Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware - FTP Logins


  • Please log in to reply
6 replies to this topic

#1 veronica20

veronica20

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 16 August 2011 - 07:20 AM

I think there is malware on my laptop - Windows XP Service Pack 3. When I use FTP to access my website malware spreads and infects all of the index files. I have done the following.

Uninstalled FTP - Filezilla
Scanned with Avast, Malwarebytes, Spy Bot Search and Destroy, Ad-Aware, and TDSS Killer. Nothing has been found.
Installed CuteFTP - logged into website and a couple of hours later site was infected again.
Uninstalled CuteFTP

I have removed the malware from the website and changed all of the logins but think my laptop is still compromised in someway and I'm hesitant to reinstall ftp.

In msconfig / Startup I did find an entry for auv which is in Local Settings/Application Data/auv.exe I can't locate the file in the folder and I have unhidden system files. I have removed the entry from startup but can't find any information on what this might be.

Otherwise, the computer isn't running slow and nothing else seems out of the ordinary.

Thank you for your assistance.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:20 AM

Posted 16 August 2011 - 07:24 AM

Can you post the logs from Malwarebytes and TDSSKiller?

#3 veronica20

veronica20
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 16 August 2011 - 07:46 AM

Thank you for your quick response.


MalwareBytes - this is a quick scan - should it be a full one?


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7468

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/16/2011 8:40:59 AM
mbam-log-2011-08-16 (08-40-59).txt

Scan type: Quick scan
Objects scanned: 169809
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Tdsskiller

