Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying to install game and PMB.exe - Bad Image pops up


  • This topic is locked This topic is locked
21 replies to this topic

#1 TallandLean16

TallandLean16

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:10:48 AM

Posted 26 August 2011 - 11:37 PM

While I'm trying to install the game League of Legends, a pop up box appears and says "The application or DLL C:\Program Files\Pando Networks\Media Booster\nspr4.dll is not a valid Windows image. Please check this against your intallation diskette." I'm sorry if this takes forever. Here are the logs:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Ian at 15:56:08 on 2011-08-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.784 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Zecter\ZumoCast\ZumoCast.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\mobile media converter toolbar\tbhelper.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\mobile media converter toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
TB: Mobile Media Converter Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\mobile media converter toolbar\tbcore3.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [ZumoCast] c:\program files\zecter\zumocast\ZumoLauncher.lnk
uRun: [wuaucldt] c:\documents and settings\ian\wuaucldt.exe
uRun: [Facebook Update] "c:\documents and settings\ian\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [hpqSRMon]
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [wuaucldt] c:\windows\system32\wuaucldt.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp psc 700 series\bin\hpobrt07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263939674042
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5638EE58-93F4-46D5-AAAC-CAB29A2C6E4A} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-14 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-16 309848]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-3-15 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-16 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-26 42184]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2006-2-9 80384]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-10-5 468768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-28 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-5-6 191752]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\admin\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2010-7-16 70144]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-28 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-26 04:26:09 -------- d-----w- c:\program files\Runtime Software
2011-08-18 19:35:53 -------- d-----w- c:\documents and settings\ian\local settings\application data\Facebook
2011-08-10 20:32:16 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 20:24:50 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-08-13 02:33:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 15:58:02.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 31 August 2011 - 11:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/416225 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:48 PM

Posted 04 September 2011 - 05:43 AM

Hello, if you still need help with this issue, please post the requested logs.

What makes you think this is a malware problem? Have you tried to reinstall Pando Media Booster?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 TallandLean16

TallandLean16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:10:48 AM

Posted 05 September 2011 - 02:57 PM

I'm sorry for not replying recently. The GMER is taking me a longer than it should because it keeps on failing to finish. But I have finished the DDS and will post all of it once I finish with the GMER.

Edited by TallandLean16, 05 September 2011 - 02:58 PM.


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:48 PM

Posted 05 September 2011 - 03:08 PM

Okay, please don't forget this. :)

What makes you think this is a malware problem? Have you tried to reinstall Pando Media Booster?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 TallandLean16

TallandLean16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:10:48 AM

Posted 05 September 2011 - 07:18 PM

Ah right, the only reason I think it is a malware problem is because there is a previous topic that was very similar to mine. http://www.bleepingcomputer.com/forums/topic182795.html And yes I have tried to re install with no success.

Edited by TallandLean16, 05 September 2011 - 07:22 PM.


#7 TallandLean16

TallandLean16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:10:48 AM

Posted 05 September 2011 - 11:50 PM

Ok, I have all the logs done and ready. The problem is that the attach.txt and ark.txt are too big to upload on to the reply. SO what do I do?

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:48 PM

Posted 06 September 2011 - 02:17 AM

Just paste them in the reply box.

The topic you referred to is 3 years old. Do you also get the "not a valid image...." error?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 TallandLean16

TallandLean16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:10:48 AM

Posted 06 September 2011 - 09:04 PM

Yes I got the not valid image error. Here is the dds.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Ian at 22:21:45 on 2011-09-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.967 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Zecter\ZumoCast\ZumoCast.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\mobile media converter toolbar\tbhelper.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\mobile media converter toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
TB: Mobile Media Converter Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\mobile media converter toolbar\tbcore3.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [ZumoCast] c:\program files\zecter\zumocast\ZumoLauncher.lnk
uRun: [wuaucldt] c:\documents and settings\ian\wuaucldt.exe
uRun: [Facebook Update] "c:\documents and settings\ian\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [hpqSRMon]
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [wuaucldt] c:\windows\system32\wuaucldt.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [StartNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp psc 700 series\bin\hpobrt07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263939674042
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5638EE58-93F4-46D5-AAAC-CAB29A2C6E4A} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-14 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-16 309848]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-3-15 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-16 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-26 42184]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2006-2-9 80384]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-10-5 468768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-28 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-5-6 191752]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\admin\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2010-7-16 70144]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-28 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-02 00:41:40 -------- d-----w- c:\program files\iPod
2011-09-02 00:41:33 -------- d-----w- c:\program files\iTunes
2011-09-01 23:58:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-09-01 23:58:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-09-01 23:58:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-09-01 23:58:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-09-01 23:58:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-09-01 23:58:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-09-01 23:58:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-08-31 03:16:32 -------- d-----w- c:\program files\StartNow Toolbar
2011-08-26 04:26:09 -------- d-----w- c:\program files\Runtime Software
2011-08-18 19:35:53 -------- d-----w- c:\documents and settings\ian\local settings\application data\Facebook
2011-08-10 20:32:16 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 20:24:50 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-08-13 02:33:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 22:23:24.39 ===============

