Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble with computer, need some help please...


  • Please log in to reply
23 replies to this topic

#1 RhonB

RhonB

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:04:29 AM

Posted 02 July 2011 - 03:43 PM

Hi there,

I am presently a student here, a Junior in the malware removal classes but I don't feel like I am ready to try and fix this on my own.

I am using my Daughters laptop as I did not want to go online with my own desktop.

Here are the details:and

Computer has been behaving strangely the last few days...IE freezing alot, having to close it & retstart IE constantly, computer lagging...etc...
I had run MBAM quick scan and it found nothing. This morning I was using it and that blue screen that advises Windows is shutting down to protect my data came up....I was going out for the afternoon so I just turned it off until I got home. Later, when I tried to restart, it started but none of my AV software started, no firewall either. I tried to start MBAM to do a full scan but the hourglass just stayed there and MBAM did not start...so I shut it down and came here for help.

Please help as I hate my Daughters laptop...she seems to be having an issue with typing, the cursor keeps jumping all over the place...took me 20 minutes to type this post.....grrrrrr...I will try to figure out why while I wait for a respons.

Thanks in advance...

RhonB

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 05 July 2011 - 04:52 PM

Hello,

Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

==========

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Do not download the Avast definitions

On completion of the scan click save log, save it to your desktop and post in your next reply

==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:04:29 AM

Posted 05 July 2011 - 11:18 PM

Hi thcbytes,

Thanks for getting back to me.

I did have some new developments since I first added this topic, but it did not let me edit my post and I did not want to post a new reply for fear others might think I had already been helped.

The computer finally did restart normally...with all my AV software running, but it still lags somewhat....IE still freezes and CPU usage contiues to increase (loud) and decrease constantly. I checked processes and it looks to me that services.exe is the culprit in the hard running CPU. But not sure what that means.. :mellow: So, other than the last few things I mentioned, the machine seems to be working normally...no blue screens...but I would really like to know what caused that to begin with..??

In any case, I did the scans and just to let you know...GMER took over 4 hours to run!! It never warned me of a rootkit and never asked me if I wanted to scan the whole computer...but I feel like it did it anyways....4-1/2 hours!! :o Phew!

I don't think any malware was found..but I guess you would be the better judge of that... :wink: Thanks for having a look .. :)



DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Rhon at 19:01:08 on 2011-07-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1293 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\Pmxmiced.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\V0230Mon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe
mRun: [MBBalloon] c:\program files\hotalbummybox\MBBalloon.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: facebook.com\apps
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rhon\application data\mozilla\firefox\profiles\bwddzfgj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\spyware doctor\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\spyware doctor\bdt\FireFox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Malware Search: {27c60876-b5c9-4335-b4f3-52b26782220c} - %profile%\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
FF - Ext: Clippings: {91aa5abe-9de4-4347-b7b5-322c38dd9271} - %profile%\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
FF - Ext: Subtile: {88ce39f5-1e54-477c-809d-93d411720f0c} - %profile%\extensions\{88ce39f5-1e54-477c-809d-93d411720f0c}
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-2 218592]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-1-2 32008]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-3-13 15172]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-13 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-27 309848]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-1-2 249616]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-27 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-27 42184]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-1-2 198608]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-1-4 88176]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-11-15 287024]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-1-31 76696]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-11-15 89192]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-11-15 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-11-15 124992]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-3-21 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-3-21 14336]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-1-2 26096]
S2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-1-2 6416120]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-1-2 160448]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-2 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-2 1141712]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2006-3-24 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2006-9-29 500480]
S4 0013031292416018mcinstcleanup;McAfee Application Installer Cleanup (0013031292416018);c:\windows\temp\001303~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\001303~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
.
=============== Created Last 30 ================
.
2011-06-29 04:00:51 -------- d-----w- c:\program files\Mapit_1
2011-06-17 04:15:25 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-16 22:11:53 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-07 16:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-07 16:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-25 01:16:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 19:03:41.29 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/03/2008 10:36:42 PM
System Uptime: 05/07/2011 6:16:16 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | Socket 775 | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 184.378 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart Plus B209a-m
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Plus B209a-m,192.168.0.188
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart Plus B209a-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Plus B209a-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP504: 06/04/2011 5:39:34 PM - System Checkpoint
RP505: 07/04/2011 9:02:38 PM - System Checkpoint
RP506: 09/04/2011 12:20:51 AM - System Checkpoint
RP507: 10/04/2011 4:57:45 AM - System Checkpoint
RP508: 11/04/2011 11:16:25 AM - System Checkpoint
RP509: 12/04/2011 8:35:55 PM - System Checkpoint
RP510: 12/04/2011 11:39:40 PM - Software Distribution Service 3.0
RP511: 14/04/2011 6:24:37 PM - System Checkpoint
RP512: 15/04/2011 8:49:31 PM - System Checkpoint
RP513: 17/04/2011 1:04:18 AM - System Checkpoint
RP514: 18/04/2011 6:14:43 PM - System Checkpoint
RP515: 19/04/2011 7:35:01 PM - System Checkpoint
RP516: 20/04/2011 8:45:16 PM - System Checkpoint
RP517: 21/04/2011 3:00:18 AM - Software Distribution Service 3.0
RP518: 22/04/2011 9:06:37 AM - System Checkpoint
RP519: 24/04/2011 10:44:18 AM - System Checkpoint
RP520: 25/04/2011 11:31:47 AM - System Checkpoint
RP521: 26/04/2011 11:57:01 AM - System Checkpoint
RP522: 28/04/2011 12:48:22 AM - System Checkpoint
RP523: 28/04/2011 2:26:35 AM - Software Distribution Service 3.0
RP524: 29/04/2011 8:26:10 PM - System Checkpoint
RP525: 30/04/2011 8:28:26 PM - System Checkpoint
RP526: 05/05/2011 7:18:15 PM - System Checkpoint
RP527: 07/05/2011 4:34:53 AM - System Checkpoint
RP528: 09/05/2011 6:38:20 PM - System Checkpoint
RP529: 10/05/2011 7:15:23 PM - System Checkpoint
RP530: 11/05/2011 9:52:29 PM - System Checkpoint
RP531: 12/05/2011 12:12:46 AM - Software Distribution Service 3.0
RP532: 15/05/2011 11:40:40 AM - System Checkpoint
RP533: 16/05/2011 6:43:34 PM - System Checkpoint
RP534: 18/05/2011 1:03:41 AM - System Checkpoint
RP535: 19/05/2011 5:55:56 PM - System Checkpoint
RP536: 20/05/2011 6:53:24 PM - System Checkpoint
RP537: 22/05/2011 2:40:16 AM - System Checkpoint
RP538: 26/05/2011 9:56:56 PM - System Checkpoint
RP539: 28/05/2011 12:30:55 AM - System Checkpoint
RP540: 29/05/2011 2:06:58 AM - System Checkpoint
RP541: 30/05/2011 10:17:21 PM - System Checkpoint
RP542: 01/06/2011 6:53:11 PM - System Checkpoint
RP543: 03/06/2011 3:35:40 PM - System Checkpoint
RP544: 04/06/2011 4:00:57 PM - System Checkpoint
RP545: 05/06/2011 5:16:40 PM - System Checkpoint
RP546: 06/06/2011 6:47:32 PM - System Checkpoint
RP547: 09/06/2011 10:50:28 PM - System Checkpoint
RP548: 11/06/2011 6:49:50 AM - System Checkpoint
RP549: 12/06/2011 4:17:58 PM - System Checkpoint
RP550: 15/06/2011 10:06:14 PM - System Checkpoint
RP551: 17/06/2011 12:05:12 AM - Software Distribution Service 3.0
RP552: 18/06/2011 1:38:03 AM - System Checkpoint
RP553: 19/06/2011 2:23:51 AM - System Checkpoint
RP554: 23/06/2011 6:37:51 PM - System Checkpoint
RP555: 25/06/2011 3:58:30 AM - System Checkpoint
RP556: 26/06/2011 4:46:55 AM - System Checkpoint
RP557: 29/06/2011 12:12:10 AM - Software Distribution Service 3.0
RP558: 30/06/2011 4:25:22 PM - System Checkpoint
RP559: 01/07/2011 4:32:35 PM - System Checkpoint
RP560: 03/07/2011 1:40:59 AM - System Checkpoint
RP561: 04/07/2011 1:53:51 AM - System Checkpoint
RP562: 05/07/2011 2:56:58 AM - System Checkpoint
.
==== Installed Programs ======================
.
#1 Video Converter 5.0.2
32 Bit HP CIO Components Installer
A610
A710_A610_A510_Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Photoshop Elements 6.0
Adobe Reader 9.4.5
Adobe Shockwave Player 11.5
Any Video Converter 3.2.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
avast! Free Antivirus
AVS DVDMenu Editor 1.2.1.19
AVS Video Editor 3.5
B209a-m
Bonjour
Browser Address Error Redirector
Browser Defender 3.0.0.1
BufferChm
Canon CanoScan Toolbox 4.5
CCleaner
CDBurnerXP
Coupon Printer for Windows
Creative Live! Cam Video IM Pro Driver (1.01.03.0928)
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Definition update for Microsoft Office 2010 (KB982726)
Dell DataSafe Online
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center
Destinations
DeviceDiscovery
DeviceManagementQFolder
Download Updater (AOL LLC)
DVD Flick 1.3.0.7
ESET Online Scanner v3
eSupportQFolder
Free Easy Burner V 4.1
FrostWire 4.21.1
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
High Definition Audio Driver Package - KB835221
HiJackThis
HijackThis 2.0.2
HOT ALBUM MYBOX
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
Image Resizer Powertoy for Windows XP
ImgBurn
InstantShareDevicesMFC
Intel® PRO Network Connections 12.1.8.0
iPod for Windows 2005-09-23
iWisoft Free Video Converter 1.2
Java Auto Updater
Java™ 6 Update 24
Jetcast 1.1.1
jZip
K-Lite Codec Pack 4.1.4 (Full)
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
McAfee SiteAdvisor
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - fra
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MixPad Audio Mixer
Mouse Suite for Desktop Computers
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MSXML4SP2
MyDefrag v4.2.7
Nancy Drew: Secret of the Scarlet Hand
Nancy Drew: The Haunted Carousel
Network
PanoStandAlone
PC Tools Firewall Plus 7.0
Photo Story 3 for Windows
Photo Transport
Pinnacle Instant DVD Recorder
PowerDVD
Prevx
PS_AIO_06_B209a-m_SW_Min
QuickTime
QuickTransfer
Realtek High Definition Audio Driver
RecordPad Sound Recorder
Roll
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Scan
SearchAssist
Secunia PSI (2.0.0.1003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype™ 5.1
SmartWebPrinting
Soap 3.0 Toolkit
SolutionCenter
Sonic Activation Module
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy
Spyware Doctor 7.0
SpywareBlaster 4.4
Status
Switch Sound File Converter
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
Toolbox
TrayApp
UFile 2007
UFile 2008
UFile 2009
UFile 2010
UFile Updater 2007
UFile Updater 2008
UFile Updater 2009
UFile Updater 2010
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WavePad Sound Editor
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows PowerShell™ 1.0
Windows XP Service Pack 3
WinPatrol
WinRAR archiver
WinZip 12.0
WOT for Internet Explorer
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
YouTube Uploader for CASIO
.
==== Event Viewer Messages From Past Week ========
.
30/06/2011 12:46:32 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.
30/06/2011 1:23:27 AM, error: Print [6161] - The document http://maps.google.ca/maps?f=d&source=s_d&saddr=Oshawa,+Ontario owned by Rhon failed to print on printer HP Photosmart Plus B209a-m (Copy 1). Data type: NT EMF 1.008. Size of the spool file in bytes: 285900. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\HOME. Win32 error code returned by the print processor: 0 (0x0).
29/06/2011 3:51:39 PM, error: Print [6161] - The document Microsoft Outlook - Memo Style owned by Rhon failed to print on printer HP Photosmart Plus B209a-m (Copy 1). Data type: NT EMF 1.008. Size of the spool file in bytes: 131772. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\HOME. Win32 error code returned by the print processor: 0 (0x0).
29/06/2011 3:07:30 PM, error: Print [6161] - The document 2011-2012_Mat_Pkg_-_Group.pdf owned by Rhon failed to print on printer HP Photosmart Plus B209a-m (Copy 1). Data type: NT EMF 1.008. Size of the spool file in bytes: 5233392. Number of bytes printed: 0. Total number of pages in the document: 4. Number of pages printed: 0. Client machine: \\HOME. Win32 error code returned by the print processor: 0 (0x0).
02/07/2011 3:49:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
02/07/2011 3:49:24 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/07/2011 3:48:29 PM, error: Service Control Manager [7000] - The PCTAppEvent Driver service failed to start due to the following error: The parameter is incorrect.
.
==== End Of File ===========================



aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-05 19:10:19
-----------------------------
19:10:19.296 OS Version: Windows 5.1.2600 Service Pack 3
19:10:19.296 Number of processors: 2 586 0xF0D
19:10:19.296 ComputerName: HOME UserName: Rhon
19:10:20.015 Initialize success
19:10:20.125 AVAST engine defs: 11070501
19:10:27.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:10:27.125 Disk 0 Vendor: WDC_WD3200AAKS-75VYA0 12.01B02 Size: 305245MB BusType: 3
19:10:29.156 Disk 0 MBR read successfully
19:10:29.156 Disk 0 MBR scan
19:10:29.156 Disk 0 Windows XP default MBR code
19:10:31.156 Disk 0 scanning sectors +625121280
19:10:31.187 Disk 0 scanning C:\WINDOWS\system32\drivers
19:10:42.562 Service scanning
19:10:44.218 Disk 0 trace - called modules:
19:10:44.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:10:44.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8f8ab8]
19:10:44.250 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a8f9920]
19:10:44.250 5 PCTCore.sys[b9e0ceae] -> nt!IofCallDriver -> \Device\0000006a[0x8a890f18]
19:10:44.250 7 ACPI.sys[b9f5f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a8fdd98]
19:10:44.906 AVAST engine scan C:\WINDOWS
19:40:09.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rhon\Desktop\MBR.dat"
19:40:09.093 The log file has been saved successfully to "C:\Documents and Settings\Rhon\Desktop\aswMBR.txt"


I will have to post the GMER log in another reply as it won't let me post...saying this reply was too long....sheesh!!! lol

#4 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:04:29 AM

Posted 05 July 2011 - 11:26 PM

Well, it wouldn't let me post with the whole GMER log either...again it said it was too long, so I tried to attach the file and it wouldn't do that either.

All I can think to do is post half the GMER log here and the other half in yet a third post... sigh...

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-05 23:48:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200AAKS-75VYA0 rev.12.01B02
Running: fc9mmveh.exe; Driver: C:\DOCUME~1\Rhon\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAC842202]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAllocateVirtualMemory [0xAA376F60]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xAA376AF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAC8666C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAC8447F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAC844848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAC84495E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9E2B112]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAC844746]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9E0A2D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9E0A4C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAC844898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAC84479A]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xAA376B40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAC84490C]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDebugActiveProcess [0xAA376F10]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAC842226]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xAA376810]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xAA3768D0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDuplicateObject [0xAA377180]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAC866BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAC866A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAC8A8E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAC841FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAC84224A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAC844D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAC842CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAC844820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAC844870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAC844988]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9E29E12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAC844772]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xAA377490]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenSection [0xAA376CD0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAC8447C8]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xAA377320]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAC844936]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xAA376BE0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAC8668D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAC842BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAC86672A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9E2C020]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAC8656E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAC84226E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAC842292]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xAA376AA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAC84204A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAC842186]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xAA3769B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAC842162]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSystemDebugControl [0xAA376E80]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xAA377630]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xAA376C80]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAC8422B6]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xAA377000]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [E8, 56, 86, AC]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F30 805047CC 12 Bytes [6E, 22, 84, AC, 92, 22, 84, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL AC843335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP AC8B9D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP AC8BB7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\drivers\PzWDM.sys entry point in "init" section [0xBA4BC30E]
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP AC845CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP AC845BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP AC844F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP AC845E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP AC846014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP AC845B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 4 Bytes JMP AC844FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 4 Bytes JMP AC845180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP AC845326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 4 Bytes JMP AC844E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 4 Bytes JMP AC845BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 4 Bytes JMP AC845F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 4 Bytes JMP AC8452FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP AC844E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 4 Bytes JMP AC845D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP AC84503E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 1 Byte [E9]
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 4 Bytes JMP AC8450AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP AC8450E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 4 Bytes JMP AC844D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP AC844EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 4 Bytes JMP AC845008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP AC845440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP AC845ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\Rhon\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\DOCUME~1\Rhon\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Rhon\Desktop\fc9mmveh.exe[224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Rhon\Desktop\fc9mmveh.exe[224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\ctfmon.exe[404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[404] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[404] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[404] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[404] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\alg.exe[448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[448] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[448] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[448] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[448] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[448] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[448] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[448] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[448] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[448] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[448] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[448] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[448] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[448] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[448] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[448] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[548] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[548] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[576] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\spoolsv.exe[640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\System32\smss.exe[944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1012] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004A1014
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004A0804
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004A0A08
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004A0C0C
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004A0E10
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004A01F8
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004A03FC
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004A0600
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004B0804
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004B0A08
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004B0600
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004B01F8
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004B03FC
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00CD1014
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00CD0804
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00CD0A08
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00CD0C0C
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00CD0E10
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00CD01F8
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00CD03FC
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00CD0600
.text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[1620] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1688] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1688] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1688] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

