Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP unable to run .exe files


  • Please log in to reply
19 replies to this topic

#1 EMS2010

EMS2010

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 27 July 2011 - 12:45 PM

Greetings,

I am having some trouble with a laptop of mine. Here is a summary of what's happening: When I boot the machine up, i get an error message saying it cant find the file c:\...\csrss.exe

I cannot run security check from the desktop, or any other .exe file for that matter. If I try to run something, it pops up an "Open With" window.

I am also getting popups and system tray notifications from xp internet security 2012.

Thanks for your help!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:35 AM

Posted 27 July 2011 - 10:15 PM

Welcome aboard Posted Image

Download and run exeHelper.

  • Please download exeHelper from Raktor to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file named log.txt will be created in the directory where you ran exeHelper.com
  • Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Let me know if it helped with programs opening.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 EMS2010

EMS2010
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 28 July 2011 - 09:43 AM

Success! Now I can run exe files. Here is the log:

exeHelper by Raktor
Build 20100414
Run at 09:38:24 on 07/28/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Now that I can run exe files, how shall I start the process of cleaning up this machine?

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:35 AM

Posted 28 July 2011 - 04:48 PM

Good job :)

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 EMS2010

EMS2010
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 29 July 2011 - 12:24 AM

Security Check Logfile:
 Results of screen317's Security Check version 0.99.7  
 Windows XP Service Pack 3  
 Internet Explorer 8  
[b]`````````````````````````````` 
[u]Antivirus/Firewall Check:[/u][/b] 
 avast! Free Antivirus    
 Antivirus up to date!  
[b]``````````````````````````````` 
[u]Anti-malware/Other Utilities Check:[/u][/b] 
 Java(TM) 6 Update 15  
 [color=red][b]Out of date Java installed![/b][/color] 
 Adobe Flash Player 10.2.152.32  
Adobe Reader 9.4.5 
Out of date Adobe Reader installed! 
 Mozilla Firefox (3.6.18) 
[b]```````````````````````````````` 
Process Check:  
[u]objlist.exe by Laurent[/u][/b] 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastUI.exe  
 AVAST Software Avast setup avast.setup 
[b]``````````End of Log````````````[/b]

MiniToolBox Log:

MiniToolBox by Farbar 
Ran by DrSwanson (administrator) on 28-07-2011 at 22:53:32
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ============================== 

Proxy is enabled.
ProxyServer: http=127.0.0.1:55253

========================= FF Proxy Settings: ============================== 

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 55253
"network.proxy.type", 0
Hosts file not detected in the default diroctory========================= IP Configuration: ================================

# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp 
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : latitude

        Primary Dns Suffix  . . . . . . . : 

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : earthlink.net

                                            earthlink.net



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : earthlink.net

        Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)

        Physical Address. . . . . . . . . : 00-08-74-9F-6B-2D

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.102

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 207.69.188.186

                                            207.69.188.187

        Lease Obtained. . . . . . . . . . : Thursday, July 28, 2011 10:46:20 PM

        Lease Expires . . . . . . . . . . : Friday, July 29, 2011 10:46:20 PM



Ethernet adapter Wireless Network Connection:



        Connection-specific DNS Suffix  . : earthlink.net

        Description . . . . . . . . . . . : Dell TrueMobile 1150 Series Mini PCI Card

        Physical Address. . . . . . . . . : 00-02-2D-7B-22-88

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.103

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 207.69.188.186

                                            207.69.188.187

        Lease Obtained. . . . . . . . . . : Thursday, July 28, 2011 10:46:26 PM

        Lease Expires . . . . . . . . . . : Friday, July 29, 2011 10:46:26 PM

Server:  ns2.mindspring.com
Address:  207.69.188.186

Name:    google.com
Addresses:  74.125.93.104, 74.125.93.103, 74.125.93.106, 74.125.93.99
	  74.125.93.105, 74.125.93.147



Pinging google.com [74.125.91.103] with 32 bytes of data:



Reply from 74.125.91.103: bytes=32 time=56ms TTL=50

Reply from 74.125.91.103: bytes=32 time=76ms TTL=50



Ping statistics for 74.125.91.103:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 56ms, Maximum = 76ms, Average = 66ms

Server:  ns2.mindspring.com
Address:  207.69.188.186

Name:    yahoo.com
Addresses:  72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
	  69.147.125.65



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=71ms TTL=51

Reply from 98.137.149.56: bytes=32 time=87ms TTL=51



Ping statistics for 98.137.149.56:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 71ms, Maximum = 87ms, Average = 79ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 08 74 9f 6b 2d ...... 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) - Packet Scheduler Miniport
0x3 ...00 02 2d 7b 22 88 ...... Dell TrueMobile 1150 Series Wireless LAN Mini PCI Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.103	  30
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.102	  30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1	  1
      192.168.1.0    255.255.255.0    192.168.1.102   192.168.1.102	  30
      192.168.1.0    255.255.255.0    192.168.1.103   192.168.1.103	  30
    192.168.1.102  255.255.255.255        127.0.0.1       127.0.0.1	  30
    192.168.1.103  255.255.255.255        127.0.0.1       127.0.0.1	  30
    192.168.1.255  255.255.255.255    192.168.1.102   192.168.1.102	  30
    192.168.1.255  255.255.255.255    192.168.1.103   192.168.1.103	  30
        224.0.0.0        240.0.0.0    192.168.1.102   192.168.1.102	  30
        224.0.0.0        240.0.0.0    192.168.1.103   192.168.1.103	  30
  255.255.255.255  255.255.255.255    192.168.1.102   192.168.1.102	  1
  255.255.255.255  255.255.255.255    192.168.1.103   192.168.1.103	  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/27/2011 00:06:58 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/27/2011 00:06:58 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/27/2011 00:06:55 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (07/27/2011 00:06:54 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/27/2011 00:06:54 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (09/27/2011 02:22:44 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/27/2011 02:08:23 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Aavmker4
AFD
aswRdr
aswSnx
aswSP
aswTdi
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Error: (09/27/2011 02:08:23 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: 
%%31

Error: (09/27/2011 02:08:23 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: 
%%31

Error: (09/27/2011 02:08:23 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
%%31

Error: (09/27/2011 02:08:23 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: 
%%31

Error: (09/27/2011 02:08:07 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/27/2011 02:08:04 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (09/27/2011 01:17:08 PM) (Source: W32Time) (User: )
Description: The time service has detected that the system time needs to be 
changed by -5356799 seconds. The time service will not change the system 
time by more than -54000 seconds. Verify that your time and time zone 
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.103:123->64.4.10.44:123) is working properly.