2011/08/16 08:37:03.0406 3564 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/16 08:37:04.0718 3564 ================================================================================
2011/08/16 08:37:04.0718 3564 SystemInfo:
2011/08/16 08:37:04.0718 3564
2011/08/16 08:37:04.0718 3564 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/16 08:37:04.0718 3564 Product type: Workstation
2011/08/16 08:37:04.0718 3564 ComputerName: VERONICA
2011/08/16 08:37:04.0718 3564 UserName: Kim
2011/08/16 08:37:04.0718 3564 Windows directory: C:\WINDOWS
2011/08/16 08:37:04.0718 3564 System windows directory: C:\WINDOWS
2011/08/16 08:37:04.0718 3564 Processor architecture: Intel x86
2011/08/16 08:37:04.0718 3564 Number of processors: 2
2011/08/16 08:37:04.0718 3564 Page size: 0x1000
2011/08/16 08:37:04.0718 3564 Boot type: Normal boot
2011/08/16 08:37:04.0718 3564 ================================================================================
2011/08/16 08:37:04.0890 3564 Initialize success
2011/08/16 08:37:06.0968 1152 ================================================================================
2011/08/16 08:37:06.0968 1152 Scan started
2011/08/16 08:37:06.0968 1152 Mode: Manual;
2011/08/16 08:37:06.0968 1152 ================================================================================
2011/08/16 08:37:07.0593 1152 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/16 08:37:07.0656 1152 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/16 08:37:07.0687 1152 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/16 08:37:07.0703 1152 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/16 08:37:07.0734 1152 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/16 08:37:07.0796 1152 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/16 08:37:07.0843 1152 AESTAud (fde8ed2c9280afb8975894aa78eef59f) C:\WINDOWS\system32\drivers\AESTAud.sys
2011/08/16 08:37:07.0890 1152 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/16 08:37:07.0921 1152 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/16 08:37:07.0937 1152 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/16 08:37:07.0953 1152 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/16 08:37:07.0968 1152 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/16 08:37:07.0984 1152 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/16 08:37:08.0031 1152 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/16 08:37:08.0031 1152 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/16 08:37:08.0062 1152 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/16 08:37:08.0078 1152 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/16 08:37:08.0140 1152 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/08/16 08:37:08.0187 1152 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/08/16 08:37:08.0203 1152 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/16 08:37:08.0218 1152 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/16 08:37:08.0234 1152 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/16 08:37:08.0296 1152 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/16 08:37:08.0328 1152 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/16 08:37:08.0359 1152 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/16 08:37:08.0421 1152 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/16 08:37:08.0468 1152 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/16 08:37:08.0500 1152 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/16 08:37:08.0531 1152 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/16 08:37:08.0546 1152 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/16 08:37:08.0609 1152 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/08/16 08:37:08.0640 1152 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/16 08:37:08.0656 1152 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/16 08:37:08.0750 1152 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/08/16 08:37:08.0781 1152 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/16 08:37:08.0796 1152 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/16 08:37:08.0812 1152 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/16 08:37:08.0828 1152 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/16 08:37:08.0843 1152 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/16 08:37:08.0859 1152 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/16 08:37:08.0875 1152 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/16 08:37:08.0937 1152 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/16 08:37:08.0953 1152 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/16 08:37:08.0968 1152 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/16 08:37:09.0000 1152 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/16 08:37:09.0031 1152 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/16 08:37:09.0046 1152 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/16 08:37:09.0062 1152 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/16 08:37:09.0109 1152 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/16 08:37:09.0140 1152 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/16 08:37:09.0156 1152 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/16 08:37:09.0187 1152 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/16 08:37:09.0218 1152 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/16 08:37:09.0234 1152 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/16 08:37:09.0265 1152 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/16 08:37:09.0406 1152 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/16 08:37:09.0437 1152 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/16 08:37:09.0468 1152 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/16 08:37:09.0515 1152 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/16 08:37:09.0578 1152 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/16 08:37:09.0656 1152 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/16 08:37:09.0718 1152 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/16 08:37:09.0750 1152 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/16 08:37:09.0765 1152 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/16 08:37:09.0828 1152 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/16 08:37:09.0875 1152 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/16 08:37:09.0890 1152 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/16 08:37:09.0921 1152 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/16 08:37:09.0968 1152 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/16 08:37:10.0171 1152 ialm (d1359e54d9755d28e56b17a352ab8aae) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/08/16 08:37:10.0250 1152 iaStor (80c633722da72e97f3f5b3b11325696d) C:\WINDOWS\system32\drivers\iaStor.sys
2011/08/16 08:37:10.0296 1152 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/16 08:37:10.0328 1152 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/16 08:37:10.0343 1152 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/16 08:37:10.0359 1152 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/16 08:37:10.0390 1152 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/16 08:37:10.0421 1152 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/16 08:37:10.0437 1152 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/16 08:37:10.0468 1152 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/16 08:37:10.0500 1152 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/16 08:37:10.0515 1152 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/16 08:37:10.0546 1152 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/16 08:37:10.0578 1152 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/16 08:37:10.0593 1152 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/16 08:37:10.0625 1152 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/16 08:37:10.0656 1152 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/16 08:37:10.0750 1152 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/08/16 08:37:10.0781 1152 