#5 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:04:29 AM

Posted 05 July 2011 - 11:28 PM

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[620] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\spoolsv.exe[640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[816] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\System32\smss.exe[944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1012] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1140] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1320] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004A1014
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004A0804
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004A0A08
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004A0C0C
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004A0E10
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004A01F8
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004A03FC
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004A0600
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004B0804
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004B0A08
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004B0600
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004B01F8
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1380] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004B03FC
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00CD1014
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00CD0804
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00CD0A08
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00CD0C0C
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00CD0E10
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00CD01F8
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00CD03FC
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00CD0600
.text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[1620] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1688] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1688] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1688] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1688] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1752] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1828] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1828] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1828] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1828] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1868] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1868] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1868] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1868] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1868] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[2000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[2000] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[2000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\Pmxmiced.exe[2116] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\Program Files\Secunia\PSI\sua.exe[2232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Secunia\PSI\sua.exe[2232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[2232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Secunia\PSI\sua.exe[2232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[2232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Secunia\PSI\sua.exe[2232] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Secunia\PSI\sua.exe[2232] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Secunia\PSI\sua.exe[2232] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Secunia\PSI\sua.exe[2232] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Secunia\PSI\sua.exe[2232] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Secunia\PSI\sua.exe[2232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Secunia\PSI\sua.exe[2232] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\RTHDCPL.EXE[2400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\RTHDCPL.EXE[2400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2400] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\RTHDCPL.EXE[2400] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2400] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\RTHDCPL.EXE[2400] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\RTHDCPL.EXE[2400] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\RTHDCPL.EXE[2400] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\RTHDCPL.EXE[2400] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\RTHDCPL.EXE[2400] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\RTHDCPL.EXE[2400] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\RTHDCPL.EXE[2400] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\RTHDCPL.EXE[2400] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\RTHDCPL.EXE[2400] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\RTHDCPL.EXE[2400] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\RTHDCPL.EXE[2400] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\RTHDCPL.EXE[2400] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2460] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2516] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[2540] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[2540] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[2540] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[2540] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[2540] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\V0230Mon.exe[2716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\V0230Mon.exe[2716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\V0230Mon.exe[2716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\V0230Mon.exe[2716] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\V0230Mon.exe[2716] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\V0230Mon.exe[2716] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\V0230Mon.exe[2716] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\V0230Mon.exe[2716] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\V0230Mon.exe[2716] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\V0230Mon.exe[2716] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\V0230Mon.exe[2716] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\V0230Mon.exe[2716] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\V0230Mon.exe[2716] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\V0230Mon.exe[2716] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\V0230Mon.exe[2716] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\V0230Mon.exe[2716] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\V0230Mon.exe[2716] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\Explorer.EXE[2812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[2812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[2812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[2812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[2812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[2812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[2812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[2812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[2812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[2812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[2812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[2812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[2812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\rundll32.exe[2912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\rundll32.exe[2912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[2912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\rundll32.exe[2912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[2912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\rundll32.exe[2912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\rundll32.exe[2912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\rundll32.exe[2912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\rundll32.exe[2912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\rundll32.exe[2912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\rundll32.exe[2912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\rundll32.exe[2912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\rundll32.exe[2912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\rundll32.exe[2912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\rundll32.exe[2912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\rundll32.exe[2912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\rundll32.exe[2912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[2928] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\NOTEPAD.EXE[2940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[2940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3204] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00DC1014
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00DC0804
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00DC0A08
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00DC0C0C
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00DC0E10
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00DC01F8
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00DC03FC
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3516] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00DC0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3576] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\ICO.EXE[3784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\ICO.EXE[3784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ICO.EXE[3784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\ICO.EXE[3784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ICO.EXE[3784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ICO.EXE[3784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ICO.EXE[3784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ICO.EXE[3784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ICO.EXE[3784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ICO.EXE[3784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\ICO.EXE[3784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\ICO.EXE[3784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\ICO.EXE[3784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\ICO.EXE[3784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\ICO.EXE[3784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\ICO.EXE[3784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ICO.EXE[3784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\NOTEPAD.EXE[3912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[3912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[3944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[3944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3944] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[3944] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[3944] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[3944] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[3944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[3944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[3944] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[3944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[3944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[3944] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[3944] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[3944] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3972] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3996] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1084] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00600002
IAT C:\WINDOWS\system32\services.exe[1084] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00600000
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00C8B467
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00C8B27A
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00C86CA8
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00C87881
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00C8962B
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00C8804D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00C87A66
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00C88EA6
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00C8AB0E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00C8AB3E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00C8B681
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00C8A868
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00C895BB
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00C8870D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00C87E61
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00C883A9
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00C8B9AD
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00C890A5
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00C894B7
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00C89BFA
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00C898EA
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00C89BA8
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00C8A1E4
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00C89CF2
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00C87C75
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00C88662
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00C8ABE9
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00C899AC
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00C8956E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00C892E2
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00C896BB
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00C8B68D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00C89881
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 00C8B812
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00C8B7E0
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00C8B935
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00C8B991
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[1460] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 00C8B87E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A852FD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 06 July 2011 - 07:40 AM

Good morning,

A few observations...

I do not see evidence of malware so far.

