Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Numerous Popups about Unauthorized Changes


  • This topic is locked This topic is locked
20 replies to this topic

#1 KAPM

KAPM

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:17 PM

Posted 30 June 2011 - 04:02 PM

Hi,

I am helping a friend with their computer. They are complaining of numerous popups concerning unauthorized changes, no further details at this time. I will provide the details if I see them. In addition some links do not open with a left click, but instead have to use a right click and select open/run.

Here are some Malwarebytes logs from a couple of weeks ago:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6893

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

6/19/2011 8:35:57 PM
mbam-log-2011-06-19 (20-35-57).txt

Scan type: Quick scan
Objects scanned: 177152
Time elapsed: 7 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Taylor\AppData\Roaming\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> Delete on reboot.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.dll (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.xpt (PUP.PlaySushi) -> Not selected for removal.


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6893

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

6/19/2011 8:26:49 PM
mbam-log-2011-06-19 (20-26-49).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 291543
Time elapsed: 46 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAx.Info (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAx.Info.1 (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\HBLite@HBLite.com (Adware.HotBar) -> Value: HBLite@HBLite.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\Taylor\AppData\Roaming\HBLite (Adware.Hotbar) -> Delete on reboot.
c:\programdata\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.329.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.329.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.329.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.329.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> Not selected for removal.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> Not selected for removal.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> Not selected for removal.

Files Infected:
c:\program files\mozilla firefox\plugins\npclntax_hblitesa.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.329.0\launchhelp.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.329.0\firefox\extensions\plugins\npclntax_hblitesa.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.329.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar uninstall instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> Not selected for removal.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf (PUP.PlaySushi) -> Not selected for removal.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar (PUP.PlaySushi) -> Not selected for removal.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.dll (PUP.PlaySushi) -> Not selected for removal.
c:\Users\Taylor\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.xpt (PUP.PlaySushi) -> Not selected for removal.


Here are the logs from the preparation instructions:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6000.17037
Run by Taylor at 13:13:56 on 2011-06-30
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.881 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\dlcxcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071002
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [<NO NAME>]
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [%PROVIDERID%] "bin\sprtcmd.exe" /P %PROVIDERID%
mRun: [QwestTouchPointAgent] "c:\program files\qwest\desktop\QwestTouchPointAgent.exe" /autostart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [DelayShred] "c:\program files\mcafee\mshr\shrcl.exe" /p7 /q c:\users\taylor\appdata\local\temp\low\HSPERF~1.SH!
StartupFolder: c:\users\taylor\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{07F27F47-DA08-45CA-B45C-302AC2EA7C85} : DhcpNameServer = 192.168.0.1 205.171.3.25
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\taylor\appdata\roaming\mozilla\firefox\profiles\z3p1xnxg.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=14196&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=A3C04733-8E23-41F9-B4A4-92DF0C7211F1&apn_ptnrs=FM&apn_sauid=B0E5BC74-834B-4A89-BAD5-2A4ADF05A1A7&apn_dtid=TES002FHUS&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\hblite\bin\11.0.329.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HBLiteSA.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\taylor\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-4-2 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-4-2 192984]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-4-2 102232]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-2 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-14 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-14 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-14 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-6-16 42184]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2011-6-16 121000]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-18 366640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-21 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-18 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-10 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2011-06-30 08:13:23 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{13d26e24-9c9b-4f79-a18c-05eaf1d7b5f8}\mpengine.dll
2011-06-19 02:42:32 -------- d-----w- c:\users\taylor\appdata\roaming\Malwarebytes
2011-06-19 02:42:23 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-19 02:42:23 -------- d-----w- c:\programdata\Malwarebytes
2011-06-19 02:42:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 02:42:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-05-25 01:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:04:46 102232 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03:31 192984 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
============= FINISH: 13:14:50.22 ===============


[attachment=101253:Attach.txt]

BC AdBot (Login to Remove)

 


#2 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:17 PM

Posted 30 June 2011 - 04:06 PM

Here is part of the remaining log, I am unable to attach the entire thing, so will split into multiple posts.