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/08/16 08:37:10.0843 1152 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/08/16 08:37:10.0875 1152 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/16 08:37:10.0906 1152 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/16 08:37:10.0953 1152 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/16 08:37:10.0968 1152 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/16 08:37:10.0984 1152 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/16 08:37:11.0031 1152 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/16 08:37:11.0046 1152 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/16 08:37:11.0093 1152 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/16 08:37:11.0125 1152 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/16 08:37:11.0171 1152 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/16 08:37:11.0218 1152 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/16 08:37:11.0234 1152 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/16 08:37:11.0265 1152 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/16 08:37:11.0328 1152 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/16 08:37:11.0343 1152 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/16 08:37:11.0359 1152 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/16 08:37:11.0390 1152 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/16 08:37:11.0406 1152 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/16 08:37:11.0437 1152 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/16 08:37:11.0453 1152 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/16 08:37:11.0484 1152 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/16 08:37:11.0515 1152 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/16 08:37:11.0578 1152 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/16 08:37:11.0609 1152 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/16 08:37:11.0640 1152 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/16 08:37:11.0656 1152 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/16 08:37:11.0687 1152 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/16 08:37:11.0703 1152 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/16 08:37:11.0718 1152 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/16 08:37:11.0734 1152 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/16 08:37:11.0781 1152 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/16 08:37:11.0796 1152 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/16 08:37:11.0875 1152 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/16 08:37:11.0890 1152 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/16 08:37:11.0937 1152 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/16 08:37:11.0953 1152 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/16 08:37:11.0968 1152 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/16 08:37:12.0000 1152 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/16 08:37:12.0015 1152 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/16 08:37:12.0031 1152 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/16 08:37:12.0046 1152 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/16 08:37:12.0062 1152 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/16 08:37:12.0078 1152 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/16 08:37:12.0093 1152 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/16 08:37:12.0140 1152 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/16 08:37:12.0156 1152 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/16 08:37:12.0171 1152 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/16 08:37:12.0203 1152 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/16 08:37:12.0218 1152 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/16 08:37:12.0234 1152 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/16 08:37:12.0281 1152 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/16 08:37:12.0312 1152 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/16 08:37:12.0375 1152 RSUSBSTOR (030442f08aec1a5d7cf035cc514374b9) C:\WINDOWS\system32\Drivers\RTS5121.sys
2011/08/16 08:37:12.0406 1152 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/16 08:37:12.0437 1152 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/16 08:37:12.0468 1152 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/16 08:37:12.0515 1152 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/16 08:37:12.0546 1152 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/16 08:37:12.0593 1152 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/16 08:37:12.0625 1152 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/16 08:37:12.0671 1152 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/16 08:37:12.0765 1152 STHDA (a6bb841c40aaa1dc692484bd3912a961) C:\WINDOWS\system32\drivers\sthda.sys
2011/08/16 08:37:12.0812 1152 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/08/16 08:37:12.0828 1152 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/16 08:37:12.0843 1152 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/16 08:37:12.0875 1152 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/16 08:37:12.0890 1152 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/16 08:37:12.0921 1152 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/16 08:37:12.0921 1152 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/16 08:37:12.0953 1152 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/16 08:37:13.0000 1152 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/16 08:37:13.0031 1152 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/16 08:37:13.0046 1152 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/16 08:37:13.0093 1152 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/16 08:37:13.0109 1152 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/16 08:37:13.0156 1152 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/16 08:37:13.0171 1152 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/16 08:37:13.0203 1152 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/16 08:37:13.0250 1152 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/16 08:37:13.0296 1152 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/16 08:37:13.0328 1152 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/16 08:37:13.0390 1152 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/16 08:37:13.0437 1152 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/16 08:37:13.0484 1152 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/16 08:37:13.0500 1152 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/16 08:37:13.0531 1152 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/16 08:37:13.0562 1152 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/16 08:37:13.0593 1152 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/16 08:37:13.0625 1152 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/16 08:37:13.0687 1152 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/08/16 08:37:13.0734 1152 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/16 08:37:13.0796 1152 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/16 08:37:13.0843 1152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/16 08:37:13.0906 1152 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/16 08:37:13.0984 1152 yukonwxp (109b497d481490be0a31c390fce9bffe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/08/16 08:37:14.0046 1152 MBR (0x1B8) (7b53936afa31aa818ddee1f13c3004e3) \Device\Harddisk0\DR0
2011/08/16 08:37:14.0062 1152 Boot (0x1200) (d002460f68acce6b5ea419201e06a939) \Device\Harddisk0\DR0\Partition0
2011/08/16 08:37:14.0062 1152 ================================================================================
2011/08/16 08:37:14.0062 1152 Scan finished
2011/08/16 08:37:14.0062 1152 ================================================================================
2011/08/16 08:37:14.0078 2944 Detected object count: 0
2011/08/16 08:37:14.0078 2944 Actual detected object count: 0
2011/08/16 08:37:28.0406 3556 Deinitialize success