#10 TallandLean16

TallandLean16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:10:48 AM

Posted 06 September 2011 - 09:06 PM

Here is the attach.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/16/2010 2:55:30 AM
System Uptime: 9/2/2011 4:26:33 PM (6 hours ago)
.
Motherboard: ASUSTek Computer INC. | | EMERY
Processor: Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 3.317 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 932 GiB total, 502.232 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:
.
==== System Restore Points ===================
.
RP464: 6/5/2011 12:12:00 PM - System Checkpoint
RP465: 6/6/2011 4:56:23 PM - System Checkpoint
RP466: 6/7/2011 5:01:06 PM - Installed Microsoft Office Professional Plus 2010
RP467: 6/7/2011 5:12:12 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
RP468: 6/8/2011 6:34:54 PM - System Checkpoint
RP469: 6/8/2011 9:42:35 PM - Software Distribution Service 3.0
RP470: 6/9/2011 9:53:36 PM - System Checkpoint
RP471: 6/11/2011 12:25:42 PM - System Checkpoint
RP472: 6/12/2011 12:40:05 PM - System Checkpoint
RP473: 6/13/2011 4:52:20 PM - System Checkpoint
RP474: 6/14/2011 5:29:53 PM - System Checkpoint
RP475: 6/15/2011 3:00:27 AM - Software Distribution Service 3.0
RP476: 6/16/2011 11:55:45 AM - System Checkpoint
RP477: 6/17/2011 2:11:37 PM - System Checkpoint
RP478: 6/17/2011 6:50:24 PM - Configured Microsoft Office Professional Plus 2010
RP479: 6/19/2011 2:01:01 PM - System Checkpoint
RP480: 6/19/2011 6:43:15 PM - Configured Microsoft Office Professional Plus 2010
RP481: 6/20/2011 11:30:46 PM - System Checkpoint
RP482: 6/22/2011 12:42:58 PM - System Checkpoint
RP483: 6/23/2011 1:15:38 PM - System Checkpoint
RP484: 6/24/2011 1:59:30 PM - System Checkpoint
RP485: 6/25/2011 5:10:38 PM - System Checkpoint
RP486: 6/26/2011 7:07:32 PM - System Checkpoint
RP487: 6/27/2011 9:53:10 PM - System Checkpoint
RP488: 6/28/2011 12:30:58 PM - Installed Bing Bar
RP489: 6/29/2011 3:00:18 AM - Software Distribution Service 3.0
RP490: 6/30/2011 6:31:37 PM - System Checkpoint
RP491: 7/4/2011 9:10:41 AM - System Checkpoint
RP492: 7/5/2011 5:14:59 PM - System Checkpoint
RP493: 7/6/2011 5:49:28 PM - System Checkpoint
RP494: 7/7/2011 6:09:15 PM - System Checkpoint
RP495: 7/8/2011 6:40:23 PM - System Checkpoint
RP496: 7/9/2011 7:33:30 PM - System Checkpoint
RP497: 7/10/2011 8:46:59 PM - System Checkpoint
RP498: 7/11/2011 8:47:24 PM - System Checkpoint
RP499: 7/12/2011 9:22:08 PM - System Checkpoint
RP500: 7/13/2011 12:17:50 AM - Software Distribution Service 3.0
RP501: 7/14/2011 5:24:54 PM - System Checkpoint
RP502: 7/16/2011 12:44:15 AM - System Checkpoint
RP503: 7/17/2011 3:00:18 AM - Software Distribution Service 3.0
RP504: 7/17/2011 10:28:32 AM - Software Distribution Service 3.0
RP505: 7/18/2011 2:07:16 PM - System Checkpoint
RP506: 7/19/2011 3:14:47 PM - System Checkpoint
RP507: 7/20/2011 4:55:34 PM - System Checkpoint
RP508: 7/20/2011 10:51:03 PM - Configured Microsoft Office Professional Plus 2010
RP509: 7/20/2011 10:52:45 PM - Configured Microsoft Office Professional Plus 2010
RP510: 7/22/2011 10:00:11 AM - System Checkpoint
RP511: 7/23/2011 10:46:00 AM - System Checkpoint
RP512: 7/24/2011 11:42:41 AM - System Checkpoint
RP513: 7/24/2011 3:18:59 PM - Configured Microsoft Office Professional Plus 2010
RP514: 7/25/2011 6:08:59 PM - System Checkpoint
RP515: 7/26/2011 8:31:41 PM - System Checkpoint
RP516: 7/27/2011 8:54:56 PM - System Checkpoint
RP517: 7/29/2011 9:58:45 AM - System Checkpoint
RP518: 7/30/2011 4:56:00 PM - System Checkpoint
RP519: 7/31/2011 5:50:15 PM - System Checkpoint
RP520: 8/1/2011 5:55:30 PM - System Checkpoint
RP521: 8/2/2011 6:27:44 PM - System Checkpoint
RP522: 8/3/2011 9:07:27 PM - System Checkpoint
RP523: 8/4/2011 10:33:39 PM - System Checkpoint
RP524: 8/5/2011 11:08:55 PM - System Checkpoint
RP525: 8/7/2011 9:15:21 AM - System Checkpoint
RP526: 8/8/2011 11:27:09 AM - System Checkpoint
RP527: 8/9/2011 12:18:58 PM - System Checkpoint
RP528: 8/10/2011 1:45:39 PM - System Checkpoint