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-30 14:24:36
Windows 6.0.6000 Harddisk0\DR0 -> \Device\00000058 SAMSUNG_ rev.CP10
Running: gmer.exe; Driver: C:\Users\Taylor\AppData\Local\Temp\uflyipod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8CF63202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8D592CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8CF6581C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8CF65874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8CF6598A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8CF65772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8CF658C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8CF657C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8CF65938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8CF63226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0x8D59B348]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8D592D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8CF62FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8CF6324A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8CF65D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8CF63CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8CF6584C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8CF6589C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8CF659B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8CF6579E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0x8D59B284]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8CF65904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8CF657F4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0x8D59B2EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8CF65962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8D592DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8CF63BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8CF6326E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8CF63292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8CF6304A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8CF63186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8CF63162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8CF631AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8CF632B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D5A8902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 5CC 82080AD8 4 Bytes [EA, B2, 59, 8D]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 821BE9A7 4 Bytes CALL 8CF6434B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 821C6428 4 Bytes CALL 8CF64361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 821F1ADB 5 Bytes JMP 8D5A42BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 821F75F6 5 Bytes JMP 8D5A5D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82212645 7 Bytes JMP 8D5A8906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\Users\Taylor\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\spoolsv.exe[284] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000901F8
.text C:\Windows\System32\spoolsv.exe[284] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000903FC
.text C:\Windows\System32\spoolsv.exe[284] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[284] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000B03FC
.text C:\Windows\System32\spoolsv.exe[284] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 000B0600
.text C:\Windows\System32\spoolsv.exe[284] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 000B0A08
.text C:\Windows\System32\spoolsv.exe[284] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 000B1014
.text C:\Windows\System32\spoolsv.exe[284] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 000B0804
.text C:\Windows\System32\spoolsv.exe[284] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\spoolsv.exe[284] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 000B0E10
.text C:\Windows\System32\spoolsv.exe[284] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000B01F8
.text C:\Windows\System32\spoolsv.exe[284] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00200A08
.text C:\Windows\System32\spoolsv.exe[284] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00200600
.text C:\Windows\System32\spoolsv.exe[284] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00200804
.text C:\Windows\System32\spoolsv.exe[284] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 002003FC
.text C:\Windows\System32\spoolsv.exe[284] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 002001F8
.text C:\Windows\system32\svchost.exe[376] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[376] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[376] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 001F0A08
.text C:\Windows\system32\svchost.exe[376] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[376] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 001F0804
.text C:\Windows\system32\svchost.exe[376] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001F03FC
.text C:\Windows\system32\svchost.exe[376] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[396] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8
.text C:\Windows\system32\csrss.exe[548] KERNEL32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[604] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\wininit.exe[604] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[604] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[604] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[604] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[604] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[604] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[604] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[604] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[604] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[604] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[604] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[604] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000603FC
.text C:\Windows\system32\wininit.exe[604] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[640] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[640] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[640] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[640] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[640] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[640] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[640] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Windows\system32\services.exe[640] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[672] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[672] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[672] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[672] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[672] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[672] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[672] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[692] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001703FC
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00170600
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00170A08
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00171014
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00170804
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00170C0C
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00170E10
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00161014
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00160C0C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00160E10
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[752] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[772] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00160600
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00160A08
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00161014
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00160804
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00160C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00160E10
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00170A08
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00170600
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00170804
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!DialogBoxIndirectParamW 775B14EA 5 Bytes JMP 6C6C2046 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!MessageBoxExA 775C570D 5 Bytes JMP 6C6C1F8D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!DialogBoxParamA 775C65BF 5 Bytes JMP 6C6C200B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!MessageBoxIndirectW 775CF1B3 5 Bytes JMP 6C5717EA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!DialogBoxParamW 775D129F 5 Bytes JMP 6C54F4B9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!DialogBoxIndirectParamA 775F29C9 5 Bytes JMP 6C6C2081 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!MessageBoxIndirectA 775FFACF 5 Bytes JMP 6C6C1FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!MessageBoxExW 775FFBC9 5 Bytes JMP 6C6C1F53 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] SHELL32.dll!DAD_ShowDragImage + CC 7619E958 4 Bytes [01, 0C, 85, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[772] SHELL32.dll!DAD_ShowDragImage + D4 7619E960 8 Bytes [0F, 0B, 85, 66, 8F, 32, 84, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ole32.dll!OleLoadFromStream 770108B2 5 Bytes JMP 6C6C2243 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] WININET.dll!HttpOpenRequestA 76D7AA7B 2 Bytes JMP 02950000
.text C:\Program Files\Internet Explorer\iexplore.exe[772] WININET.dll!HttpOpenRequestA + 3 76D7AA7E 2 Bytes [BD, 8B]
.text C:\Program Files\Internet Explorer\iexplore.exe[772] WININET.dll!HttpOpenRequestW 76D7C49A 5 Bytes JMP 02960000
.text C:\Program Files\Internet Explorer\iexplore.exe[772] WININET.dll!HttpSendRequestA 76D83558 5 Bytes JMP 02940000
.text C:\Program Files\Internet Explorer\iexplore.exe[772] WININET.dll!HttpSendRequestW 76D8FDF9 5 Bytes JMP 02930000
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ws2_32.dll!closesocket 76D33847 5 Bytes JMP 664FEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ws2_32.dll!send 76D33A8A 5 Bytes JMP 664FE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ws2_32.dll!socket 76D34358 5 Bytes JMP 664FE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ws2_32.dll!recv 76D34ABD 5 Bytes JMP 664FF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ws2_32.dll!connect 76D34BA7 5 Bytes JMP 664FE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] ws2_32.dll!getaddrinfo 76D34C58 5 Bytes JMP 664FE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[848] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00110A08
.text C:\Windows\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00110600
.text C:\Windows\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00110804
.text C:\Windows\system32\svchost.exe[848] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001103FC
.text C:\Windows\system32\svchost.exe[848] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001101F8
.text C:\Program Files\Windows Defender\MSASCui.exe[872] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[872] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[872] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[872] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[872] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Program Files\Windows Defender\MSASCui.exe[872] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Defender\MSASCui.exe[872] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Program Files\Windows Defender\MSASCui.exe[872] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Program Files\Windows Defender\MSASCui.exe[872] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[872] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Defender\MSASCui.exe[872] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[872] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Defender\MSASCui.exe[872] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[872] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[872] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Defender\MSASCui.exe[872] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8
.text C:\Windows\system32\nvvsvc.exe[900] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001401F8
.text C:\Windows\system32\nvvsvc.exe[900] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001403FC
.text C:\Windows\system32\nvvsvc.exe[900] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[900] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00160A08
.text C:\Windows\system32\nvvsvc.exe[900] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00160600
.text C:\Windows\system32\nvvsvc.exe[900] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00160804
.text C:\Windows\system32\nvvsvc.exe[900] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001603FC
.text C:\Windows\system32\nvvsvc.exe[900] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001601F8
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001703FC
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00170600
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00170A08
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00171014
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00170804
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00170C0C
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00170E10
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[928] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[928] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001003FC
.text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001001F8
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00260A08
.text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00260600
.text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00260804
.text C:\Windows\System32\svchost.exe[972] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 002603FC
.text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 002601F8
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 000B1014
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 000B0E10
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00230A08
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00230600
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00230804
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 002303FC
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 002301F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000B03FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 000B0600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 000B0A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 000B1014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 000B0804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 000B0C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 000B0E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000B01F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 000C0A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 000C0600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 000C0804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000C03FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1060] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000C01F8
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00220A08
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00220600
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00220804
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 002203FC
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 002201F8
.text C:\Windows\system32\svchost.exe[1144] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00170600
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00170A08
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00171014
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00170804
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00170C0C
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00170E10
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 001C0A08
.text C:\Windows\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 001C0600
.text C:\Windows\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 001C0804
.text C:\Windows\system32\svchost.exe[1144] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001C03FC
.text C:\Windows\system32\svchost.exe[1144] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001C01F8
.text C:\Windows\system32\AUDIODG.EXE[1220] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 001F0A08
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 001F0804
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001F03FC
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001F01F8
.text C:\Windows\system32\SLsvc.exe[1252] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00270A08
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00270600
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00270804
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 002703FC
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 002701F8
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1460] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001801F8
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1496] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1528] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8