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:20 AM

Posted 16 August 2011 - 07:52 AM

Perform a full scan with Malwarebytes.


And can you perform the following:

SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#5 veronica20

veronica20
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 17 August 2011 - 05:21 AM

Here are the results of the three full scans

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7468

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/16/2011 10:05:59 AM
mbam-log-2011-08-16 (10-05-59).txt

Scan type: Full scan (C:\|)
Objects scanned: 294759
Time elapsed: 1 hour(s), 20 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I have removed the tracking cookies detected in this one. I know about the disabled security center options - I turned them off.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/16/2011 at 01:08 PM

Application Version : 5.0.1118

Core Rules Database Version : 7568
Trace Rules Database Version: 5380

Scan type : Complete Scan
Total Scan Time : 02:53:53

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 718
Memory threats detected : 0
Registry items scanned : 36545
Registry threats detected : 3
File items scanned : 102769
File threats detected : 145

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Adware.Tracking Cookie
C:\Documents and Settings\Kim\Cookies\kim@ad.wsod[2].txt
C:\Documents and Settings\Kim\Cookies\kim@atdmt[2].txt
C:\Documents and Settings\Kim\Cookies\kim@doubleclick[2].txt
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7R8E9JAX ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NXKQKAHS ]
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NXKQKAHS ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NXKQKAHS ]
msntest.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NXKQKAHS ]
serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NXKQKAHS ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
www.co2stats.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.web.blogads.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.web.blogads.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
web.blogads.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.socialmediarockstar.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.socialmediarockstar.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.outspokenmedia.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.outspokenmedia.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.outspokenmedia.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.countercentral.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.countercentral.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.countercentral.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.clickpass.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.clickpass.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.lookatthisbleephipster.tumblr.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.lookatthisbleephipster.tumblr.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
media.digg.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.mediamatters.org [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
click.tvprocessing.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.tracking.foxnews.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.tracking.foxnews.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.masternewmedia.org [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.masternewmedia.org [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
www.masternewmedia.org [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
www.masternewmedia.org [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
www.masternewmedia.org [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
www.masternewmedia.org [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.masternewmedia.org [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
www.masternewmedia.org [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.question-defense.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.question-defense.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
s03.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.socialmediatoday.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.socialmediatoday.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.socialmediatoday.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
checkmystats.com.au [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
checkmystats.com.au [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
clickwisdom.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.clickwisdom.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.clickwisdom.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
www7.addfreestats.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.prnewswire.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.stats.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.clickaider.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.lulu.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.tracking.percentmobile.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
data.coremetrics.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
www.w3counter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.clickbank.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.web-stat.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.web-stat.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.web-stat.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.advertiseyourgame.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.advertiseyourgame.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.thesocialmediaguide.com.au [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.thesocialmediaguide.com.au [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
www.w3counter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.ice.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
server.iad.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
server.iad.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.b5media.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.mediamatters.org [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
mediamatters.org [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.mediamatters.org [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.mediamatters.org [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
server.iad.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WKM68BWW.DEFAULT\COOKIES.SQLITE ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XWCDS4H3 ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XWCDS4H3 ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XWCDS4H3 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XWCDS4H3 ]