Error: (07/27/2011 00:54:04 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (07/27/2011 00:06:58 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/27/2011 00:06:58 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/27/2011 00:06:55 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

Error: (07/27/2011 00:06:54 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/27/2011 00:06:54 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 511.43 MB
Available physical RAM: 241.58 MB
Total Pagefile: 1247.87 MB
Available Pagefile: 1033.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.84 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:18.63 GB) (Free:1.96 GB) NTFS

========================= Users: ========================================

User accounts for \\LATITUDE

Administrator            DrSwanson                Guest                    
HelpAssistant            SUPPORT_388945a0         


== End of log == 

MBAM Log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7313

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/28/2011 11:13:36 PM
mbam-log-2011-07-28 (23-13-36).txt

Scan type: Quick scan
Objects scanned: 156164
Time elapsed: 15 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2513937148 (Trojan.FakeAlert) -> Value: 2513937148 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\DrSwanson\Local Settings\Application Data\arj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\DrSwanson\Local Settings\Application Data\arj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\DrSwanson\Local Settings\Application Data\arj.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\upwp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

GMER Log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-29 00:07:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N020ATCS04-0 rev.CA2OA72A
Running: y6onnll6.exe; Driver: C:\DOCUME~1\DRSWAN~1\LOCALS~1\Temp\ffrcapod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwAddBootEntry [0xF1F96202]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwAllocateVirtualMemory [0xF1FFCD8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwClose [0xF1FBA6C1]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwCreateEvent [0xF1F987F0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwCreateEventPair [0xF1F98848]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwCreateIoCompletion [0xF1F9895E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwCreateKey [0xF1FBA075]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwCreateMutant [0xF1F98746]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwCreateSection [0xF1F98898]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwCreateSemaphore [0xF1F9879A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwCreateTimer [0xF1F9890C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwDeleteBootEntry [0xF1F96226]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwDeleteKey [0xF1FBAD87]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwDeleteValueKey [0xF1FBB03D]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwDuplicateObject [0xF1F98BE2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwEnumerateKey [0xF1FBABF2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwEnumerateValueKey [0xF1FBAA5D]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwFreeVirtualMemory [0xF1FFCE3C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwLoadDriver [0xF1F95FF0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwModifyBootEntry [0xF1F9624A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwNotifyChangeKey [0xF1F98D56]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwNotifyChangeMultipleKeys [0xF1F96CDA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwOpenEvent [0xF1F98820]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwOpenEventPair [0xF1F98870]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwOpenIoCompletion [0xF1F98988]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwOpenKey [0xF1FBA3D1]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwOpenMutant [0xF1F98772]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwOpenProcess [0xF1F98A1A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwOpenSection [0xF1F988D8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwOpenSemaphore [0xF1F987C8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwOpenThread [0xF1F98AFE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwOpenTimer [0xF1F98936]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwProtectVirtualMemory [0xF1FFCED4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwQueryKey [0xF1FBA8D8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwQueryObject [0xF1F96BA0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwQueryValueKey [0xF1FBA72A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwRenameKey [0xF200510E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwRestoreKey [0xF1FB96E8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwSetBootEntryOrder [0xF1F9626E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwSetBootOptions [0xF1F96292]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwSetSystemInformation [0xF1F9604A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwSetSystemPowerState [0xF1F96186]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwSetValueKey [0xF1FBAE8E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwShutdownSystem [0xF1F96162]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwSystemDebugControl [0xF1F961AA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                         ZwVdmControl [0xF1F962B6]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwCreateProcessEx [0xF2012398]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!_abnormal_termination + 37C                                                                      804E29E8 4 Bytes  CALL FD402583 
PAGE            ntoskrnl.exe!ObInsertObject                                                                                   805650BA 5 Bytes  JMP F200F7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC                                                                   8056BB08 4 Bytes  CALL F1F97335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                                8058124C 7 Bytes  JMP F201239C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                                            805A038B 5 Bytes  JMP F200DD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
?               pqwippa.sys                                                                                                   The system cannot find the file specified. !
.text           win32k.sys!EngFreeUserMem + 674                                                                               BF809962 5 Bytes  JMP F1F99CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSurface + 45                                                                              BF813956 5 Bytes  JMP F1F99BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngSetLastError + 79A8                                                                             BF824309 5 Bytes  JMP F1F98F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateBitmap + F9C                                                                              BF828C73 5 Bytes  JMP F1F99E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + 2C50                                                                          BF8316BE 5 Bytes  JMP F1F9A014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + B68E                                                                          BF83A0FC 5 Bytes  JMP F1F99B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!FONTOBJ_pxoGetXform + 84ED                                                                         BF8519C5 5 Bytes  JMP F1F98E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 3581                                                                             BF85E554 5 Bytes  JMP F1F99180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 360C                                                                             BF85E5DF 5 Bytes  JMP F1F99326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreatePalette + 88                                                                              BF85F852 5 Bytes  JMP F1F98E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreatePalette + 5454                                                                            BF864C1E 5 Bytes  JMP F1F99BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetCurrentCodePage + 411E                                                                       BF873F63 5 Bytes  JMP F1F992FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGradientFill + 26EE                                                                             BF8947C0 2 Bytes  JMP F1F99D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGradientFill + 26F1                                                                             BF8947C3 2 Bytes  [70, 32] {JO 0x34}
.text           win32k.sys!EngStretchBltROP + 583                                                                             BF895298 5 Bytes  JMP F1F99F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCopyBits + 4DEC                                                                                 BF89DBD8 5 Bytes  JMP F1F98FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngEraseSurface + A9E0                                                                             BF8C2150 5 Bytes  JMP F1F9903E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 1517                                                                                 BF8CA5B2 5 Bytes  JMP F1F990AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 1797                                                                                 BF8CA832 5 Bytes  JMP F1F990E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSemaphore + 3B3E                                                                          BF8EC2A7 5 Bytes  JMP F1F98D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 19DF                                                                               BF9133E5 5 Bytes  JMP F1F98EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 25B3                                                                               BF913FB9 5 Bytes  JMP F1F99008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 4F12                                                                               BF916918 5 Bytes  JMP F1F99440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngPlgBlt + 18FC                                                                                   BF94638A 5 Bytes  JMP F1F99ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\svchost.exe[408] ntdll.dll!LdrLoadDll                                                     7C91632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[408] ntdll.dll!RtlDosSearchPath_U + 186                                       7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[408] ntdll.dll!LdrUnloadDll                                                   7C9171CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[408] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[408] ADVAPI32.dll!SetServiceObjectSecurity                                    