#3 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:17 PM

Posted 30 June 2011 - 04:08 PM

Here is the remainder of the GMER log:


.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1560] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[1560] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00170600
.text C:\Windows\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00170A08
.text C:\Windows\system32\svchost.exe[1560] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00171014
.text C:\Windows\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00170804
.text C:\Windows\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00170C0C
.text C:\Windows\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00170E10
.text C:\Windows\system32\svchost.exe[1560] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[1560] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00270A08
.text C:\Windows\system32\svchost.exe[1560] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00270600
.text C:\Windows\system32\svchost.exe[1560] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00270804
.text C:\Windows\system32\svchost.exe[1560] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 002703FC
.text C:\Windows\system32\svchost.exe[1560] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 002701F8
.text C:\Windows\system32\dlcxcoms.exe[1572] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001401F8
.text C:\Windows\system32\dlcxcoms.exe[1572] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001403FC
.text C:\Windows\system32\dlcxcoms.exe[1572] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\dlcxcoms.exe[1572] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00160A08
.text C:\Windows\system32\dlcxcoms.exe[1572] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00160600
.text C:\Windows\system32\dlcxcoms.exe[1572] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00160804
.text C:\Windows\system32\dlcxcoms.exe[1572] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001603FC
.text C:\Windows\system32\dlcxcoms.exe[1572] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001601F8
.text C:\Windows\system32\dlcxcoms.exe[1572] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001703FC
.text C:\Windows\system32\dlcxcoms.exe[1572] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00170600
.text C:\Windows\system32\dlcxcoms.exe[1572] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00170A08
.text C:\Windows\system32\dlcxcoms.exe[1572] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00171014
.text C:\Windows\system32\dlcxcoms.exe[1572] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00170804
.text C:\Windows\system32\dlcxcoms.exe[1572] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00170C0C
.text C:\Windows\system32\dlcxcoms.exe[1572] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00170E10
.text C:\Windows\system32\dlcxcoms.exe[1572] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001701F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001501F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001503FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 003903FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00390600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00390A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00391014
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00390804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00390C0C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00390E10
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 003901F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 003A0A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 003A0600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 003A0804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 003A03FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1608] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 003A01F8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1692] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1692] kernel32.dll!SetUnhandledExceptionFilter 773DD15F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\afwServ.exe[1716] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[1816] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[1816] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[1816] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[1816] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000603FC
.text C:\Windows\system32\winlogon.exe[1816] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[1816] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00060A08
.text C:\Windows\system32\winlogon.exe[1816] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00061014
.text C:\Windows\system32\winlogon.exe[1816] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[1816] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00060C0C
.text C:\Windows\system32\winlogon.exe[1816] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00060E10
.text C:\Windows\system32\winlogon.exe[1816] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[1816] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00070A08
.text C:\Windows\system32\winlogon.exe[1816] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00070600
.text C:\Windows\system32\winlogon.exe[1816] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00070804
.text C:\Windows\system32\winlogon.exe[1816] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000703FC
.text C:\Windows\system32\winlogon.exe[1816] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000701F8
.text C:\Program Files\SetPoint\LBTWiz.exe[1920] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001501F8
.text C:\Program Files\SetPoint\LBTWiz.exe[1920] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001503FC
.text C:\Program Files\SetPoint\LBTWiz.exe[1920] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\SetPoint\LBTWiz.exe[1920] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 001E0A08
.text C:\Program Files\SetPoint\LBTWiz.exe[1920] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 001E0600
.text C:\Program Files\SetPoint\LBTWiz.exe[1920] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 001E0804
.text C:\Program Files\SetPoint\LBTWiz.exe[1920] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001E03FC
.text C:\Program Files\SetPoint\LBTWiz.exe[1920] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001E01F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00070A08
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00070600
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00070804
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000703FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000701F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000803FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00080600
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00080A08
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00081014
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00080804
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00080C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00080E10
.text C:\Program Files\iTunes\iTunesHelper.exe[1944] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000801F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001601F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001603FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001803FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00180600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00180A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00181014
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00180804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00180C0C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00180E10
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001801F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00190A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00190600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00190804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001903FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2104] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001901F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2236] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[2280] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2280] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2280] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001401F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001403FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00160A08
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00160600
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00160804
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001603FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001601F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001703FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00170600
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00170A08
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00171014
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00170804
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00170C0C
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00170E10
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2304] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[2344] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2344] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2368] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2368] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2368] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2368] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2368] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2368] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2368] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[2368] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2368] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2368] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Windows\system32\SearchIndexer.exe[2368] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehtray.exe[2508] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\ehome\ehtray.exe[2508] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\ehome\ehtray.exe[2508] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[2508] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehtray.exe[2508] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehtray.exe[2508] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehtray.exe[2508] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\ehome\ehtray.exe[2508] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehtray.exe[2508] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\ehome\ehtray.exe[2508] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\ehome\ehtray.exe[2508] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehtray.exe[2508] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Windows\ehome\ehtray.exe[2508] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Windows\ehome\ehtray.exe[2508] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Windows\ehome\ehtray.exe[2508] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Windows\ehome\ehtray.exe[2508] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 000B0A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 000B0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 000B0804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000B03FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2544] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000B01F8