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-17 05:52:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: 7gb11f5p.exe; Driver: C:\DOCUME~1\Kim\LOCALS~1\Temp\pxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9A9FC202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9AA62D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0x9AA206C1]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x9ABCE534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9A9FE7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9A9FE848]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x9ABC8782]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9A9FE95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0x9AA20075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9A9FE746]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x9ABCECC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9A9FE898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9A9FE79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9A9FE90C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x9ABCEDF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9A9FC226]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x9ABC9398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0x9AA20D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0x9AA2103D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x9A9FEBE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x9AA20BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x9AA20A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9AA62E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9A9FBFF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x9ABE993C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x9ABE9B44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9A9FC24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9A9FED56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9A9FCCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9A9FE820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9A9FE870]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x9ABC8FAA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9A9FE988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0x9AA203D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9A9FE772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x9A9FEA1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9A9FE8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9A9FE7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9A9FEAFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9A9FE936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9AA62ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0x9AA208D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9A9FCBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0x9AA2072A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0x9AA6B10E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x9ABEA208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x9ABCE0F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0x9AA1F6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9A9FC26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9A9FC292]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x9ABC975C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x9ABEAE12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9A9FC04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9A9FC186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0x9AA20E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9A9FC162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9A9FC1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9A9FC2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C70 8050450C 16 Bytes [F0, E7, 9F, 9A, 48, E8, 9F, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 8 Bytes [98, E8, 9F, 9A, 9A, E7, 9F, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CBC 80504558 4 Bytes [0C, E9, 9F, 9A]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CD8 80504574 12 Bytes [26, C2, 9F, 9A, 98, 93, BC, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [F0, BF, 9F, 9A, 3C, 99, BE, ...]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL 9A9FD335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP 9AA73D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP 9AA757F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF8098FD 5 Bytes JMP 9A9FFCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138F1 5 Bytes JMP 9A9FFBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E772 5 Bytes JMP 9A9FEE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 11A6 BF82D683 5 Bytes JMP 9A9FEF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLockSurface + C09 BF82E801 5 Bytes JMP 9A9FFE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 654A BF83DA73 5 Bytes JMP 9AA00014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + BEFF BF843428 5 Bytes JMP 9A9FFB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + DBA1 BF8450CA 5 Bytes JMP 9A9FEFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 5807 BF87260C 5 Bytes JMP 9A9FF180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 5892 BF872697 5 Bytes JMP 9A9FF326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 646A BF87326F 5 Bytes JMP 9A9FEE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + B836 BF87863B 5 Bytes JMP 9A9FFBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 67E7 BF87F85E 5 Bytes JMP 9A9FFD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF89969B 5 Bytes JMP 9A9FF2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 2862 BF8BA062 5 Bytes JMP 9A9FFF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 1A3D BF8C2084 5 Bytes JMP 9A9FF03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA4E6 5 Bytes JMP 9A9FF0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA766 5 Bytes JMP 9A9FF0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC1B7 5 Bytes JMP 9A9FED8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A0A BF9134E3 5 Bytes JMP 9A9FEEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25DE BF9140B7 5 Bytes JMP 9A9FF008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F3D BF916A16 5 Bytes JMP 9A9FF440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1957 BF9465F2 5 Bytes JMP 9A9FFECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0x9A4CF300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xA1017300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\bcmwltry.exe[172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\System32\bcmwltry.exe[172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\bcmwltry.exe[172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\System32\bcmwltry.exe[172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\bcmwltry.exe[172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\System32\bcmwltry.exe[172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\System32\bcmwltry.exe[172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\System32\bcmwltry.exe[172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\System32\bcmwltry.exe[172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\System32\bcmwltry.exe[172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\System32\bcmwltry.exe[172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\System32\bcmwltry.exe[172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\System32\bcmwltry.exe[172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\System32\bcmwltry.exe[172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\System32\bcmwltry.exe[172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\WINDOWS\System32\bcmwltry.exe[172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\System32\bcmwltry.exe[172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[444] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DellTPad\HidFind.exe[516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\DellTPad\HidFind.exe[516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DellTPad\HidFind.exe[516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\DellTPad\HidFind.exe[516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DellTPad\HidFind.exe[516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\DellTPad\HidFind.exe[516] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\DellTPad\HidFind.exe[516] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\DellTPad\HidFind.exe[516] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\DellTPad\HidFind.exe[516] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\DellTPad\HidFind.exe[516] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\DellTPad\HidFind.exe[516] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\DellTPad\HidFind.exe[516] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\DellTPad\HidFind.exe[516] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\DellTPad\HidFind.exe[516] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\DellTPad\HidFind.exe[516] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\DellTPad\HidFind.exe[516] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\DellTPad\HidFind.exe[516] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\hkcmd.exe[524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\hkcmd.exe[524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\hkcmd.exe[524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