77E36D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[408] ADVAPI32.dll!ChangeServiceConfigA                                        77E36E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[408] ADVAPI32.dll!ChangeServiceConfigW                                        77E37001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[408] ADVAPI32.dll!ChangeServiceConfig2A                                       77E37101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[408] ADVAPI32.dll!ChangeServiceConfig2W                                       77E37189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[408] ADVAPI32.dll!CreateServiceA                                              77E37211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[408] ADVAPI32.dll!CreateServiceW                                              77E373A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[408] ADVAPI32.dll!DeleteService                                               77E374B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[408] USER32.dll!SetWindowsHookExW                                             7E42820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[408] USER32.dll!UnhookWindowsHookEx                                           7E42D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[408] USER32.dll!SetWindowsHookExA                                             7E431211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[408] USER32.dll!SetWinEventHook                                               7E4317F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[408] USER32.dll!UnhookWinEvent                                                7E4318AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\System32\smss.exe[536] ntdll.dll!RtlDosSearchPath_U + 186                                          7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[576] ntdll.dll!LdrLoadDll                                                     7C91632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\spoolsv.exe[576] ntdll.dll!RtlDosSearchPath_U + 186                                       7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[576] ntdll.dll!LdrUnloadDll                                                   7C9171CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\spoolsv.exe[576] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[576] ADVAPI32.dll!SetServiceObjectSecurity                                    77E36D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\spoolsv.exe[576] ADVAPI32.dll!ChangeServiceConfigA                                        77E36E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\spoolsv.exe[576] ADVAPI32.dll!ChangeServiceConfigW                                        77E37001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\spoolsv.exe[576] ADVAPI32.dll!ChangeServiceConfig2A                                       77E37101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\spoolsv.exe[576] ADVAPI32.dll!ChangeServiceConfig2W                                       77E37189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\spoolsv.exe[576] ADVAPI32.dll!CreateServiceA                                              77E37211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\spoolsv.exe[576] ADVAPI32.dll!CreateServiceW                                              77E373A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\spoolsv.exe[576] ADVAPI32.dll!DeleteService                                               77E374B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\spoolsv.exe[576] USER32.dll!SetWindowsHookExW                                             7E42820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\spoolsv.exe[576] USER32.dll!UnhookWindowsHookEx                                           7E42D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\spoolsv.exe[576] USER32.dll!SetWindowsHookExA                                             7E431211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\spoolsv.exe[576] USER32.dll!SetWinEventHook                                               7E4317F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\spoolsv.exe[576] USER32.dll!UnhookWinEvent                                                7E4318AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\csrss.exe[592] ntdll.dll!RtlDosSearchPath_U + 186                                         7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[592] KERNEL32.dll!GetBinaryTypeW + 80                                           7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!LdrLoadDll                                                    7C91632D 5 Bytes  JMP 000701F8 
.text           C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!RtlDosSearchPath_U + 186                                      7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!LdrUnloadDll                                                  7C9171CD 5 Bytes  JMP 000703FC 
.text           C:\WINDOWS\system32\winlogon.exe[616] kernel32.dll!GetBinaryTypeW + 80                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!SetServiceObjectSecurity                                   77E36D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfigA                                       77E36E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfigW                                       77E37001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfig2A                                      77E37101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfig2W                                      77E37189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!CreateServiceA                                             77E37211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!CreateServiceW                                             77E373A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!DeleteService                                              77E374B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExW                                            7E42820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!UnhookWindowsHookEx                                          7E42D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExA                                            7E431211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWinEventHook                                              7E4317F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!UnhookWinEvent                                               7E4318AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrLoadDll                                                    7C91632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\services.exe[660] ntdll.dll!RtlDosSearchPath_U + 186                                      7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrUnloadDll                                                  7C9171CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\services.exe[660] kernel32.dll!GetBinaryTypeW + 80                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!SetServiceObjectSecurity                                   77E36D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigA                                       77E36E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigW                                       77E37001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2A                                      77E37101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2W                                      77E37189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!CreateServiceA                                             77E37211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!CreateServiceW                                             77E373A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!DeleteService                                              77E374B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWindowsHookExW                                            7E42820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\services.exe[660] USER32.dll!UnhookWindowsHookEx                                          7E42D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWindowsHookExA                                            7E431211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWinEventHook                                              7E4317F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\services.exe[660] USER32.dll!UnhookWinEvent                                               7E4318AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!LdrLoadDll                                                       7C91632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!RtlDosSearchPath_U + 186                                         7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!LdrUnloadDll                                                     7C9171CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\lsass.exe[672] kernel32.dll!GetBinaryTypeW + 80                                           7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!SetServiceObjectSecurity                                      77E36D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigA                                          77E36E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigW                                          77E37001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2A                                         77E37101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2W                                         77E37189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceA                                                77E37211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceW                                                77E373A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!DeleteService                                                 77E374B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWindowsHookExW                                               7E42820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\lsass.exe[672] USER32.dll!UnhookWindowsHookEx                                             7E42D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWindowsHookExA                                               7E431211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWinEventHook                                                 7E4317F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\lsass.exe[672] USER32.dll!UnhookWinEvent                                                  7E4318AC 5 Bytes  JMP 002C03FC 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] ntdll.dll!LdrLoadDll                                 7C91632D 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] ntdll.dll!RtlDosSearchPath_U + 186                   7C916865 1 Byte  [62]
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] ntdll.dll!LdrUnloadDll                               7C9171CD 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] kernel32.dll!GetBinaryTypeW + 80                     7C868D8C 1 Byte  [62]
