Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS logs and the GMER log


  • This topic is locked This topic is locked
12 replies to this topic

#1 LouiseMorgan

LouiseMorgan

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 17 January 2012 - 05:21 AM

I posted this on another message board and got no help. Maybe someone on here can help me with all the questions I have. I have a Dell XPS 420 Desktop, Windows Vista Home Premium, 32-bit Operating System, Service Pack 2, 3.00 GB of Memory (RAM), Intel® Core™2 Quad Q6600 @ 2.40GHz 2.39 GHz Processor. I do not understand why I had a little over 100 GB free of 283 GB in OS (C:) about 2 weeks ago. I've deleted a very large amount of programs and files (1500 ipod songs and itunes, 5-6 computer games (like Combat Arms, Counter Strike, et cetera), Steam, 15+ movies, Adobe Photoshop 7.0, and much more) a week ago. I did a disk clean up and fragmented the hard drive. I've also emptied the recycling bin. After I did all of this, my memory has dropped about 30 GB. I now have 70.2 GB free of 283 GB in OS (C:). I DID NOT download and install anything new to my computer. I have Mozilla, Avast! Antivirus, aswMBR, Spybot Search & Destroy, RegAlyzer, RunAlyzer, Hijackthis, Adobe Reader 9, Acrobat, uTorrent, VLC Media Player, 75 pictures, 18 movies, zsnes and Fusion (10 old school games all together). I also have seasons 1-3 of Ancient Aliens, seasons 1-3 of Kung Fu, seasons 1-3 of Squidbillies, seasons 1-3 of Moral Orel, seasons 1-6 of Oz, seasons 1-5 of Weeds, seasons 3-5 of The Wire and seasons 5-7 of The Office. I did a virus and Windows Defender scan, nothing was found. I also did a Spybot Search & Destroy scan twice. The first scan found adware from Freeze.com and removed it. I restarted the computer and did one more scan, nothing was found. I deleted programs from Add or Remove Programs and then used RegAlyzer to delete the registry keys left from those programs. Today, my memory is at 60.4 GB. It seems like the memory keeps jumping up and down without any new downloads and installs. What causes that to happen? I want to increase my memory, how can I do this? Here are my 2 logs:


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:59:43 AM, on 1/9/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - libusb-Win32 - C:\Windows\system32\libusbd-nt.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 3184 bytes


Logfile of aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2012-01-06 22:31:30
-----------------------------
22:31:30.281 OS Version: Windows 6.0.6002 Service Pack 2
22:31:30.281 Number of processors: 4 586 0xF0B
22:31:30.282 ComputerName: LOUISE-PC UserName: Louise
22:31:32.330 Initialize success
22:31:32.940 AVAST engine defs: 12010601
22:43:46.174 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:43:46.176 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
22:43:46.194 Disk 0 MBR read successfully
22:43:46.196 Disk 0 MBR scan
22:43:46.198 Disk 0 Windows VISTA default MBR code
22:43:46.201 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
22:43:46.212 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640
22:43:46.222 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 289829 MB offset 31569920
22:43:46.235 Disk 0 scanning sectors +625139712
22:43:46.340 Disk 0 scanning C:\Windows\system32\drivers
22:43:54.691 Service scanning
22:43:56.034 Modules scanning
22:44:03.277 Disk 0 trace - called modules:
22:44:03.303 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastorv.sys hal.dll
22:44:03.307 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867c8170]
22:44:03.311 3 CLASSPNP.SYS[8afa18b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86597030]
22:44:04.339 AVAST engine scan C:\Windows
22:44:10.502 AVAST engine scan C:\Windows\system32
22:46:12.564 AVAST engine scan C:\Windows\system32\drivers
22:46:26.057 AVAST engine scan C:\Users\Louise
22:48:23.865 AVAST engine scan C:\ProgramData
22:49:31.222 Scan finished successfully
23:03:55.184 Disk 0 MBR has been saved successfully to "C:\Users\Louise\Documents\MBR.dat"
23:03:55.184 The log file has been saved successfully to "C:\Users\Louise\Documents\aswMBR.txt"


If there are any problems in the 2 logs, please tell me why and how to fix them.
I want my computer to be working at its best! I've had this computer for 3 years now and plan on keeping it for many more. It was a display computer at Best Buy and Geek Squad did an optimization.
Reminds me to ask one more question about my computer, why do I have to right click to run programs as administrator when I am the only user on the computer? What do I need to do to fix this problem? I've always had to do this.