Based on your computers behavior I would back up my data if you have not already done so. I notice that you have quite a few processor intensive programs running. You might consider uninstalling a few as this might be effecting system performance without any significant added benefit.

  • avast! Free Antivirus
  • PC Tools Firewall Plus 7.0
  • Prevx
  • Spybot - Search & Destroy
  • Spyware Doctor 7.0
  • SpywareBlaster 4.4
  • WinPatrol

An antivirus and firewall along with safe internet practices should suffice IMHO.

==========

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

==========

For the record....

I see you have FrostWire installed! :whistle:

Granted this application can be used for very specific legitimate uses such as downloading a linux distro...

Using any peer-to-peer (P2P) or file sharing program (i.e. Limewire, eMule, Kontiki, BitTorrent, uTorrent, BearShare, Azureus/Vuze) is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information.

The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications.
==========

We can diagnose Your BlueScreen if it occurs again
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image

    Sometimes a specific file is listed also. Please post it if listed.

==========

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

==========

Go ahead and uninstall leaving only the AV/FW and let me know if the problems persist. We might need to get one of the BC Advisors to help if the next round of modifications prove fruitless.

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:04:29 AM

Posted 06 July 2011 - 06:55 PM

Hi thcbytes,

A couple of questions (and comments) before I start deleting...

•avast! Free Antivirus - This is my AV, is it not good?

•PC Tools Firewall Plus 7.0 - This is my Firewall, I have the windows FW disabled

•Prevx - this was my old AV...it is now disabled, but you think I should remove all together?

These last 4 I was advised to put on my machine a year and a half ago when I first came here to BC for some help...the helper told me to put these on my machine for more safety...so you think I should remove them? Sooo confused.... :blink: lol

•Spybot - Search & Destroy

•Spyware Doctor 7.0

•SpywareBlaster 4.4

•WinPatrol


1) I do regular backups every 3 months or so... :thumbup2:

2) I just did my Java update when I was prompted...the other day. Why would it still be showing as out of date??? :unsure:

3) Frostewire...yes, my daughter installed it...I have only used it a couple of times and scan the file with MBAM before I actually open it...It does not start on startup and I have changed the setting so nobody has access to my folders....does that make it better?? Even a little?? :blush:

4) Did you want me to do the EST scan? Or do you think it's not necessary since you have found no malware so far...?

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 07 July 2011 - 08:54 AM

Hello,

I thought I was clear but evidently not.

I notice that you have quite a few processor intensive programs running. You might consider uninstalling a few as this might be effecting system performance without any significant added benefit.

An antivirus and firewall along with safe internet practices should suffice IMHO.

Go ahead and uninstall leaving only the AV/FW and let me know if the problems persist.



Let me clarify.

I do not see obvious malware in your logs so far. I do see processor intensive applications installed that might effect system performance and could account for your current problems. In my opinion an Antivrus software application and Firewall along with safe internet practices should suffice for protection. Albeit somewhat controversial I am not a fan of installing 3rd party Firewall applications except in very specific circumstances outside the typical users usage. I am happy to expand discussions on that if you desire.

I would uninstall the others and see if that resolves your issues. You can always reinstall them later.

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Prevx
Spybot - Search & Destroy
Spyware Doctor 7.0
SpywareBlaster 4.4
WinPatrol


Additional instructions can be found here if needed.

Make sense?

==========

This is what you have installed..

Java™ 6 Update 24

The latest patch is 26!

==========

Frostewire...yes, my daughter installed it...I have only used it a couple of times and scan the file with MBAM before I actually open it...It does not start on startup and I have changed the setting so nobody has access to my folders....does that make it better?? Even a little??


Think about what your doing. You are downloading from a complete stranger!! It is like having unprotected sex. If MBAM was capable of detecting all malware then our website would not be needed.

If you download something infected by a well disguised keylogger or Remote Access Tool (RAT) then you might as well post all your passwords and bank account data publicly. If your lucky enough to realize your infected then removal of a RAT can prove exceptionally difficult. Or if its infected with a file infector then your only option is nuke and pave.

You willing to take the gamble?????

=========

Did you want me to do the EST scan? Or do you think it's not necessary since you have found no malware so far...?

Actually the Frostwire info you provided changes things. I would like to first run a deeper scan with CF.

==========

So to recap....

:step1: Uninstall all those apps I listed above. Reboot and see if the computer still displays the same behavior.

-----

:step2: Please download ComboFix from one of these locations:

Link 1
Link 2

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click it & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

-----

:step3: Update Java per my earlier instructions.

==========

With your next post please provide:

  • Do you understand why I wanted those applications uninstalled? Do you have more questions about that?
  • Did the uninstall resolve any system performance issues?
  • Any other questions with regards to p2p(Frostwire)?
  • Combofix log.txt
  • How is your computer running now?

Kind regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:04:29 AM

Posted 07 July 2011 - 10:58 PM

Hi Thcbytes,

Yes, you were clear...I just wanted to explain why they were all on my system...and asked if you thought Avast was not a good AV....

I did go and remove most of them (kept Avast & PC Tools Firewall) and yes, the computer now doesn't seem to be running so hard all the time...and my IE has not frozen up once yet this evening.... :thumbup2: Kind of glad as Winpatrol & Spybot were so annoying...lol
But why was I told I should put all of that on my machine?..that's what I was confused about.

One more thing I forgot to mention...lately I have also been getting this error message on shut down...

The instruction at "0x00000000" the referenced memory at "0x00000000". The memory cannot be "written". Click OK to terminate." 

Tried googling it and there are just so many opinions...as I value yours, what do you think this is and how would I fix it?