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] ADVAPI32.dll!SetServiceObjectSecurity                77E36D81 5 Bytes  JMP 00391014 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] ADVAPI32.dll!ChangeServiceConfigA                    77E36E69 5 Bytes  JMP 00390804 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] ADVAPI32.dll!ChangeServiceConfigW                    77E37001 5 Bytes  JMP 00390A08 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] ADVAPI32.dll!ChangeServiceConfig2A                   77E37101 5 Bytes  JMP 00390C0C 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] ADVAPI32.dll!ChangeServiceConfig2W                   77E37189 5 Bytes  JMP 00390E10 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] ADVAPI32.dll!CreateServiceA                          77E37211 5 Bytes  JMP 003901F8 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] ADVAPI32.dll!CreateServiceW                          77E373A9 5 Bytes  JMP 003903FC 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] ADVAPI32.dll!DeleteService                           77E374B1 5 Bytes  JMP 00390600 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] USER32.dll!SetWindowsHookExW                         7E42820F 5 Bytes  JMP 003A0804 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] USER32.dll!UnhookWindowsHookEx                       7E42D5F3 5 Bytes  JMP 003A0A08 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] USER32.dll!SetWindowsHookExA                         7E431211 5 Bytes  JMP 003A0600 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] USER32.dll!SetWinEventHook                           7E4317F7 5 Bytes  JMP 003A01F8 
.text           C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[716] USER32.dll!UnhookWinEvent                            7E4318AC 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] ntdll.dll!LdrLoadDll                                                    7C91632D 5 Bytes  JMP 001401F8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] ntdll.dll!RtlDosSearchPath_U + 186                                      7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] ntdll.dll!LdrUnloadDll                                                  7C9171CD 5 Bytes  JMP 001403FC 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] kernel32.dll!GetBinaryTypeW + 80                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] USER32.dll!SetWindowsHookExW                                            7E42820F 5 Bytes  JMP 00380804 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] USER32.dll!UnhookWindowsHookEx                                          7E42D5F3 5 Bytes  JMP 00380A08 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] USER32.dll!SetWindowsHookExA                                            7E431211 5 Bytes  JMP 00380600 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] USER32.dll!SetWinEventHook                                              7E4317F7 5 Bytes  JMP 003801F8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] USER32.dll!UnhookWinEvent                                               7E4318AC 5 Bytes  JMP 003803FC 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] ADVAPI32.dll!SetServiceObjectSecurity                                   77E36D81 5 Bytes  JMP 00391014 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] ADVAPI32.dll!ChangeServiceConfigA                                       77E36E69 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] ADVAPI32.dll!ChangeServiceConfigW                                       77E37001 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] ADVAPI32.dll!ChangeServiceConfig2A                                      77E37101 5 Bytes  JMP 00390C0C 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] ADVAPI32.dll!ChangeServiceConfig2W                                      77E37189 5 Bytes  JMP 00390E10 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] ADVAPI32.dll!CreateServiceA                                             77E37211 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] ADVAPI32.dll!CreateServiceW                                             77E373A9 5 Bytes  JMP 003903FC 
.text           C:\WINDOWS\system32\Ati2evxx.exe[824] ADVAPI32.dll!DeleteService                                              77E374B1 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!LdrLoadDll                                                     7C91632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!RtlDosSearchPath_U + 186                                       7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!LdrUnloadDll                                                   7C9171CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!SetServiceObjectSecurity                                    77E36D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigA                                        77E36E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigW                                        77E37001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2A                                       77E37101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2W                                       77E37189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!CreateServiceA                                              77E37211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!CreateServiceW                                              77E373A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!DeleteService                                               77E374B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWindowsHookExW                                             7E42820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[840] USER32.dll!UnhookWindowsHookEx                                           7E42D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWindowsHookExA                                             7E431211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWinEventHook                                               7E4317F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[840] USER32.dll!UnhookWinEvent                                                7E4318AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!LdrLoadDll                                                     7C91632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!RtlDosSearchPath_U + 186                                       7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!LdrUnloadDll                                                   7C9171CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!SetServiceObjectSecurity                                    77E36D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigA                                        77E36E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigW                                        77E37001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2A                                       77E37101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2W                                       77E37189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceA                                              77E37211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceW                                              77E373A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!DeleteService                                               77E374B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[896] USER32.dll!SetWindowsHookExW                                             7E42820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[896] USER32.dll!UnhookWindowsHookEx                                           7E42D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[896] USER32.dll!SetWindowsHookExA                                             7E431211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[896] USER32.dll!SetWinEventHook                                               7E4317F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[896] USER32.dll!UnhookWinEvent                                                7E4318AC 5 Bytes  JMP 002C03FC 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] ntdll.dll!LdrLoadDll                                              7C91632D 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] ntdll.dll!RtlDosSearchPath_U + 186                                7C916865 1 Byte  [62]
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] ntdll.dll!LdrUnloadDll                                            7C9171CD 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] kernel32.dll!GetBinaryTypeW + 80                                  7C868D8C 1 Byte  [62]
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] ADVAPI32.dll!SetServiceObjectSecurity                             77E36D81 5 Bytes  JMP 00391014 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] ADVAPI32.dll!ChangeServiceConfigA                                 77E36E69 5 Bytes  JMP 00390804 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] ADVAPI32.dll!ChangeServiceConfigW                                 77E37001 5 Bytes  JMP 00390A08 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] ADVAPI32.dll!ChangeServiceConfig2A                                77E37101 5 Bytes  JMP 00390C0C 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] ADVAPI32.dll!ChangeServiceConfig2W                                77E37189 5 Bytes  JMP 00390E10 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] ADVAPI32.dll!CreateServiceA                                       77E37211 5 Bytes  JMP 003901F8 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] ADVAPI32.dll!CreateServiceW                                       77E373A9 5 Bytes  JMP 003903FC 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] ADVAPI32.dll!DeleteService                                        77E374B1 5 Bytes  JMP 00390600 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] USER32.dll!SetWindowsHookExW                                      7E42820F 5 Bytes  JMP 003A0804 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] USER32.dll!UnhookWindowsHookEx                                    7E42D5F3 5 Bytes  JMP 003A0A08 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] USER32.dll!SetWindowsHookExA                                      7E431211 5 Bytes  JMP 003A0600 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] USER32.dll!SetWinEventHook                                        7E4317F7 5 Bytes  JMP 003A01F8 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[940] USER32.dll!UnhookWinEvent                                         7E4318AC 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!LdrLoadDll                                                     7C91632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!RtlDosSearchPath_U + 186                                       7C916865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!LdrUnloadDll                                                   7C9171CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!SetServiceObjectSecurity                                    77E36D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfigA                                        