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000B03FC
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 000B0600
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 000B0A08
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 000B1014
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 000B0804
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 000B0C0C
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 000B0E10
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000B01F8
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 000C0A08
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 000C0600
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 000C0804
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000C03FC
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[2548] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000C01F8
.text C:\Windows\system32\WUDFHost.exe[2556] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\WUDFHost.exe[2556] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\WUDFHost.exe[2556] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2556] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\system32\WUDFHost.exe[2556] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\system32\WUDFHost.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\system32\WUDFHost.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\system32\WUDFHost.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\system32\WUDFHost.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WUDFHost.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\system32\WUDFHost.exe[2556] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\system32\WUDFHost.exe[2556] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Windows\system32\WUDFHost.exe[2556] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Windows\system32\WUDFHost.exe[2556] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Windows\system32\WUDFHost.exe[2556] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Windows\system32\WUDFHost.exe[2556] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2676] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2748] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskeng.exe[2748] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000903FC
.text C:\Windows\system32\taskeng.exe[2748] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2748] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000B03FC
.text C:\Windows\system32\taskeng.exe[2748] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 000B0600
.text C:\Windows\system32\taskeng.exe[2748] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 000B0A08
.text C:\Windows\system32\taskeng.exe[2748] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 000B1014
.text C:\Windows\system32\taskeng.exe[2748] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 000B0804
.text C:\Windows\system32\taskeng.exe[2748] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\taskeng.exe[2748] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 000B0E10
.text C:\Windows\system32\taskeng.exe[2748] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000B01F8
.text C:\Windows\system32\taskeng.exe[2748] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 000C0A08
.text C:\Windows\system32\taskeng.exe[2748] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 000C0600
.text C:\Windows\system32\taskeng.exe[2748] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 000C0804
.text C:\Windows\system32\taskeng.exe[2748] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000C03FC
.text C:\Windows\system32\taskeng.exe[2748] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000C01F8
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001501F8
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001503FC
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001A03FC
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 001A0600
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 001A0A08
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 001A1014
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 001A0804
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 001A0C0C
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 001A0E10
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001A01F8
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 001B0A08
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 001B0600
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 001B0804
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001B03FC
.text C:\Users\Taylor\Desktop\gmer\gmer.exe[2772] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001B01F8
.text C:\Windows\system32\vssvc.exe[2788] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000901F8
.text C:\Windows\system32\vssvc.exe[2788] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000903FC
.text C:\Windows\system32\vssvc.exe[2788] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\vssvc.exe[2788] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000B03FC
.text C:\Windows\system32\vssvc.exe[2788] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 000B0600
.text C:\Windows\system32\vssvc.exe[2788] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 000B0A08
.text C:\Windows\system32\vssvc.exe[2788] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 000B1014
.text C:\Windows\system32\vssvc.exe[2788] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 000B0804
.text C:\Windows\system32\vssvc.exe[2788] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\vssvc.exe[2788] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 000B0E10
.text C:\Windows\system32\vssvc.exe[2788] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000B01F8
.text C:\Windows\system32\vssvc.exe[2788] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 000C0A08
.text C:\Windows\system32\vssvc.exe[2788] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 000C0600
.text C:\Windows\system32\vssvc.exe[2788] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 000C0804
.text C:\Windows\system32\vssvc.exe[2788] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000C03FC
.text C:\Windows\system32\vssvc.exe[2788] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wuauclt.exe[2924] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000601F8
.text C:\Windows\system32\wuauclt.exe[2924] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000603FC
.text C:\Windows\system32\wuauclt.exe[2924] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[2924] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00070A08
.text C:\Windows\system32\wuauclt.exe[2924] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00070600
.text C:\Windows\system32\wuauclt.exe[2924] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00070804
.text C:\Windows\system32\wuauclt.exe[2924] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[2924] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[2924] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000803FC
.text C:\Windows\system32\wuauclt.exe[2924] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00080600
.text C:\Windows\system32\wuauclt.exe[2924] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00080A08
.text C:\Windows\system32\wuauclt.exe[2924] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00081014
.text C:\Windows\system32\wuauclt.exe[2924] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00080804
.text C:\Windows\system32\wuauclt.exe[2924] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00080C0C
.text C:\Windows\system32\wuauclt.exe[2924] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00080E10
.text C:\Windows\system32\wuauclt.exe[2924] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehmsas.exe[2968] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000401F8
.text C:\Windows\ehome\ehmsas.exe[2968] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000403FC
.text C:\Windows\ehome\ehmsas.exe[2968] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[2968] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehmsas.exe[2968] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehmsas.exe[2968] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehmsas.exe[2968] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehmsas.exe[2968] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehmsas.exe[2968] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehmsas.exe[2968] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehmsas.exe[2968] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehmsas.exe[2968] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehmsas.exe[2968] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehmsas.exe[2968] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehmsas.exe[2968] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehmsas.exe[2968] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[3036] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3036] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe[3240] KERNEL32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00070A08
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00070804
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\ieuser.exe[3284] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3376] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3376] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3376] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3376] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3376] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3376] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3376] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3376] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3376] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3376] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3376] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3376] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[3376] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3376] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3376] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[3376] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8
.text C:\Windows\RtHDVCpl.exe[3680] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[3680] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[3680] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[3680] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 002703FC
.text C:\Windows\RtHDVCpl.exe[3680] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00270600
.text C:\Windows\RtHDVCpl.exe[3680] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00270A08
.text C:\Windows\RtHDVCpl.exe[3680] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00271014
.text C:\Windows\RtHDVCpl.exe[3680] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00270804
.text C:\Windows\RtHDVCpl.exe[3680] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00270C0C
.text C:\Windows\RtHDVCpl.exe[3680] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00270E10
.text C:\Windows\RtHDVCpl.exe[3680] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 002701F8
.text C:\Windows\RtHDVCpl.exe[3680] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00280A08
.text C:\Windows\RtHDVCpl.exe[3680] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00280600
.text C:\Windows\RtHDVCpl.exe[3680] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00280804
.text C:\Windows\RtHDVCpl.exe[3680] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 002803FC
.text C:\Windows\RtHDVCpl.exe[3680] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 002801F8