RP529: 8/11/2011 3:00:25 AM - Software Distribution Service 3.0
RP530: 8/12/2011 3:54:40 AM - System Checkpoint
RP531: 8/13/2011 11:25:40 AM - System Checkpoint
RP532: 8/14/2011 9:32:48 AM - Configured Microsoft Office Professional Plus 2010
RP533: 8/15/2011 10:01:17 AM - System Checkpoint
RP534: 8/16/2011 11:17:04 AM - System Checkpoint
RP535: 8/17/2011 3:58:28 PM - System Checkpoint
RP536: 8/18/2011 5:04:46 PM - System Checkpoint
RP537: 8/19/2011 7:19:46 PM - System Checkpoint
RP538: 8/20/2011 8:34:12 PM - System Checkpoint
RP539: 8/21/2011 11:06:53 PM - System Checkpoint
RP540: 8/23/2011 7:52:11 AM - System Checkpoint
RP541: 8/24/2011 3:00:29 AM - Software Distribution Service 3.0
RP542: 8/25/2011 3:51:52 AM - System Checkpoint
RP543: 8/26/2011 4:19:22 AM - System Checkpoint
RP544: 8/27/2011 2:27:08 PM - System Checkpoint
RP545: 8/28/2011 2:34:06 PM - System Checkpoint
RP546: 8/29/2011 2:37:27 PM - System Checkpoint
RP547: 8/30/2011 2:42:48 PM - System Checkpoint
RP548: 8/31/2011 3:31:53 PM - System Checkpoint
RP549: 9/1/2011 5:47:45 PM - System Checkpoint
RP550: 9/2/2011 9:03:21 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.5
Agere Systems PCI-SV92PP Soft Modem
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 5
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
avast! Free Antivirus
Avery DesignPro
Bing Bar
Bonjour
BufferChm
Compatibility Pack for the 2007 Office system
Conduit Engine
Copy
CustomerResearchQFolder
Definition update for Microsoft Office 2010 (KB982726)
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
DriveImage XML (Private Edition)
eSupportQFolder
F4200
F4200_Help
Facebook Video Calling 1.0.0.7930
File Uploader
FlipShare
Freecorder 4.0 Application
Freecorder Toolbar
Gimp 2.6.2 Debug
Google Chrome
Google Update Helper
GPBaseService
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Product Detection
hp psc 700 series
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
IncrediMail
IncrediMail 2.0
Intel® PRO Network Connections Drivers
iTunes
Java Auto Updater
Java™ 6 Update 25
LightScribe System Software 1.14.17.1
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2000 Premium
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows XP Video Decoder Checkup Utility
MIKSOFT Mobile Media Converter
Mobile Media Converter Toolbar
MobileMe Control Panel
Mpeg2Decoder 1.3
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicnotes Software Suite 1.4.6
Nero 7 Essentials
neroxml
Nikon Message Center
Nikon Transfer
NVIDIA Drivers
Picture Control Utility
PowerDVD
PSPad editor
PSSWCORE
QuickTime
Realtek High Definition Audio Driver
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sony DVD Architect Studio 3.0a
Sony Vegas Movie Studio 6.0a
StartNow Toolbar
Status
Toolbox
TrayApp
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
ViewNX
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Detect
Yahoo! Toolbar
ZumoCast
.
==== Event Viewer Messages From Past Week ========
.
8/31/2011 4:42:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the FlipShare Server service to connect.
8/30/2011 9:34:24 PM, error: System Error [1003] - Error code 100000ea, parameter1 89293da8, parameter2 88ef6008, parameter3 ba4e7cbc, parameter4 00000001.
8/30/2011 7:08:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the FlipShare Service service to connect.
8/30/2011 7:08:57 AM, error: Service Control Manager [7000] - The FlipShare Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/28/2011 9:01:21 AM, error: ati2mtag [108] - The driver ati2dvag for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.
8/28/2011 10:36:25 AM, error: System Error [1003] - Error code 000000ea, parameter1 8914f300, parameter2 88a687d8, parameter3 892474e0, parameter4 00000001.
8/28/2011 10:33:04 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
8/26/2011 8:46:08 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
8/26/2011 4:50:13 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
.
==== End Of File ===========================