I did the CF scan....here is the log:


ComboFix 11-07-07.05 - Rhon 07/07/2011 19:47:32.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1420 [GMT -4:00]
Running from: c:\documents and settings\Rhon\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rhon\WINDOWS
c:\windows\Downloaded Program Files\ODCTOOLS
.
.
((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))
.
.
2011-07-07 23:23 . 2011-07-07 23:23 -------- d-----w- c:\program files\Common Files\Java
2011-07-07 23:22 . 2011-07-07 23:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-07 22:24 . 2011-07-07 22:24 -------- d-----w- c:\documents and settings\Rhon\Local Settings\Application Data\Facebook
2011-06-29 04:00 . 2011-06-29 04:00 -------- d-----w- c:\program files\Mapit_1
2011-06-17 04:15 . 2011-06-17 19:51 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-16 22:11 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 23:22 . 2010-05-04 23:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-04 11:43 . 2010-12-27 20:48 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-12-27 20:48 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-13 04:46 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-12-27 20:48 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-12-27 20:48 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-12-27 20:48 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-12-27 20:48 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-12-27 20:48 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-12-27 20:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-12-27 20:48 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-25 01:16 . 2011-05-18 21:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 13:11 . 2009-12-31 22:01 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2009-12-31 22:01 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-08-27 23:32 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-08-27 23:32 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-08-27 23:32 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-22 39408]
"Facebook Update"="c:\documents and settings\Rhon\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-07-07 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]
"MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2007-02-09 789120]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-3-6 7168]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YouTube Uploader for CASIO.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\YouTube Uploader for CASIO.lnk
backup=c:\windows\pss\YouTube Uploader for CASIO.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"42:UDP"= 42:UDP:udp427
.
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [13/03/2008 12:12 AM 15172]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13/03/2011 12:46 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/12/2010 4:48 PM 309848]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [02/01/2010 2:15 AM 249616]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/12/2010 4:48 PM 19544]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [02/01/2010 2:15 AM 160448]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [21/12/2010 8:04 AM 987704]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [21/12/2010 8:04 AM 399416]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [15/11/2010 11:31 AM 89192]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [15/11/2010 11:31 AM 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [15/11/2010 11:31 AM 124992]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [21/03/2008 9:59 PM 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [21/03/2008 9:59 PM 14336]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 4:30 AM 15544]
R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [24/03/2006 2:00 AM 6272]
R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [29/09/2006 2:01 AM 500480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 12:09 PM 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [04/01/2010 1:35 AM 88176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 12:09 PM 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 10:25 AM 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 9:37 PM 4640000]
S4 0013031292416018mcinstcleanup;McAfee Application Installer Cleanup (0013031292416018);c:\windows\TEMP\001303~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\001303~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-453777388-2246062958-629103675-1006Core.job
- c:\documents and settings\Rhon\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-07 22:24]
.
2011-07-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-453777388-2246062958-629103675-1006UA.job
- c:\documents and settings\Rhon\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-07 22:24]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:09]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:09]
.
2010-08-25 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2010-08-22 05:17]
.
2010-09-01 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-08-22 05:17]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: facebook.com\apps
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Rhon\Application Data\Mozilla\Firefox\Profiles\bwddzfgj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\Spyware Doctor\BDT\FireFox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Malware Search: {27c60876-b5c9-4335-b4f3-52b26782220c} - %profile%\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
FF - Ext: Clippings: {91aa5abe-9de4-4347-b7b5-322c38dd9271} - %profile%\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
FF - Ext: Subtile: {88ce39f5-1e54-477c-809d-93d411720f0c} - %profile%\extensions\{88ce39f5-1e54-477c-809d-93d411720f0c}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-07 20:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4664)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\msi.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pmxscrll.dll
c:\windows\system32\PMXCOMM.dll
c:\windows\system32\PMXHOOKS.dll
.
Completion time: 2011-07-07 20:21:49
ComboFix-quarantined-files.txt 2011-07-08 00:21
.
Pre-Run: 197,534,187,520 bytes free
Post-Run: 199,069,986,816 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F5DF618E5D575617F129713F87549C6E

#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 08 July 2011 - 11:42 AM

Hello,

Yes, you were clear...I just wanted to explain why they were all on my system...and asked if you thought Avast was not a good AV...

Yes. I think Avast is a decent AV.

==========

I did go and remove most of them (kept Avast & PC Tools Firewall) and yes, the computer now doesn't seem to be running so hard all the time...and my IE has not frozen up once yet this evening...

Good

==========

But why was I told I should put all of that on my machine?..that's what I was confused about.

Please don't misunderstand. Those applications are certainly reasonable to recommend. But understand this...for ever security app that is installed their is a price in regards to processor expense. So you have to weigh the processor expense vs the benefit gleaned. In your particular circumstance we are concerned about performance issues so it was reasonable to eliminate resource intensive apps that you could live without.

In general though there is some divergence of opinions with regards to what qualifies as "adequate" protection. For the casual user I recommend an antivirus application, pre-installed firewall, and a good secondary app like MBAM plus safe internet practices as "adequate" protection.

A few criticisms that I have with regards to "outbound" 3rd party firewalls is that they are resource hogs. They flag all activity both inbound and outbound - good and bad. The casual user will be unable to determine what is good and what is potentially bad. Most malware is capable of disabling firewalls so in that scenario it renders it useless anyways.

A similar argument can be made in reference to Spybot. It will identify any registry modifications both good and bad. It leaves the user with the task of trying to determine what is good and bad which can be challenging to say the least.

Ultimately with outbound FW's and Tea Timer most casual user end up allowing all modifications and therefore glean no benefit with processor performance sacrificed.

==========

One more thing I forgot to mention...lately I have also been getting this error message on shut down...

That is a very non-specific error. Not my area of expertize to say the least. After we clear your computer from a malware standpoint then we can get the tech experts to weigh in an opinion.

==========

Let me take a peek at the CF detections...

  • Click on Start, then Run.
  • Copy and Paste the green bold text below in to the Run Box:

cmd /c dir /a /s C:\QooBox >log.txt&start log.txt


  • Then click on OK.
  • A Text File will open up, please Copy and Paste the contents in your next reply.