.text C:\Windows\system32\csrss.exe[3692] KERNEL32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00070A08
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00070600
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00070804
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000703FC
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000701F8
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000803FC
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00080600
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00080A08
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00081014
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00080804
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00080C0C
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00080E10
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3752] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001401F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001403FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00160600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00160A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00161014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00160804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00160C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00160E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00170A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00170600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00170804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3892] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4064] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001801F8
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00170600
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00170A08
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00171014
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00170804
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00170C0C
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00170E10
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00180A08
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00180600
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00180804
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001803FC
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4292] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00180A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00180600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00180804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4296] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4432] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001701F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001501F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001503FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] ADVAPI32.dll!CreateServiceW 76008686 3 Bytes JMP 003103FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] ADVAPI32.dll!CreateServiceW + 4 7600868A 1 Byte [8A]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00310600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00310A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00311014
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00310804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00310C0C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00310E10
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 003101F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00320A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00320600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00320804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 003203FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4552] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 003201F8
.text C:\Windows\system32\Dwm.exe[4656] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[4656] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[4656] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[4656] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[4656] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[4656] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[4656] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[4656] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[4656] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[4656] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[4656] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[4656] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[4656] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[4656] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[4656] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[4656] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8
.text C:\Program Files\SetPoint\SetPoint.exe[4660] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001501F8
.text C:\Program Files\SetPoint\SetPoint.exe[4660] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001503FC
.text C:\Program Files\SetPoint\SetPoint.exe[4660] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\SetPoint\SetPoint.exe[4660] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 001D0A08
.text C:\Program Files\SetPoint\SetPoint.exe[4660] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 001D0600
.text C:\Program Files\SetPoint\SetPoint.exe[4660] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 001D0804
.text C:\Program Files\SetPoint\SetPoint.exe[4660] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001D03FC
.text C:\Program Files\SetPoint\SetPoint.exe[4660] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001D01F8
.text C:\Program Files\SetPoint\SetPoint.exe[4660] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001E03FC
.text C:\Program Files\SetPoint\SetPoint.exe[4660] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 001E0600
.text C:\Program Files\SetPoint\SetPoint.exe[4660] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 001E0A08
.text C:\Program Files\SetPoint\SetPoint.exe[4660] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 001E1014
.text C:\Program Files\SetPoint\SetPoint.exe[4660] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 001E0804
.text C:\Program Files\SetPoint\SetPoint.exe[4660] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 001E0C0C
.text C:\Program Files\SetPoint\SetPoint.exe[4660] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 001E0E10
.text C:\Program Files\SetPoint\SetPoint.exe[4660] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001E01F8
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001501F8
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001503FC
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00170A08
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00170600
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00170804
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001703FC
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001701F8
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001803FC
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00180600
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00180A08
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00181014
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00180804
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00180C0C
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00180E10
.text C:\Program Files\DellSupport\DSAgnt.exe[4684] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001801F8
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001501F8
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001503FC
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00170A08
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00170600
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00170804
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001703FC
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001701F8
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001803FC
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00180600
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00180A08
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00181014
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00180804
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00180C0C
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00180E10
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[4780] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001801F8
.text C:\Windows\system32\DllHost.exe[4904] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\system32\DllHost.exe[4904] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\system32\DllHost.exe[4904] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\DllHost.exe[4904] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00060A08
.text C:\Windows\system32\DllHost.exe[4904] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00060600
.text C:\Windows\system32\DllHost.exe[4904] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00060804
.text C:\Windows\system32\DllHost.exe[4904] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000603FC
.text C:\Windows\system32\DllHost.exe[4904] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000601F8
.text C:\Windows\system32\DllHost.exe[4904] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\system32\DllHost.exe[4904] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\system32\DllHost.exe[4904] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\system32\DllHost.exe[4904] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\system32\DllHost.exe[4904] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\system32\DllHost.exe[4904] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\system32\DllHost.exe[4904] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\system32\DllHost.exe[4904] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001401F8
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001403FC
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00160A08
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00160600
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00160804
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001603FC
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001601F8
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001703FC
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00170600
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00170A08
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00171014
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00170804
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00170C0C
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00170E10
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[5180] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001701F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00970A08
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00970600
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00970804
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 009703FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 009701F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 009803FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00980600
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00980A08
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00981014
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00980804
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00980C0C
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00980E10
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5232] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 009801F8