#11 TallandLean16

TallandLean16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:10:48 AM

Posted 06 September 2011 - 09:35 PM

The ark was too big to post in one reply. Here's one half.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-05 23:49:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-19 WDC_WD3200JS-60PDB0 rev.21.00M21
Running: gmer.exe; Driver: C:\DOCUME~1\Ian\LOCALS~1\Temp\afdyypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA47DF202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA486DD8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA48036C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA47E17F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA47E1848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA47E195E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA4803075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA47E1746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA47E1898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA47E179A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA47E190C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA47DF226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA4803D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA480403D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA47E1BE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA4803BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA4803A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA486DE3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA47DEFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA47DF24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA47E1D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA47DFCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA47E1820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA47E1870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA47E1988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA48033D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA47E1772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA47E1A1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA47E18D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA47E17C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA47E1AFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA47E1936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA486DED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA48038D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA47DFBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA480372A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA487610E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA48026E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA47DF26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA47DF292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA47DF04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA47DF186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA4803E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA47DF162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA47DF1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA47DF2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA4883398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [E8, 26, 80, A4]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL A47E0335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A487ED4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A48807F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP A488339C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP A47E2CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP A47E2BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP A47E1F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP A47E2E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP A47E3014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP A47E2B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP A47E1E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP A47E2180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP A47E2326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP A47E1E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP A47E2BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP A47E22FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP A47E2D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP A47E2F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP A47E1FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP A47E203E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP A47E20AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP A47E20E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP A47E1D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP A47E1EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP A47E2008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP A47E2440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP A47E2ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[140] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[140] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[140] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[140] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[140] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[140] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[140] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[140] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[140] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[140] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[140] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[140] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\spoolsv.exe[572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe[656] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\ehome\ehtray.exe[676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\ehome\ehtray.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\ehome\ehtray.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\ehome\ehtray.exe[676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\ehome\ehtray.exe[676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\ehome\ehtray.exe[676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\ehome\ehtray.exe[676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ehome\ehtray.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\ehome\ehtray.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\ehome\ehtray.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\ehome\ehtray.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\ehome\ehtray.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\ehome\ehtray.exe[676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\ehome\ehtray.exe[676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\ehome\ehtray.exe[676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\smss.exe[772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00581014
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00580804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00580A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00580C0C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00580E10
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005801F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005803FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00580600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00590804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00590A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00590600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005901F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[800] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005903FC
.text C:\WINDOWS\system32\csrss.exe[832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Freecorder\FLVSrvc.exe[884] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\services.exe[908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[920] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[920] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[920] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[920] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[920] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Documents and Settings\Ian\Desktop\gmer (1)\gmer.exe[1088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Ian\Desktop\gmer (1)\gmer.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009C0804
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 009C0A08
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009C0600
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009C01F8
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009C03FC
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009D1014
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009D0804
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009D0A08
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009D0C0C
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009D0E10
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009D01F8
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009D03FC
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1328] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009D0600
.text C:\WINDOWS\System32\svchost.exe[1348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1416] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1448] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1448] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1448] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1448] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1448] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[1488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehSched.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[1488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehSched.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[1488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehSched.exe[1488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehSched.exe[1488] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehSched.exe[1488] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehSched.exe[1488] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[1488] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehSched.exe[1488] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehSched.exe[1488] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehSched.exe[1488] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehSched.exe[1488] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehSched.exe[1488] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehSched.exe[1488] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehSched.exe[1488] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01531014
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01530804
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01530A08
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01530C0C
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01530E10
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 015301F8
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 015303FC
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01530600
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01540804
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01540A08
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01540600
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 015401F8
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1568] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 015403FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600

#12 TallandLean16

TallandLean16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:10:48 AM

Posted 06 September 2011 - 09:36 PM

Here is the other half of the ark. Thank you for your patience.