==========

Upload this for me please. It was modified 6/16/11.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\system32\dllcache\mup.sys

If you get...

This file has been scanned before. The results for this previous scan are listed below.


Please choose "Scan Again"!!!!!!!!!

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal

==========

In case you were curious this is where Avast stores its quarantine detections. :thumbup2:

scanning hidden files ...
.
.
C:\## aswSnx private storage


==========

How is the computer running?

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:04:29 AM

Posted 08 July 2011 - 08:00 PM

Hi there,

Here is the text log you wanted...

Volume in drive C has no label.
Volume Serial Number is A445-CFAA

Directory of C:\QooBox

07/07/2011 08:27 PM <DIR> .
07/07/2011 08:27 PM <DIR> ..
07/07/2011 08:19 PM 16,566 Add-Remove Programs.txt
07/07/2011 07:41 PM <DIR> BackEnv
07/07/2011 08:21 PM 221 ComboFix-quarantined-files.txt
07/07/2011 08:27 PM <DIR> LastRun
07/07/2011 07:45 PM <DIR> Quarantine
07/07/2011 08:14 PM 1,579,091 SnapShot@2011-07-08_00.11.53.dat
07/07/2011 08:27 PM <DIR> Test
07/07/2011 08:27 PM <DIR> TestC
3 File(s) 1,595,878 bytes

Directory of C:\QooBox\BackEnv

07/07/2011 07:41 PM <DIR> .
07/07/2011 07:41 PM <DIR> ..
07/07/2011 07:41 PM 288 AppData.folder.dat
07/07/2011 07:41 PM 322 Cache.folder.dat
07/07/2011 07:41 PM 144 Cookies.folder.dat
07/07/2011 07:41 PM 139 Desktop.folder.dat
07/07/2011 07:41 PM 93 Favorites.folder.dat
07/07/2011 07:41 PM 189 History.folder.dat
07/07/2011 07:41 PM 216 LocalAppData.folder.dat
07/07/2011 07:41 PM 224 LocalSettings.folder.dat
07/07/2011 07:41 PM 114 Music.folder.dat
07/07/2011 07:41 PM 42 NetHood.folder.dat
07/07/2011 07:41 PM 96 Personal.folder.dat
07/07/2011 07:41 PM 120 Pictures.folder.dat
07/07/2011 07:41 PM 96 PrintHood.folder.dat
07/07/2011 07:41 PM 267 Profiles.Folder.dat
07/07/2011 07:41 PM 467 Profiles.Folder.folder.dat
07/07/2011 07:41 PM 237 Programs.folder.dat
07/07/2011 07:41 PM 90 Recent.folder.dat
07/07/2011 07:41 PM 90 SendTo.folder.dat
07/07/2011 07:41 PM 7,129 SetPath.bat
07/07/2011 07:41 PM 148 StartMenu.folder.dat
07/07/2011 07:41 PM 199 StartUp.folder.dat
07/07/2011 07:38 PM 2,187 SysPath.dat
07/07/2011 07:41 PM 93 Templates.folder.dat
07/07/2011 07:41 PM 2,188 VikPev00
24 File(s) 15,178 bytes

Directory of C:\QooBox\LastRun

07/07/2011 08:27 PM <DIR> .
07/07/2011 08:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine

07/07/2011 07:45 PM <DIR> .
07/07/2011 07:45 PM <DIR> ..
07/07/2011 08:05 PM <DIR> C
07/07/2011 07:38 PM 102 catchme.log
07/07/2011 08:16 PM <DIR> Registry_backups
1 File(s) 102 bytes

Directory of C:\QooBox\Quarantine\C

07/07/2011 08:05 PM <DIR> .
07/07/2011 08:05 PM <DIR> ..
07/07/2011 08:05 PM <DIR> Documents and Settings
07/07/2011 08:05 PM <DIR> WINDOWS
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings

07/07/2011 08:05 PM <DIR> .
07/07/2011 08:05 PM <DIR> ..
07/07/2011 08:05 PM <DIR> Rhon
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Rhon

07/07/2011 08:05 PM <DIR> .
07/07/2011 08:05 PM <DIR> ..
07/07/2011 08:05 PM <DIR> WINDOWS
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Rhon\WINDOWS

07/07/2011 08:05 PM <DIR> .
07/07/2011 08:05 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS

07/07/2011 08:05 PM <DIR> .
07/07/2011 08:05 PM <DIR> ..
07/07/2011 08:05 PM <DIR> Downloaded Program Files
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files

07/07/2011 08:05 PM <DIR> .
07/07/2011 08:05 PM <DIR> ..
07/07/2011 08:05 PM <DIR> ODCTOOLS
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\ODCTOOLS

07/07/2011 08:05 PM <DIR> .
07/07/2011 08:05 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\Registry_backups

07/07/2011 08:16 PM <DIR> .
07/07/2011 08:16 PM <DIR> ..
07/07/2011 08:00 PM 5,995 tcpip.reg
1 File(s) 5,995 bytes

Directory of C:\QooBox\Test

07/07/2011 08:27 PM <DIR> .
07/07/2011 08:27 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\TestC

07/07/2011 08:27 PM <DIR> .
07/07/2011 08:27 PM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
29 File(s) 1,617,153 bytes
41 Dir(s) 199,448,469,504 bytes free


I started to do the Jotti scan but I did not see a dllcache folder in my C\windows\system32
I unhid my files but I still don't see this folder....

Also, one more thing I forgot to mention last night....while running CF..it said it was deleting 2 files...?? I didn't know that CF deleted files?? The files were..

C\Documents and Setting\Rhon\Windows
C\Windows\Downloaded Program Files\ODCTools

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 10 July 2011 - 12:23 PM

Hmmm. Let's see..