77E36E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfigW                                        77E37001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfig2A                                       77E37101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfig2W                                       77E37189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!CreateServiceA                                              77E37211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!CreateServiceW                                              77E373A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!DeleteService                                               77E374B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\svchost.exe[988] USER32.dll!SetWindowsHookExW                                             7E42820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\svchost.exe[988] USER32.dll!UnhookWindowsHookEx                                           7E42D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\svchost.exe[988] USER32.dll!SetWindowsHookExA                                             7E431211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\System32\svchost.exe[988] USER32.dll!SetWinEventHook                                               7E4317F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\svchost.exe[988] USER32.dll!UnhookWinEvent                                                7E4318AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrLoadDll                                                    7C91632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!RtlDosSearchPath_U + 186                                      7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrUnloadDll                                                  7C9171CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 80                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity                                   77E36D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigA                                       77E36E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigW                                       77E37001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A                                      77E37101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W                                      77E37189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateServiceA                                             77E37211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateServiceW                                             77E373A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!DeleteService                                              77E374B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExW                                            7E42820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx                                          7E42D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExA                                            7E431211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!SetWinEventHook                                              7E4317F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!UnhookWinEvent                                               7E4318AC 5 Bytes  JMP 002C03FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] ntdll.dll!LdrLoadDll                        7C91632D 5 Bytes  JMP 001401F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186          7C916865 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] ntdll.dll!LdrUnloadDll                      7C9171CD 5 Bytes  JMP 001403FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] kernel32.dll!GetBinaryTypeW + 80            7C868D8C 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity       77E36D81 5 Bytes  JMP 00381014 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] ADVAPI32.dll!ChangeServiceConfigA           77E36E69 5 Bytes  JMP 00380804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] ADVAPI32.dll!ChangeServiceConfigW           77E37001 5 Bytes  JMP 00380A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A          77E37101 5 Bytes  JMP 00380C0C 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W          77E37189 5 Bytes  JMP 00380E10 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] ADVAPI32.dll!CreateServiceA                 77E37211 5 Bytes  JMP 003801F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] ADVAPI32.dll!CreateServiceW                 77E373A9 5 Bytes  JMP 003803FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] ADVAPI32.dll!DeleteService                  77E374B1 5 Bytes  JMP 00380600 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] USER32.dll!SetWindowsHookExW                7E42820F 5 Bytes  JMP 00390804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] USER32.dll!UnhookWindowsHookEx              7E42D5F3 5 Bytes  JMP 00390A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] USER32.dll!SetWindowsHookExA                7E431211 5 Bytes  JMP 00390600 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] USER32.dll!SetWinEventHook                  7E4317F7 5 Bytes  JMP 003901F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1100] USER32.dll!UnhookWinEvent                   7E4318AC 5 Bytes  JMP 003903FC 
.text           C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll                                                    7C91632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186                                      7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll                                                  7C9171CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 80                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity                                   77E36D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigA                                       77E36E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigW                                       77E37001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A                                      77E37101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W                                      77E37189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateServiceA                                             77E37211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateServiceW                                             77E373A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!DeleteService                                              77E374B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW                                            7E42820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx                                          7E42D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA                                            7E431211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWinEventHook                                              7E4317F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!UnhookWinEvent                                               7E4318AC 5 Bytes  JMP 002C03FC 
.text           C:\Documents and Settings\DrSwanson\Desktop\y6onnll6.exe[1288] ntdll.dll!RtlDosSearchPath_U + 186             7C916865 1 Byte  [62]
.text           C:\Documents and Settings\DrSwanson\Desktop\y6onnll6.exe[1288] kernel32.dll!GetBinaryTypeW + 80               7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[1500] ntdll.dll!LdrLoadDll                                                            7C91632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\Explorer.EXE[1500] ntdll.dll!RtlDosSearchPath_U + 186                                              7C916865 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[1500] ntdll.dll!LdrUnloadDll                                                          7C9171CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\Explorer.EXE[1500] kernel32.dll!GetBinaryTypeW + 80                                                7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[1500] ADVAPI32.dll!SetServiceObjectSecurity                                           77E36D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\Explorer.EXE[1500] ADVAPI32.dll!ChangeServiceConfigA                                               77E36E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\Explorer.EXE[1500] ADVAPI32.dll!ChangeServiceConfigW                                               77E37001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\Explorer.EXE[1500] ADVAPI32.dll!ChangeServiceConfig2A                                              77E37101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\Explorer.EXE[1500] ADVAPI32.dll!ChangeServiceConfig2W                                              77E37189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\Explorer.EXE[1500] ADVAPI32.dll!CreateServiceA                                                     77E37211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\Explorer.EXE[1500] ADVAPI32.dll!CreateServiceW                                                     77E373A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\Explorer.EXE[1500] ADVAPI32.dll!DeleteService                                                      77E374B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\Explorer.EXE[1500] USER32.dll!SetWindowsHookExW                                                    7E42820F 5 Bytes  JMP 002D0804 
.text           C:\WINDOWS\Explorer.EXE[1500] USER32.dll!UnhookWindowsHookEx                                                  7E42D5F3 5 Bytes  JMP 002D0A08 
.text           C:\WINDOWS\Explorer.EXE[1500] USER32.dll!SetWindowsHookExA                                                    7E431211 5 Bytes  JMP 002D0600 
.text           C:\WINDOWS\Explorer.EXE[1500] USER32.dll!SetWinEventHook                                                      7E4317F7 5 Bytes  JMP 002D01F8 
.text           C:\WINDOWS\Explorer.EXE[1500] USER32.dll!UnhookWinEvent                                                       7E4318AC 5 Bytes  JMP 002D03FC 
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1568] ntdll.dll!RtlDosSearchPath_U + 186                   7C916865 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1568] kernel32.dll!SetUnhandledExceptionFilter             7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1568] kernel32.dll!GetBinaryTypeW + 80                     7C868D8C 1 Byte  [62]
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] ntdll.dll!LdrLoadDll                   7C91632D 5 Bytes  JMP 001401F8 
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] ntdll.dll!RtlDosSearchPath_U + 186     7C916865 1 Byte  [62]
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] ntdll.dll!LdrUnloadDll                 7C9171CD 5 Bytes  JMP 001403FC 
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] kernel32.dll!GetBinaryTypeW + 80       7C868D8C 1 Byte  [62]
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] USER32.dll!SetWindowsHookExW           7E42820F 5 Bytes  JMP 00380804 
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] USER32.dll!UnhookWindowsHookEx         7E42D5F3 5 Bytes  JMP 00380A08 