.text C:\WINDOWS\eHome\ehRec.exe[1576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehRec.exe[1576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehRec.exe[1576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehRec.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRec.exe[1576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehRec.exe[1576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehRec.exe[1576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehRec.exe[1576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehRec.exe[1576] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRec.exe[1576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehRec.exe[1576] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehRec.exe[1576] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehRec.exe[1576] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehRec.exe[1576] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehRec.exe[1576] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehRec.exe[1576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehRec.exe[1576] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1724] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1820] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1868] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1872] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe[2000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006A1014
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006A0804
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006A0A08
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006A0C0C
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006A0E10
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006A01F8
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006A03FC
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006A0600
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006B0804
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006B0A08
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006B0600
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006B01F8
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[2028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006B03FC
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002501F8
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002503FC
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] ADVAPI32.DLL!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00501014
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] ADVAPI32.DLL!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00500804
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] ADVAPI32.DLL!ChangeServiceConfigW 77E37001 5 Bytes JMP 00500A08
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] ADVAPI32.DLL!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00500C0C
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] ADVAPI32.DLL!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00500E10
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] ADVAPI32.DLL!CreateServiceA 77E37211 5 Bytes JMP 005001F8
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] ADVAPI32.DLL!CreateServiceW 77E373A9 5 Bytes JMP 005003FC
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] ADVAPI32.DLL!DeleteService 77E374B1 5 Bytes JMP 00500600
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00510804
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00510A08
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00510600
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005101F8
.text C:\Program Files\Zecter\ZumoCast\ZumoCast.exe[2072] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005103FC
.text C:\WINDOWS\eHome\ehmsas.exe[2156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\eHome\ehmsas.exe[2156] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[2156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\eHome\ehmsas.exe[2156] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[2156] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehmsas.exe[2156] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehmsas.exe[2156] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehmsas.exe[2156] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehmsas.exe[2156] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2156] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehmsas.exe[2156] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehmsas.exe[2156] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehmsas.exe[2156] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehmsas.exe[2156] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehmsas.exe[2156] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehmsas.exe[2156] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2156] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2164] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\hpoipm07.exe[2352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\hpoipm07.exe[2352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\hpoipm07.exe[2352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\hpoipm07.exe[2352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\hpoipm07.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\hpoipm07.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\hpoipm07.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\hpoipm07.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\hpoipm07.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\hpoipm07.exe[2352] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\hpoipm07.exe[2352] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\hpoipm07.exe[2352] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\hpoipm07.exe[2352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\hpoipm07.exe[2352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\hpoipm07.exe[2352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\hpoipm07.exe[2352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\hpoipm07.exe[2352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\RTHDCPL.EXE[2588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\RTHDCPL.EXE[2588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\RTHDCPL.EXE[2588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\RTHDCPL.EXE[2588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\RTHDCPL.EXE[2588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\RTHDCPL.EXE[2588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\RTHDCPL.EXE[2588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\RTHDCPL.EXE[2588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\RTHDCPL.EXE[2588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\RTHDCPL.EXE[2588] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\RTHDCPL.EXE[2588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\RTHDCPL.EXE[2588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\RTHDCPL.EXE[2588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\RTHDCPL.EXE[2588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\RTHDCPL.EXE[2588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[2672] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[2672] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[2672] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[2672] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[2672] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2700] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\dllhost.exe[2748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\dllhost.exe[2748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[2748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\dllhost.exe[2748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[2748] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\dllhost.exe[2748] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\dllhost.exe[2748] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\dllhost.exe[2748] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\dllhost.exe[2748] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\dllhost.exe[2748] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\dllhost.exe[2748] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\dllhost.exe[2748] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\dllhost.exe[2748] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\dllhost.exe[2748] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\dllhost.exe[2748] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\dllhost.exe[2748] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\dllhost.exe[2748] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[2756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[2756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[2756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[2756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[2756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[2756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2792] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\svchost.exe[2824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2824] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2824] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2824] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