[524] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\hkcmd.exe[524] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\hkcmd.exe[524] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\hkcmd.exe[524] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\hkcmd.exe[524] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\hkcmd.exe[524] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\WINDOWS\system32\hkcmd.exe[524] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\WINDOWS\system32\hkcmd.exe[524] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\WINDOWS\system32\hkcmd.exe[524] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\WINDOWS\system32\hkcmd.exe[524] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\WINDOWS\system32\hkcmd.exe[524] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\WINDOWS\system32\hkcmd.exe[524] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\hkcmd.exe[524] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\WINDOWS\system32\igfxpers.exe[656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\igfxpers.exe[656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\igfxpers.exe[656] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[656] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\igfxpers.exe[656] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\igfxpers.exe[656] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\igfxpers.exe[656] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\igfxpers.exe[656] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\igfxpers.exe[656] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\system32\igfxpers.exe[656] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\igfxpers.exe[656] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\igfxpers.exe[656] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\system32\igfxpers.exe[656] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\system32\igfxpers.exe[656] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\igfxpers.exe[656] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\igfxpers.exe[656] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\System32\smss.exe[668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\WLTRAY.exe[692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\WLTRAY.exe[692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\WLTRAY.exe[692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\WLTRAY.exe[692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\WLTRAY.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\WINDOWS\system32\WLTRAY.exe[692] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\WINDOWS\system32\WLTRAY.exe[692] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\WINDOWS\system32\WLTRAY.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\WINDOWS\system32\WLTRAY.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\WINDOWS\system32\WLTRAY.exe[692] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\WINDOWS\system32\WLTRAY.exe[692] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\WLTRAY.exe[692] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\WINDOWS\system32\WLTRAY.exe[692] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\WINDOWS\system32\WLTRAY.exe[692] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\WINDOWS\system32\WLTRAY.exe[692] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\WINDOWS\system32\WLTRAY.exe[692] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\WINDOWS\system32\WLTRAY.exe[692] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[824] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[824] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[824] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[824] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[824] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[824] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[824] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[824] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[824] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[824] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[824] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[824] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[824] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1452] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\igfxsrvc.exe[1608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\spoolsv.exe[1684] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1684] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1684] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1684] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1684] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1684] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1684] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1684] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1740] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1740] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1740] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1740] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1740] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1740] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1740] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1740] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1740] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1740] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1740] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1740] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1740] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Documents and Settings\Kim\Desktop\7gb11f5p.exe[1924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Kim\Desktop\7gb11f5p.exe[1924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\drivers\audio\r203425\STacSV.exe[1932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text c:\drivers\audio\r203425\STacSV.exe[1932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\drivers\audio\r203425\STacSV.exe[1932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text c:\drivers\audio\r203425\STacSV.exe[1932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\drivers\audio\r203425\STacSV.exe[1932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text c:\drivers\audio\r203425\STacSV.exe[1932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text c:\drivers\audio\r203425\STacSV.exe[1932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text c:\drivers\audio\r203425\STacSV.exe[1932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text c:\drivers\audio\r203425\STacSV.exe[1932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text c:\drivers\audio\r203425\STacSV.exe[1932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text c:\drivers\audio\r203425\STacSV.exe[1932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text c:\drivers\audio\r203425\STacSV.exe[1932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text c:\drivers\audio\r203425\STacSV.exe[1932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text c:\drivers\audio\r203425\STacSV.exe[1932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text c:\drivers\audio\r203425\STacSV.exe[1932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text c:\drivers\audio\r203425\STacSV.exe[1932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text c:\drivers\audio\r203425\STacSV.exe[1932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\WLTRYSVC.EXE[2044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2248] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2272] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\ctfmon.exe[2440] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[2440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2440] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[2440] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2440] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[2440] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[2440] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[2440] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[2440] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[2440] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[2440] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[2440] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[2440] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[2440] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[2440] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[2440] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[2440] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2532] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[2552] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2552] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2552] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2552] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2552] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2552] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2552] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2552] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2552] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2552] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2552] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2552] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wdfmgr.exe[2596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\wdfmgr.exe[2596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[2596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\wdfmgr.exe[2596] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wdfmgr.