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:

@echo off
dir "c:\windows\system32\dllcache\mup.sys" > C:\mup.txt

Name the file as mup.bat, making sure save as type is set to " All Files ".
Double click on mup.bat & allow it to run. Copy and paste the content in your next reply. The file is located @ C:\mup.txt).

==========

Also, one more thing I forgot to mention last night....while running CF..it said it was deleting 2 files...?? I didn't know that CF deleted files?? The files were..

C\Documents and Setting\Rhon\Windows
C\Windows\Downloaded Program Files\ODCTools


Yes. CF certainly deletes files. Nevertheless...the CF directories that were deleted from your computer were empty and of no concern.

Directory of C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files

07/07/2011 08:05 PM <DIR> .
07/07/2011 08:05 PM <DIR> ..
07/07/2011 08:05 PM <DIR> ODCTOOLS
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\ODCTOOLS

07/07/2011 08:05 PM <DIR> .
07/07/2011 08:05 PM <DIR> ..
0 File(s) 0 bytes


==========

Let's wrap it up...

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

==========

You did not answer my question. How is your computer running now? What problems remain?

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:04:29 AM

Posted 11 July 2011 - 05:45 PM

Hi thcbytes,

Double click on mup.bat & allow it to run. Copy and paste the content in your next reply


Volume in drive C has no label.
Volume Serial Number is A445-CFAA

Directory of c:\windows\system32\dllcache

21/04/2011 09:37 AM 105,472 mup.sys
1 File(s) 105,472 bytes
0 Dir(s) 199,619,162,112 bytes free


Here is the ESET log, it found 2 threats...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=f34654088f1fad489e4c2ce6fa2e871f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-11 06:05:49
# local_time=2011-07-11 02:05:49 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 46162831 46162831 0 0
# compatibility_mode=768 16777215 100 0 16788752 16788752 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 46951732 46951732 0 0
# scanned=190509
# found=2
# cleaned=0
# scan_time=6321
C:\Documents and Settings\Rhon\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0071957.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I


You did not answer my question. How is your computer running now? What problems remain?


Well, the computer was working just fine...no more hard running and high CPU usage, I think getting rid of those extra security tools did the trick...but...

Yesterday evening I got another blue screen....this time a different one...

BAD_BOOT_CALLER

Technical Information
Stop 0x000000C2 (0x0000040, 0x0000000, 0x8000000, 0x00000000)

After re-start a box came up offering to send a report to Microsoft about a "serious" error...
I clicked for info:

Windows has recovered from a serious error

Error signature
BCCode: 100000d1   BCP1: 98936314   BCP2: 00000002   BCP3: 00000000  BCP4: AC76BD3A

OSver: 5_1_2600  SP: 3_0  Product: 768_1

I also clicked the contents of the error report and this is what it said:

Error Report Contents

The following files will be included in the report

C\Docum~1\Rhon\Locals~1\Temp\WER2be1.dir00\MINI070211-01.dmp
C\Docum~1\Rhon\Locals~1\Temp\WER2be1.dir00\Sysdata.xml

After this I ran the ESET, but it was late so I let it run and went to bed for the night...in the morning I shut down the computer before I went to work.

When I got home this evening and restarted, that "Windows has recovered from a serious error" box came up again....so I clicked the info to see if the data was the same meaning was it from the same error from last night...but some of the data was different....so could the error have occured again in startup? If so, I didn't see it happen.

This was the new data:

Error signature
BCCode:c2  BCP1: 00000040   BCP2: 10000000   BCP3: 80000000  CPP4:(I might have written this down wrong...not sure): 00000000

OSver: 5_1_2600  SP: 3_0  Product: 768_1

Again I clicked the contents of the error report and this is what it said:

Error Report Contents

The following files will be included in the report

C\Docum~1\Rhon\Locals~1\Temp\WER2be1.dir00\Mini071011-01.dmp
C\Docum~1\Rhon\Locals~1\Temp\WER2be1.dir00\Sysdata.xml

When I close this window a Microsoft web page comes up giving me suggestions on how to fix this error...it says a driver functioned incorrectly and I should go to updates to look for updates on drivers...but I would have no idea what driver to look for...??

I know you said this wasn't your area of expertise, but perhaps this info can be helpful for someone else, of your choosing, to look at???

These blue screens are making me very nervous! :blink:

#14 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:04:29 AM

Posted 12 July 2011 - 05:37 PM

Won't let me edit so I have to add another post....

Spoke too soon...computer is running hard again today, crss.exe looks to be the one using alot of CPU this time (per task manager)..... and my IE froze up again...had to shut it down with task manager and restart it to get here..

Really at a loss as to what is going on??? :wacko:

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 12 July 2011 - 08:29 PM

Still no clear evidence of anything worrisome from a malware standpoint. Re-run Eset and clear the detections this time. mup.sys indeed does exist as you demonstrated with the batch search. The file size is appropriate. I thinks its probably fine.

By the way..you said "crss.exe". Did you mean "csrss.exe"?

This next...

Send me a copy of a suspicious file(s) for analysis

Please download the Suspicious File Packer.

  • Unzip it to the desktop and run it.
  • Copy and paste the contents of the codebox into the Suspicious File Packer window:

C:\WINDOWS\explorer.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\csrss.exe

Allow SFP to pack the files. This will generate a CAB archive on your desktop.

  • Please go to here.
  • Where it asks for the "Link to topic where this file was requested" copy and paste the contents of the codebox.

    http://www.bleepingcomputer.com/forums/topic407317.html/page__pid__2317830
  • Where it says "Browse to the file you want to submit", browse to the CAB archive that was created on your desktop.
  • The cab file will be called requested-files*.cab (the * stands for the date and hour).
  • Press the Send File button.

Thanks,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users