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] USER32.dll!SetWindowsHookExA           7E431211 5 Bytes  JMP 00380600 
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] USER32.dll!SetWinEventHook             7E4317F7 5 Bytes  JMP 003801F8 
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] USER32.dll!UnhookWinEvent              7E4318AC 5 Bytes  JMP 003803FC 
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] ADVAPI32.dll!SetServiceObjectSecurity  77E36D81 5 Bytes  JMP 00391014 
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] ADVAPI32.dll!ChangeServiceConfigA      77E36E69 5 Bytes  JMP 00390804 
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] ADVAPI32.dll!ChangeServiceConfigW      77E37001 5 Bytes  JMP 00390A08 
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] ADVAPI32.dll!ChangeServiceConfig2A     77E37101 5 Bytes  JMP 00390C0C 
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] ADVAPI32.dll!ChangeServiceConfig2W     77E37189 5 Bytes  JMP 00390E10 
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] ADVAPI32.dll!CreateServiceA            77E37211 5 Bytes  JMP 003901F8 
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] ADVAPI32.dll!CreateServiceW            77E373A9 5 Bytes  JMP 003903FC 
.text           C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2132] ADVAPI32.dll!DeleteService             77E374B1 5 Bytes  JMP 00390600 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] ntdll.dll!LdrLoadDll                                         7C91632D 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] ntdll.dll!RtlDosSearchPath_U + 186                           7C916865 1 Byte  [62]
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] ntdll.dll!LdrUnloadDll                                       7C9171CD 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] kernel32.dll!GetBinaryTypeW + 80                             7C868D8C 1 Byte  [62]
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] ADVAPI32.dll!SetServiceObjectSecurity                        77E36D81 5 Bytes  JMP 003A1014 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] ADVAPI32.dll!ChangeServiceConfigA                            77E36E69 5 Bytes  JMP 003A0804 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] ADVAPI32.dll!ChangeServiceConfigW                            77E37001 5 Bytes  JMP 003A0A08 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] ADVAPI32.dll!ChangeServiceConfig2A                           77E37101 5 Bytes  JMP 003A0C0C 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] ADVAPI32.dll!ChangeServiceConfig2W                           77E37189 5 Bytes  JMP 003A0E10 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] ADVAPI32.dll!CreateServiceA                                  77E37211 5 Bytes  JMP 003A01F8 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] ADVAPI32.dll!CreateServiceW                                  77E373A9 5 Bytes  JMP 003A03FC 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] ADVAPI32.dll!DeleteService                                   77E374B1 5 Bytes  JMP 003A0600 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] USER32.dll!SetWindowsHookExW                                 7E42820F 5 Bytes  JMP 003B0804 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] USER32.dll!UnhookWindowsHookEx                               7E42D5F3 5 Bytes  JMP 003B0A08 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] USER32.dll!SetWindowsHookExA                                 7E431211 5 Bytes  JMP 003B0600 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] USER32.dll!SetWinEventHook                                   7E4317F7 5 Bytes  JMP 003B01F8 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[2188] USER32.dll!UnhookWinEvent                                    7E4318AC 5 Bytes  JMP 003B03FC 
.text           C:\Program Files\AVAST Software\Avast\avastUI.exe[2344] ntdll.dll!RtlDosSearchPath_U + 186                    7C916865 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\avastUI.exe[2344] kernel32.dll!GetBinaryTypeW + 80                      7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[2384] ntdll.dll!LdrLoadDll                                                    7C91632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\svchost.exe[2384] ntdll.dll!RtlDosSearchPath_U + 186                                      7C916865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[2384] ntdll.dll!LdrUnloadDll                                                  7C9171CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\svchost.exe[2384] kernel32.dll!GetBinaryTypeW + 80                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[2384] ADVAPI32.dll!SetServiceObjectSecurity                                   77E36D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfigA                                       77E36E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfigW                                       77E37001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfig2A                                      77E37101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\System32\svchost.exe[2384] ADVAPI32.dll!ChangeServiceConfig2W                                      77E37189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\System32\svchost.exe[2384] ADVAPI32.dll!CreateServiceA                                             77E37211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\svchost.exe[2384] ADVAPI32.dll!CreateServiceW                                             77E373A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\svchost.exe[2384] ADVAPI32.dll!DeleteService                                              77E374B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\svchost.exe[2384] USER32.dll!SetWindowsHookExW                                            7E42820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\svchost.exe[2384] USER32.dll!UnhookWindowsHookEx                                          7E42D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\svchost.exe[2384] USER32.dll!SetWindowsHookExA                                            7E431211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\System32\svchost.exe[2384] USER32.dll!SetWinEventHook                                              7E4317F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\svchost.exe[2384] USER32.dll!UnhookWinEvent                                               7E4318AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] ntdll.dll!LdrLoadDll                                                     7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] ntdll.dll!RtlDosSearchPath_U + 186                                       7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\ctfmon.exe[2596] ntdll.dll!LdrUnloadDll                                                   7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity                                    77E36D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!ChangeServiceConfigA                                        77E36E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!ChangeServiceConfigW                                        77E37001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A                                       77E37101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W                                       77E37189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!CreateServiceA                                              77E37211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!CreateServiceW                                              77E373A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!DeleteService                                               77E374B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] USER32.dll!SetWindowsHookExW                                             7E42820F 5 Bytes  JMP 002D0804 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] USER32.dll!UnhookWindowsHookEx                                           7E42D5F3 5 Bytes  JMP 002D0A08 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] USER32.dll!SetWindowsHookExA                                             7E431211 5 Bytes  JMP 002D0600 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] USER32.dll!SetWinEventHook                                               7E4317F7 5 Bytes  JMP 002D01F8 
.text           C:\WINDOWS\system32\ctfmon.exe[2596] USER32.dll!UnhookWinEvent                                                7E4318AC 5 Bytes  JMP 002D03FC 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] ntdll.dll!LdrLoadDll                                                    7C91632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] ntdll.dll!RtlDosSearchPath_U + 186                                      7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\wscntfy.exe[3976] ntdll.dll!LdrUnloadDll                                                  7C9171CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] kernel32.dll!GetBinaryTypeW + 80                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\wscntfy.exe[3976] USER32.dll!SetWindowsHookExW                                            7E42820F 5 Bytes  JMP 002D0804 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] USER32.dll!UnhookWindowsHookEx                                          7E42D5F3 5 Bytes  JMP 002D0A08 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] USER32.dll!SetWindowsHookExA                                            7E431211 5 Bytes  JMP 002D0600 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] USER32.dll!SetWinEventHook                                              7E4317F7 5 Bytes  JMP 002D01F8 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] USER32.dll!UnhookWinEvent                                               7E4318AC 5 Bytes  JMP 002D03FC 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] ADVAPI32.dll!SetServiceObjectSecurity                                   77E36D81 5 Bytes  JMP 002E1014 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] ADVAPI32.dll!ChangeServiceConfigA                                       77E36E69 5 Bytes  JMP 002E0804 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] ADVAPI32.dll!ChangeServiceConfigW                                       77E37001 5 Bytes  JMP 002E0A08 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] ADVAPI32.dll!ChangeServiceConfig2A                                      77E37101 5 Bytes  JMP 002E0C0C 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] ADVAPI32.dll!ChangeServiceConfig2W                                      77E37189 5 Bytes  JMP 002E0E10 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] ADVAPI32.dll!CreateServiceA                                             77E37211 5 Bytes  JMP 002E01F8 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] ADVAPI32.dll!CreateServiceW                                             77E373A9 5 Bytes  JMP 002E03FC 
.text           C:\WINDOWS\system32\wscntfy.exe[3976] ADVAPI32.dll!DeleteService                                              77E374B1 5 Bytes  JMP 002E0600 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  005E0002
IAT             C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]        005E0000