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wdfmgr.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wdfmgr.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wdfmgr.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wdfmgr.exe[2596] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wdfmgr.exe[2596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wdfmgr.exe[2596] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wdfmgr.exe[2596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wdfmgr.exe[2596] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wdfmgr.exe[2596] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wdfmgr.exe[2596] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wdfmgr.exe[2596] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2624] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\svchost.exe[2760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\SearchIndexer.exe[2820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[2980] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3360] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3656] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\DellTPad\Apoint.exe[3676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\DellTPad\Apoint.exe[3676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DellTPad\Apoint.exe[3676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\DellTPad\Apoint.exe[3676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DellTPad\Apoint.exe[3676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\DellTPad\Apoint.exe[3676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\DellTPad\Apoint.exe[3676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\DellTPad\Apoint.exe[3676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\DellTPad\Apoint.exe[3676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\DellTPad\Apoint.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\DellTPad\Apoint.exe[3676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\DellTPad\Apoint.exe[3676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\DellTPad\Apoint.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\DellTPad\Apoint.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\DellTPad\Apoint.exe[3676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\DellTPad\Apoint.exe[3676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\DellTPad\Apoint.exe[3676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3836] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\IDT\WDM\sttray.exe[3884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\IDT\WDM\sttray.exe[3884] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IDT\WDM\sttray.exe[3884] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\IDT\WDM\sttray.exe[3884] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IDT\WDM\sttray.exe[3884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\IDT\WDM\sttray.exe[3884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\IDT\WDM\sttray.exe[3884] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\IDT\WDM\sttray.exe[3884] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\IDT\WDM\sttray.exe[3884] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\IDT\WDM\sttray.exe[3884] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\IDT\WDM\sttray.exe[3884] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\IDT\WDM\sttray.exe[3884] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\IDT\WDM\sttray.exe[3884] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\IDT\WDM\sttray.exe[3884] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\IDT\WDM\sttray.exe[3884] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\IDT\WDM\sttray.exe[3884] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\IDT\WDM\sttray.exe[3884] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\DellTPad\Apntex.exe[3916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\DellTPad\Apntex.exe[3916] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DellTPad\Apntex.exe[3916] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\DellTPad\Apntex.exe[3916] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DellTPad\Apntex.exe[3916] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\DellTPad\Apntex.exe[3916] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\DellTPad\Apntex.exe[3916] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\DellTPad\Apntex.exe[3916] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\DellTPad\Apntex.exe[3916] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\DellTPad\Apntex.exe[3916] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\DellTPad\Apntex.exe[3916] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\DellTPad\Apntex.exe[3916] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\DellTPad\Apntex.exe[3916] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\DellTPad\Apntex.exe[3916] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\DellTPad\Apntex.exe[3916] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\DellTPad\Apntex.exe[3916] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\DellTPad\Apntex.exe[3916] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\AESTFltr.exe[3948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\AESTFltr.exe[3948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\AESTFltr.exe[3948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\AESTFltr.exe[3948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\AESTFltr.exe[3948] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\AESTFltr.exe[3948] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\AESTFltr.exe[3948] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\AESTFltr.exe[3948] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\AESTFltr.exe[3948] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\AESTFltr.exe[3948] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\AESTFltr.exe[3948] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\AESTFltr.exe[3948] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\AESTFltr.exe[3948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\AESTFltr.exe[3948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\AESTFltr.exe[3948] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\AESTFltr.exe[3948] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\AESTFltr.exe[3948] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [9ABD3672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [9ABD34C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [9ABD3CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [9ABD1C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [9ABD1C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [9ABD3672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [9ABD34C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [9ABD3CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [9ABD3672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [9ABD1C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [9ABD3CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [9ABD34C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [9ABD3CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [9ABD34C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [9ABD3672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [9ABD1C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [9ABD3672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [9ABD34C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [9ABD3CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\atmarpc.sys[NDIS.SYS!NdisRegisterProtocol] [9ABD3672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\atmarpc.sys[NDIS.SYS!NdisDeregisterProtocol] [9ABD1C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\atmarpc.sys[NDIS.SYS!NdisOpenAdapter] [9ABD34C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\atmarpc.sys[NDIS.SYS!NdisCloseAdapter] [9ABD3CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [9ABD3672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [9ABD1C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [9ABD3CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [9ABD34C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[812] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[812] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat 999A0D20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:20 AM

Posted 17 August 2011 - 07:13 AM

Your logs look clean, and what is your website you can PM me if needed. It maybe a false positive from an AV that you use.

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:20 AM

Posted 17 August 2011 - 07:37 AM

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

No installation required.

Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.

Go File>Save, and save it as AutoRuns.txt file to know location.

You must select Text from drop-down menu as a file type:

Posted Image

Attach the file to your next reply.

Compliments of Broni




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users