MANY MANY THANKS IN ADVANCE!
-LouiseMorgan
:thumbup2:

Edited by LouiseMorgan, 17 January 2012 - 05:43 AM.


BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:33 PM

Posted 22 January 2012 - 07:05 AM

Do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:33 PM

Posted 27 January 2012 - 08:21 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:33 PM

Posted 24 February 2012 - 09:07 AM

This topic has been re-opened at the request of the person who originally posted.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:33 PM

Posted 24 February 2012 - 09:08 AM

Hi,

Please update me with the current status of your machine, then read here: http://www.bleepingcomputer.com/forums/topic34773.html

Post the required logs when ready and we will begin from there. Thanks.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#6 LouiseMorgan

LouiseMorgan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 25 February 2012 - 03:38 AM

Thanks! Read everything on the link and did everything listed on the page. I will create a new topic from the link on the page with all 3 logs.

#7 LouiseMorgan

LouiseMorgan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 25 February 2012 - 04:13 AM

Please check these. I've been experiencing a lot of memory problems and changes to my computer everytime I boot it. I had 4 different desktop folders appear in my directory, now I have 2. Desktop icons reappears and disappears when I boot. I didn't seem to have any problems with the desktop today, but yesterday was misery. My Mozilla stopped working and I've resorted to IE 9, which is not a browser I like or prefer. Is there some kind of hidden malware, trojan or virus? I just want to get this squared away, so I can reinstall Mozilla and be able to enjoy using my computer. Thanks in advance.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Louise at 3:09:25 on 2012-02-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1864 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\libusbd-nt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.last.fm/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3FA6C42E-A2BE-454E-825D-B3F785F6AEA4} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D6B9367C-BFBA-4966-99C7-6D8868CD1510} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{E4F34ABE-2F16-41F8-ABDB-FC6DED878D77} : DhcpNameServer = 192.168.1.1
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-31 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-31 337112]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-4-29 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-31 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-10-31 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-31 44768]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-27 21504]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-11-10 8913920]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-11-10 263680]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-12-30 33792]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-25 05:18:43 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c5ba3f06-e320-452e-8554-a697f559c1d8}\mpengine.dll
2012-02-15 11:42:42 680448 -c--a-w- c:\windows\system32\msvcrt.dll
2012-02-15 11:42:41 2044416 -c--a-w- c:\windows\system32\win32k.sys
2012-02-15 11:42:40 2409784 -c--a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-02 00:37:07 -------- dc----w- c:\users\louise\appdata\local\Adobe
2012-02-01 13:02:15 -------- dc----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
.
==================== Find3M ====================
.
2012-02-23 16:23:26 41184 -c--a-w- c:\windows\avastSS.scr
2012-02-23 16:12:28 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:10:34 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 06:48:17 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2012-02-23 06:39:13 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 10:10:42 237072 -c----w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 3:09:38.84 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/22/2008 11:10:25 PM
System Uptime: 2/25/2012 2:48:40 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0TP406
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 43.127 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 5.034 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Description: XPS MiniView
Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA
Manufacturer: Microsoft Co
Name: XPS MiniView
PNP Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA
Service: WUDFRd
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02151028&REV_02\3&172E68DD&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02151028&REV_02\3&172E68DD&0&FB
Service:
.
==== System Restore Points ===================
.
RP725: 2/24/2012 1:59:38 AM - Windows Update
RP727: 2/24/2012 7:17:37 AM - Removed Windows Media Player Firefox Plugin
RP728: 2/25/2012 12:18:04 AM - Windows Update
RP729: 2/25/2012 2:45:43 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Network Connections 13.0.42.0
iTunes
Java Auto Updater
Java™ 6 Update 31
Java™ 6 Update 7
LibUSB-Win32-0.1.10.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Thunderbird 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 1.1.11
Windows Media Center Gadgets for Windows SideShow
Windows SideShow Managed Runtime 1.0
.
==== Event Viewer Messages From Past Week ========
.
2/25/2012 2:49:48 AM, Error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
2/25/2012 2:49:48 AM, Error: Service Control Manager [7023] - The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.
2/24/2012 1:16:56 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Louise-PC\Louise SID (S-1-5-21-358367821-2992595346-2156595993-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/21/2012 12:06:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the libusbd service.
.
==== End Of File ===========================