.text C:\Windows\Explorer.EXE[5332] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[5332] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[5332] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\Explorer.EXE[5332] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[5332] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[5332] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[5332] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[5332] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[5332] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[5332] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[5332] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[5332] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[5332] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[5332] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[5332] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[5332] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8
.text C:\Program Files\iPod\bin\iPodService.exe[5404] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Program Files\iPod\bin\iPodService.exe[5404] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Program Files\iPod\bin\iPodService.exe[5404] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[5404] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Program Files\iPod\bin\iPodService.exe[5404] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Program Files\iPod\bin\iPodService.exe[5404] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Program Files\iPod\bin\iPodService.exe[5404] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Program Files\iPod\bin\iPodService.exe[5404] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Program Files\iPod\bin\iPodService.exe[5404] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Program Files\iPod\bin\iPodService.exe[5404] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Program Files\iPod\bin\iPodService.exe[5404] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Program Files\iPod\bin\iPodService.exe[5404] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Program Files\iPod\bin\iPodService.exe[5404] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Program Files\iPod\bin\iPodService.exe[5404] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Program Files\iPod\bin\iPodService.exe[5404] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Program Files\iPod\bin\iPodService.exe[5404] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001601F8
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001603FC
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00170A08
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00170600
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00170804
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001703FC
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001701F8
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001803FC
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00180600
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00180A08
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00181014
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00180804
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00180C0C
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00180E10
.text C:\Users\Taylor\AppData\Local\Temp\MSIMClientSetup.exe[5408] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001801F8
.text C:\Windows\System32\osk.exe[5652] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000501F8
.text C:\Windows\System32\osk.exe[5652] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000503FC
.text C:\Windows\System32\osk.exe[5652] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\System32\osk.exe[5652] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000703FC
.text C:\Windows\System32\osk.exe[5652] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00070600
.text C:\Windows\System32\osk.exe[5652] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00070A08
.text C:\Windows\System32\osk.exe[5652] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00071014
.text C:\Windows\System32\osk.exe[5652] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00070804
.text C:\Windows\System32\osk.exe[5652] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00070C0C
.text C:\Windows\System32\osk.exe[5652] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00070E10
.text C:\Windows\System32\osk.exe[5652] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000701F8
.text C:\Windows\System32\osk.exe[5652] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00080A08
.text C:\Windows\System32\osk.exe[5652] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00080600
.text C:\Windows\System32\osk.exe[5652] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00080804
.text C:\Windows\System32\osk.exe[5652] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000803FC
.text C:\Windows\System32\osk.exe[5652] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000801F8
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 001601F8
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 001603FC
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00170A08
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00170600
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00170804
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 001703FC
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 001701F8
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 001803FC
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00180600
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00180A08
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00181014
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00180804
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00180C0C
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00180E10
.text C:\Users\Taylor\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe[5660] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 001801F8
.text C:\Windows\system32\rundll32.exe[5672] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000601F8
.text C:\Windows\system32\rundll32.exe[5672] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000603FC
.text C:\Windows\system32\rundll32.exe[5672] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\rundll32.exe[5672] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00070A08
.text C:\Windows\system32\rundll32.exe[5672] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00070600
.text C:\Windows\system32\rundll32.exe[5672] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00070804
.text C:\Windows\system32\rundll32.exe[5672] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 000703FC
.text C:\Windows\system32\rundll32.exe[5672] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 000701F8
.text C:\Windows\system32\rundll32.exe[5672] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 000803FC
.text C:\Windows\system32\rundll32.exe[5672] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00080600
.text C:\Windows\system32\rundll32.exe[5672] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00080A08
.text C:\Windows\system32\rundll32.exe[5672] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00081014
.text C:\Windows\system32\rundll32.exe[5672] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00080804
.text C:\Windows\system32\rundll32.exe[5672] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00080C0C
.text C:\Windows\system32\rundll32.exe[5672] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00080E10
.text C:\Windows\system32\rundll32.exe[5672] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 000801F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000601F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000603FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00CF0A08
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00CF0600
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00CF0804
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 00CF03FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 00CF01F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 00CE03FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00CE0600
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00CE0A08
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00CE1014
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00CE0804
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00CE0C0C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00CE0E10
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[5732] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 00CE01F8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] ntdll.dll!LdrLoadDll 7773EB00 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] ntdll.dll!LdrUnloadDll 7774BF0A 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] kernel32.dll!GetBinaryTypeW + 70 773D7139 1 Byte [62]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] ADVAPI32.dll!CreateServiceW 76008686 5 Bytes JMP 009403FC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] ADVAPI32.dll!DeleteService 76008788 5 Bytes JMP 00940600
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] ADVAPI32.dll!ChangeServiceConfigW 7600A26A 5 Bytes JMP 00940A08
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] ADVAPI32.dll!SetServiceObjectSecurity 76043791 5 Bytes JMP 00941014
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] ADVAPI32.dll!ChangeServiceConfigA 76043891 5 Bytes JMP 00940804
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] ADVAPI32.dll!ChangeServiceConfig2A 76043A39 5 Bytes JMP 00940C0C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] ADVAPI32.dll!ChangeServiceConfig2W 76043B81 5 Bytes JMP 00940E10
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] ADVAPI32.dll!CreateServiceA 76043C41 5 Bytes JMP 009401F8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] USER32.dll!UnhookWindowsHookEx 775A7CE7 5 Bytes JMP 00950A08
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] USER32.dll!SetWindowsHookExA 775A891A 5 Bytes JMP 00950600
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] USER32.dll!SetWindowsHookExW 775A913D 5 Bytes JMP 00950804
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] USER32.dll!UnhookWinEvent 775B2C74 5 Bytes JMP 009503FC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5804] USER32.dll!SetWinEventHook 775B9C6D 5 Bytes JMP 009501F8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device \Driver\BTHUSB \Device\00000080 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device \Driver\BTHUSB \Device\0000007e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ede4618
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ede4618@0007618a7a1f 0x98 0xAE 0x1B 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197ede4618 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197ede4618@0007618a7a1f 0x98 0xAE 0x1B 0x05 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ede4618 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ede4618@0007618a7a1f 0x98 0xAE 0x1B 0x05 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00197ede4618 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00197ede4618@0007618a7a1f 0x98 0xAE 0x1B 0x05 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer@GlobalAssocChangedCounter 94
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download@LastSuccessTime 2011-06-29 02:27:50
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2239282594-4220849131-541571145-1000@RefCount 6
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP@LastIndex 2342
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore@LastIndex 2342