[2824] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[2824] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[2824] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[2824] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[2824] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[2824] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[2824] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[2824] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[2824] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[2824] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[2824] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[2824] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\iPod\bin\iPodService.exe[2908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\iPod\bin\iPodService.exe[2908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\iPod\bin\iPodService.exe[2908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\iPod\bin\iPodService.exe[2908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\iPod\bin\iPodService.exe[2908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\iPod\bin\iPodService.exe[2908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\iPod\bin\iPodService.exe[2908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\iPod\bin\iPodService.exe[2908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\iPod\bin\iPodService.exe[2908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\iPod\bin\iPodService.exe[2908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\iPod\bin\iPodService.exe[2908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\iPod\bin\iPodService.exe[2908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\iPod\bin\iPodService.exe[2908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\iPod\bin\iPodService.exe[2908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\iPod\bin\iPodService.exe[2908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2936] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[3000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[3000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[3000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[3000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[3000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[3000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[3000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[3000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[3000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[3000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[3000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[3000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[3000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[3000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wdfmgr.exe[3024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\wdfmgr.exe[3024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[3024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\wdfmgr.exe[3024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[3024] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wdfmgr.exe[3024] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wdfmgr.exe[3024] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wdfmgr.exe[3024] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wdfmgr.exe[3024] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wdfmgr.exe[3024] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wdfmgr.exe[3024] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wdfmgr.exe[3024] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wdfmgr.exe[3024] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wdfmgr.exe[3024] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wdfmgr.exe[3024] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wdfmgr.exe[3024] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wdfmgr.exe[3024] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3148] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006C1014
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006C0804
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006C0A08
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006C0C0C
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006C0E10
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006C01F8
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006C03FC
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006C0600
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006D0804
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006D0A08
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006D0600
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006D01F8
.text C:\Program Files\IncrediMail\bin\IncMail.exe[3168] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006D03FC
.text C:\WINDOWS\System32\alg.exe[3372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3372] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3372] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3372] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3372] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3372] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[3372] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[3372] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[3372] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[3372] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[3372] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3372] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3372] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3444] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\wscntfy.exe[3460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3496] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[3764] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3928] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe[3980] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[4028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\Program Files\Messenger\msmsgs.exe[4028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[4028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\Program Files\Messenger\msmsgs.exe[4028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[4028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\Program Files\Messenger\msmsgs.exe[4028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\Program Files\Messenger\msmsgs.exe[4028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\Program Files\Messenger\msmsgs.exe[4028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\Program Files\Messenger\msmsgs.exe[4028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\Program Files\Messenger\msmsgs.exe[4028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\Program Files\Messenger\msmsgs.exe[4028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\Program Files\Messenger\msmsgs.exe[4028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\Messenger\msmsgs.exe[4028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\Program Files\Messenger\msmsgs.exe[4028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\Program Files\Messenger\msmsgs.exe[4028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\Program Files\Messenger\msmsgs.exe[4028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\Program Files\Messenger\msmsgs.exe[4028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[4032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[4064] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Admin\Cookies\X4CUME94.txt 207 bytes
File C:\Documents and Settings\Admin\Cookies\4A9ZQRKZ.txt 198 bytes
File C:\Documents and Settings\Admin\Cookies\XWHGP4QW.txt 200 bytes
File C:\Documents and Settings\Admin\Cookies\U1MBHQ5E.txt 430 bytes
File C:\Documents and Settings\Admin\Cookies\EU8L506N.txt 678 bytes

---- EOF - GMER 1.0.15 ----

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:48 PM

Posted 07 September 2011 - 05:23 AM

Hello again, did you get the error only with the game or also with other files/applications?

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7.
  • Look for "JDK 7 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 TallandLean16

TallandLean16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:10:48 AM

Posted 10 September 2011 - 02:23 AM

I've only gotten the error when trying to install the game. Also, when trying to download the new Java software an error came up saying "C:\Documents and Settings\Ian\Desktop\jdk-7-windows-i586.exe is not a valid windows application. I tried to install before installing and running Malwarebytes software and afterwards with the same result. Here is the log from Malwarebytes:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7687

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/10/2011 2:12:13 AM
mbam-log-2011-09-10 (02-12-13).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 446898
Time elapsed: 2 hour(s), 19 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:48 PM

Posted 10 September 2011 - 03:25 AM

Hi again, that may also indicate that the downloads were not complete. Can you try to download the installer on another computer and try to install it?

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users