800C
.text C:\WINDOWS\System32\alg.exe[3476] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 007F900C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3516] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008D000C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3516] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 008D100C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3516] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008D200C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3516] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 008D300C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3516] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 008D400C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3516] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 008DA00C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3516] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 008D700C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3516] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 008D500C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3516] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 008D600C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3516] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 008D800C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3516] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 008D900C
.text c:\windows\system\hpsysdrv.exe[3784] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0086000C
.text c:\windows\system\hpsysdrv.exe[3784] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0086100C
.text c:\windows\system\hpsysdrv.exe[3784] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0086200C
.text c:\windows\system\hpsysdrv.exe[3784] kernel32.dll!TerminateThread 7C81CE13 5 Bytes JMP 0086300C
.text c:\windows\system\hpsysdrv.exe[3784] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 0086400C
.text c:\windows\system\hpsysdrv.exe[3784] USER32.dll!DdeConnect 7E457F93 5 Bytes JMP 0086900C
.text c:\windows\system\hpsysdrv.exe[3784] ADVAPI32.dll!CloseServiceHandle 77DE5BED 5 Bytes JMP 0086700C
.text c:\windows\system\hpsysdrv.exe[3784] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 0086500C
.text c:\windows\system\hpsysdrv.exe[3784] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 0086600C
.text c:\windows\system\hpsysdrv.exe[3784] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0086800C
.text c:\windows\system\hpsysdrv.exe[3784] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 0086A00C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0133BCA0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0133BC50
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01337EA0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01339100
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0133AA10
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01339370
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01339180
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0133A010
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0133B950
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0133B990
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0133BD30
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0133B810
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0133A970
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 01339930
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 013392E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 01339660
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0133C2B0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0133A360
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0133A7D0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0133AE90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0133AC20
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0133AE10
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0133B2F0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0133B000
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 01339250
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 013397E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0133BA70
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0133AD60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0133A910
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 0133A790
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 0133AB20
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 0133BD50
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 0133AB60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 0133BFF0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 0133BF90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0133C1E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0133C280
IAT C:\Program Files\Registry Mechanic\RegMech.exe[664] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 0133C0B0

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users