---- EOF - GMER 1.0.15 ----




#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:17 AM

Posted 10 July 2011 - 03:17 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:17 PM

Posted 10 July 2011 - 08:54 PM

Thank you for your help Elise. Nothing new since my original post, other than the popups have not been seen lately. I would still like to check the computer given what was found previously. Here is the DDS log:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6000.17037
Run by Taylor at 19:42:41 on 2011-07-10
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.897 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\dlcxcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071002
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_ActiveX.exe -update activex
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [<NO NAME>]
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [%PROVIDERID%] "bin\sprtcmd.exe" /P %PROVIDERID%
mRun: [QwestTouchPointAgent] "c:\program files\qwest\desktop\QwestTouchPointAgent.exe" /autostart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [DelayShred] "c:\program files\mcafee\mshr\shrcl.exe" /p7 /q c:\users\taylor\appdata\local\temp\low\HSPERF~1.SH!
StartupFolder: c:\users\taylor\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{07F27F47-DA08-45CA-B45C-302AC2EA7C85} : DhcpNameServer = 192.168.0.1 205.171.3.25
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\taylor\appdata\roaming\mozilla\firefox\profiles\z3p1xnxg.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=14196&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=A3C04733-8E23-41F9-B4A4-92DF0C7211F1&apn_ptnrs=FM&apn_sauid=B0E5BC74-834B-4A89-BAD5-2A4ADF05A1A7&apn_dtid=TES002FHUS&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\hblite\bin\11.0.329.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HBLiteSA.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\taylor\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2006-11-2 4608]
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-4-2 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-4-2 192984]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-4-2 102232]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-2 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-14 307928]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-14 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-14 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-6-16 42184]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2011-6-16 121000]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-18 366640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-21 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-18 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-10 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2011-07-08 07:49:26 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1bc40121-dfa3-41ba-b424-e67f7b3b17c4}\mpengine.dll
2011-06-19 02:42:32 -------- d-----w- c:\users\taylor\appdata\roaming\Malwarebytes
2011-06-19 02:42:23 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-19 02:42:23 -------- d-----w- c:\programdata\Malwarebytes
2011-06-19 02:42:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 02:42:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-05-25 01:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:04:46 102232 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03:31 192984 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
============= FINISH: 19:43:01.90 ===============






#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:17 AM

Posted 11 July 2011 - 02:51 AM

Hi, I recommend you to uninstall the following toolbars: FrostWire Toolbar and Dogpile Bundle Toolbar.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:17 PM

Posted 11 July 2011 - 08:52 PM

Hi Elise,

I uninstalled the Dogpile Bundle Toolbar, but was unable to figure out how to uninstall FrostWire Toolbar. Here is the ComboFix log:


ComboFix 11-07-11.02 - Taylor 07/11/2011 19:29:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1139 [GMT -6:00]
Running from: c:\users\Taylor\Desktop\Kris's Files for Computer fix\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\PlaySushi\PSTExt.dll
c:\windows\system32\msconfig.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 01:39 . 2011-07-12 01:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-12 01:26 . 2011-07-12 01:26 -------- d-----w- C:\32788R22FWJFW
2011-07-08 07:49 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BC40121-DFA3-41BA-B424-E67F7B3B17C4}\mpengine.dll
2011-06-30 20:25 . 2011-06-30 20:26 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-30 19:25 . 2011-06-30 19:25 -------- d-----w- c:\users\Public\Roaming
2011-06-19 02:42 . 2011-06-19 02:42 -------- d-----w- c:\users\Taylor\AppData\Roaming\Malwarebytes
2011-06-19 02:42 . 2011-06-19 02:42 -------- d-----w- c:\programdata\Malwarebytes
2011-06-19 02:42 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-19 02:42 . 2011-06-19 02:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-19 02:42 . 2011-05-29 15:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-12-28 01:08 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-01-14 17:59 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:37 . 2011-04-02 17:45 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-04 11:36 . 2011-04-02 17:44 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-01-14 17:59 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:36 . 2011-04-02 17:44 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-04 11:35 . 2010-01-14 17:59 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-01-14 17:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-01-14 17:59 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-01-14 17:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-25 01:14 . 2009-10-03 04:18 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-03-29 357376]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-03-29 19:08 1538048 ----a-w- c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 01:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-03-29 1538048]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-03-29 1538048]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe -silent" [X]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-12 101136]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-12 101136]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"QwestTouchPointAgent"="c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe" [2010-06-01 45992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
.
c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2007-10-1 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 00:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2006-11-02 4608]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-02-23 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-07-04 121000]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-11-04 537480]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 21:00]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 21:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\z3p1xnxg.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=14196&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=A3C04733-8E23-41F9-B4A4-92DF0C7211F1&apn_ptnrs=FM&apn_sauid=B0E5BC74-834B-4A89-BAD5-2A4ADF05A1A7&apn_dtid=TES002FHUS&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-%PROVIDERID% - bin\sprtcmd.exe
HKU-Default-RunOnce-DelayShred - c:\program files\mcafee\mshr\ShrCL.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-11 19:39
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-07-11 19:43:14
ComboFix-quarantined-files.txt 2011-07-12 01:43
.
Pre-Run: 240,851,689,472 bytes free
Post-Run: 241,317,683,200 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2BDC7333CA37B3EAE9ADAE3D562C902B

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:17 AM

Posted 12 July 2011 - 03:42 AM

Hi, lets just remove them with a script then. :)
How are things running at this point?

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"=-.
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[-HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[-HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-03-29 1538048]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[-HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[-HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[-HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[-HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]

Folder::
c:\program files\Ask.com
c:\program files\Dogpile Bundle Toolbar
Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:17 PM

Posted 12 July 2011 - 03:01 PM

Hi, No obvious issues at this point. Here is the latest ComboFix log.

ComboFix 11-07-11.02 - Taylor 07/12/2011 13:43:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1025 [GMT -6:00]
Running from: c:\users\Taylor\Desktop\Kris's Files for Computer fix\ComboFix.exe
Command switches used :: c:\users\Taylor\Desktop\Kris's Files for Computer fix\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_b995.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 19:53 . 2011-07-12 19:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-12 08:17 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43E26A76-DFCA-4508-B08F-2D7474C9BD65}\mpengine.dll
2011-06-30 20:25 . 2011-06-30 20:26 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-30 19:25 . 2011-06-30 19:25 -------- d-----w- c:\users\Public\Roaming
2011-06-19 02:42 . 2011-06-19 02:42 -------- d-----w- c:\users\Taylor\AppData\Roaming\Malwarebytes
2011-06-19 02:42 . 2011-06-19 02:42 -------- d-----w- c:\programdata\Malwarebytes
2011-06-19 02:42 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-19 02:42 . 2011-06-19 02:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-19 02:42 . 2011-05-29 15:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-12-28 01:08 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-01-14 17:59 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:37 . 2011-04-02 17:45 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-04 11:36 . 2011-04-02 17:44 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-01-14 17:59 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:36 . 2011-04-02 17:44 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-04 11:35 . 2010-01-14 17:59 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-01-14 17:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-01-14 17:59 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-01-14 17:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-25 01:14 . 2009-10-03 04:18 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe -silent" [X]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-12 101136]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-12 101136]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"QwestTouchPointAgent"="c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe" [2010-06-01 45992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
.
c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2007-10-1 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 00:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2006-11-02 4608]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-02-23 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-07-04 121000]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-11-04 537480]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 21:00]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 21:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\z3p1xnxg.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=14196&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=A3C04733-8E23-41F9-B4A4-92DF0C7211F1&apn_ptnrs=FM&apn_sauid=B0E5BC74-834B-4A89-BAD5-2A4ADF05A1A7&apn_dtid=TES002FHUS&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-12 13:53
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-07-12 13:56:19
ComboFix-quarantined-files.txt 2011-07-12 19:56
ComboFix2.txt 2011-07-12 01:43
.
Pre-Run: 238,286,389,248 bytes free
Post-Run: 238,270,390,272 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - EE6967F33D55417D4889F9F59D7CDAF0




#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:17 AM

Posted 13 July 2011 - 02:42 AM

Hi, that looks good!

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!


Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 26 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u26-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


Please launch Malwarebytes Antimalware, update it and run a full scan. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:17 PM

Posted 14 July 2011 - 12:43 PM

The programs have been udated. Here is the latest log from Malwarebytes:



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7121

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

7/13/2011 8:53:37 PM
mbam-log-2011-07-13 (20-53-37).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 297750
Time elapsed: 39 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:17 AM

Posted 14 July 2011 - 01:40 PM

Do you have any problem left?

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:17 PM

Posted 14 July 2011 - 02:20 PM

In past repairs I had been told to uncheck "Remove found threats", so I just wanted to confirm that on the ESET Online Scan you want "Remove Found Threats" to be checked?

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:17 AM

Posted 14 July 2011 - 03:04 PM

If you feel more secure that way you can leave it unchecked. However, I never run ESET when active infections are still there. Whatever is found now, will most likely be remnants, which can be safely removed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:17 PM

Posted 14 July 2011 - 03:05 PM

Thanks, I had already started it with it checked. I just wanted some confirmation.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users