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                        aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                        aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                      aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                   aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:35 AM

Posted 29 July 2011 - 10:16 AM

Please repost all logs without wrapping them in "code". They're hard to read.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 EMS2010

EMS2010
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 15 August 2011 - 08:04 PM

here is the repost of the logs:

Security Check Logfile:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 15
Out of date Java installed!
Adobe Flash Player 10.2.152.32
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.18)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
AVAST Software Avast setup avast.setup
``````````End of Log````````````

MiniToolBox Log:


MiniToolBox by Farbar
Ran by DrSwanson (administrator) on 28-07-2011 at 22:53:32
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:55253

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 55253
"network.proxy.type", 0
Hosts file not detected in the default diroctory========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : latitude

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : earthlink.net

earthlink.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : earthlink.net

Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)

Physical Address. . . . . . . . . : 00-08-74-9F-6B-2D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 207.69.188.186

207.69.188.187

Lease Obtained. . . . . . . . . . : Thursday, July 28, 2011 10:46:20 PM

Lease Expires . . . . . . . . . . : Friday, July 29, 2011 10:46:20 PM



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : earthlink.net

Description . . . . . . . . . . . : Dell TrueMobile 1150 Series Mini PCI Card

Physical Address. . . . . . . . . : 00-02-2D-7B-22-88

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.103

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 207.69.188.186

207.69.188.187

Lease Obtained. . . . . . . . . . : Thursday, July 28, 2011 10:46:26 PM

Lease Expires . . . . . . . . . . : Friday, July 29, 2011 10:46:26 PM

Server: ns2.mindspring.com
Address: 207.69.188.186

Name: google.com
Addresses: 74.125.93.104, 74.125.93.103, 74.125.93.106, 74.125.93.99
74.125.93.105, 74.125.93.147



Pinging google.com [74.125.91.103] with 32 bytes of data:



Reply from 74.125.91.103: bytes=32 time=56ms TTL=50

Reply from 74.125.91.103: bytes=32 time=76ms TTL=50



Ping statistics for 74.125.91.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 76ms, Average = 66ms

Server: ns2.mindspring.com
Address: 207.69.188.186

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=71ms TTL=51

Reply from 98.137.149.56: bytes=32 time=87ms TTL=51



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 71ms, Maximum = 87ms, Average = 79ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 08 74 9f 6b 2d ...... 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) - Packet Scheduler Miniport
0x3 ...00 02 2d 7b 22 88 ...... Dell TrueMobile 1150 Series Wireless LAN Mini PCI Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 30
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 30
192.168.1.0 255.255.255.0 192.168.1.103 192.168.1.103 30
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.103 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 30
192.168.1.255 255.255.255.255 192.168.1.103 192.168.1.103 30
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 30
224.0.0.0 240.0.0.0 192.168.1.103 192.168.1.103 30
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
255.255.255.255 255.255.255.255 192.168.1.103 192.168.1.103 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/27/2011 00:06:58 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/27/2011 00:06:58 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/27/2011 00:06:55 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (07/27/2011 00:06:54 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/27/2011 00:06:54 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (09/27/2011 02:22:44 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/27/2011 02:08:23 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
AFD
aswRdr
aswSnx
aswSP
aswTdi
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Error: (09/27/2011 02:08:23 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (09/27/2011 02:08:23 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (09/27/2011 02:08:23 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (09/27/2011 02:08:23 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (09/27/2011 02:08:07 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/27/2011 02:08:04 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (09/27/2011 01:17:08 PM) (Source: W32Time) (User: )
Description: The time service has detected that the system time needs to be
changed by -5356799 seconds. The time service will not change the system
time by more than -54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.103:123->64.4.10.44:123) is working properly.

Error: (07/27/2011 00:54:04 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (07/27/2011 00:06:58 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/27/2011 00:06:58 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/27/2011 00:06:55 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

Error: (07/27/2011 00:06:54 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/27/2011 00:06:54 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/27/2011 11:16:15 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 511.43 MB
Available physical RAM: 241.58 MB
Total Pagefile: 1247.87 MB
Available Pagefile: 1033.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.84 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:18.63 GB) (Free:1.96 GB) NTFS

========================= Users: ========================================

User accounts for \\LATITUDE

Administrator DrSwanson Guest
HelpAssistant SUPPORT_388945a0


== End of log ==


MBAM Log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7313

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/28/2011 11:13:36 PM
mbam-log-2011-07-28 (23-13-36).txt

Scan type: Quick scan
Objects scanned: 156164
Time elapsed: 15 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2513937148 (Trojan.FakeAlert) -> Value: 2513937148 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\DrSwanson\Local Settings\Application Data\arj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\DrSwanson\Local Settings\Application Data\arj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\DrSwanson\Local Settings\Application Data\arj.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\upwp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:35 AM

Posted 15 August 2011 - 08:46 PM

...and GMER....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 EMS2010

EMS2010
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 15 August 2011 - 09:48 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-15 21:47:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N020ATCS04-0 rev.CA2OA72A
Running: y6onnll6.exe; Driver: C:\DOCUME~1\DRSWAN~1\LOCALS~1\Temp\ffrcapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEBB2D202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEBDC4D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEBB516C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEBB2F7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEBB2F848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEBB2F95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEBB51075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEBB2F746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEBB2F898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEBB2F79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEBB2F90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEBB2D226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEBB51D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEBB5203D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEBB2FBE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEBB51BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEBB51A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEBDC4E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEBB2CFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEBB2D24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEBB2FD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEBB2DCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEBB2F820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEBB2F870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEBB2F988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEBB513D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEBB2F772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEBB2FA1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEBB2F8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEBB2F7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEBB2FAFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEBB2F936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEBDC4ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEBB518D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEBB2DBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEBB5172A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEBDCD10E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEBB506E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEBB2D26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEBB2D292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEBB2D04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEBB2D186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEBB51E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEBB2D162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEBB2D1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEBB2D2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEBDDA398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 270 804E28DC 1 Byte [D4]
.text ntoskrnl.exe!_abnormal_termination + 37C 804E29E8 4 Bytes CALL FD39DEF3
PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP EBDD77F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL EBB2E335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP EBDDA39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP EBDD5D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP EBB30CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP EBB30BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP EBB2FF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP EBB30E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP EBB31014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP EBB30B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP EBB2FE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP EBB30180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP EBB30326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP EBB2FE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP EBB30BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP EBB302FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP EBB30D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP EBB30F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP EBB2FFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP EBB3003E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP EBB300AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP EBB300E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP EBB2FD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP EBB2FEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP EBB30008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP EBB30440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP EBB30ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Java\jre6\bin\jqs.exe[160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[264] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[264] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[264] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[264] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[264] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[264] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[264] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[264] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[264] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[264] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[264] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[264] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[264] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe[268] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\smss.exe[468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[524] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[556] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[600] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[600] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[600] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[600] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[600] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[600] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[600] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[612] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[764] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[764] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[764] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Documents and Settings\DrSwanson\Desktop\y6onnll6.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\DrSwanson\Desktop\y6onnll6.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[904] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[904] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[904] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[904] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[904] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[904] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wscntfy.exe[1224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[1224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[1224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1224] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wscntfy.exe[1224] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wscntfy.exe[1224] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wscntfy.exe[1224] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wscntfy.exe[1224] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wscntfy.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\wscntfy.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\wscntfy.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\wscntfy.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\wscntfy.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\wscntfy.exe[1224] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\wscntfy.exe[1224] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\wscntfy.exe[1224] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1244] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1308] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1480] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Java\jre6\bin\jusched.exe[1488] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1520] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[1544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1544] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[1544] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[1544] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[1544] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[1544] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[1544] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[1544] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[1544] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[1544] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[1544] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[1544] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[1544] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[1544] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\spoolsv.exe[1932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 005D1014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 005D0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 005D0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 005D0C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 005D0E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005D01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005D03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 005D0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 005E0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 005E0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 005E0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005E01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005E03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104089D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006B1014
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006B0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006B0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006B0C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006B0E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006B01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006B03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006B0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006C0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006C0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006C0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006C01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3124] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006C03FC
.text C:\WINDOWS\System32\svchost.exe[3868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[3868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[3868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3868] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[3868] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[3868] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[3868] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[3868] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[3868] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[3868] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[3868] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[3868] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[3868] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[3868] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[3868] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[3868] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[600] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[600] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:35 AM

Posted 15 August 2011 - 10:35 PM

OK, to start with we have proxies issue and missing "hosts" file.

Open Notepad.
Paste the following text into it:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#  	102.54.94.97 	rhino.acme.com      	# source server
#   	38.25.63.10 	x.acme.com          	# x client host

127.0.0.1   	localhost

Go File>Save As and...

1. Name the file hosts. (no extension; make sure there is just a "dot" at the end <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. Make sure the file is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

Posted Image

=========================================================================

Then, re-run MiniToolbox.

Checkmark following boxes:
  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
Click Go and post the result.

Restart computer.

Then, re-run MiniToolbox again.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
Click Go and post the result.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 EMS2010

EMS2010
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 15 August 2011 - 11:40 PM

MiniToolBox by Farbar
Ran by DrSwanson (administrator) on 15-08-2011 at 23:38:28
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.


== End of log ==

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:35 AM

Posted 15 August 2011 - 11:42 PM

Go on....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 EMS2010

EMS2010
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 15 August 2011 - 11:48 PM

MiniToolBox by Farbar
Ran by DrSwanson (administrator) on 15-08-2011 at 23:48:18
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost


== End of log ==

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:35 AM

Posted 15 August 2011 - 11:58 PM

Good.
How is redirection?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 EMS2010

EMS2010
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 16 August 2011 - 12:01 AM

no browser redirects to speak of.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users