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-25 04:06:00
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.12.0
Running: p4nrz43n.exe; Driver: C:\Users\Louise\AppData\Local\Temp\fwdirpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8FD69DC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x903B0904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8FD6A832]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8FD6F25C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8FD6F2A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8FD6F39A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8FD6F1CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8FD6F2EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8FD6F212]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8FD6F354]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8FD69E10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x903B09DE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8FD69AA2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8FD69E5C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8FD6CC94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8FD6AAD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8FD6F286]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8FD6F2CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8FD6F3BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8FD6F1F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8FD6F326]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8FD6F23A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8FD6F378]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x903B0B4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8FD6A9A2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8FD69EA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8FD69EF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8FD69B12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8FD69CB6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8FD69C5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8FD69D26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x903B0C0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8FD69F40]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x903B0A8A]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x903C6A72]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 828E4890 4 Bytes [C4, 9D, D6, 8F]
.text ntkrnlpa.exe!KeSetEvent + 131 828E48B4 4 Bytes [04, 09, 3B, 90]
.text ntkrnlpa.exe!KeSetEvent + 191 828E4914 4 Bytes [32, A8, D6, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1D1 828E4954 8 Bytes [5C, F2, D6, 8F, A8, F2, D6, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 828E4960 4 Bytes [9A, F3, D6, 8F]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A0F62F 5 Bytes JMP 903C396C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82A68543 5 Bytes JMP 903C542C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A71E68 4 Bytes CALL 8FD6B189 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A75ADC 4 Bytes CALL 8FD6B19F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AC9DCA 7 Bytes JMP 903C6A76 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EE0F000, 0x3BEEC5, 0xE8000020]
? C:\Users\Louise\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\csrss.exe[552] KERNEL32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[624] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 000A0600
.text C:\Windows\system32\wininit.exe[624] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 000A0804
.text C:\Windows\system32\wininit.exe[624] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 000A0A08
.text C:\Windows\system32\wininit.exe[624] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000A01F8
.text C:\Windows\system32\wininit.exe[624] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\csrss.exe[636] KERNEL32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\services.exe[668] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[668] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[668] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[668] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 001D0600
.text C:\Windows\system32\services.exe[668] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 001D0804
.text C:\Windows\system32\services.exe[668] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 001D0A08
.text C:\Windows\system32\services.exe[668] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 001D01F8
.text C:\Windows\system32\services.exe[668] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 001D03FC
.text C:\Windows\system32\lsass.exe[680] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[680] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\lsass.exe[680] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00180600
.text C:\Windows\system32\lsass.exe[680] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00180804
.text C:\Windows\system32\lsass.exe[680] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\lsass.exe[680] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\lsass.exe[680] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000A03FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 000A0600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 000A1014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 000A0804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 000A0A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 000A0C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 000A0E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[684] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[692] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00420600
.text C:\Windows\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00420804
.text C:\Windows\system32\svchost.exe[848] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00420A08
.text C:\Windows\system32\svchost.exe[848] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 004201F8
.text C:\Windows\system32\svchost.exe[848] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 004203FC
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 003B0600
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 003B0804
.text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 003B0A08
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 003B01F8
.text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 003B03FC
.text C:\Windows\System32\svchost.exe[976] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[976] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00080C0C
.text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\svchost.exe[976] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00180600
.text C:\Windows\System32\svchost.exe[976] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00180804
.text C:\Windows\System32\svchost.exe[976] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\svchost.exe[976] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[976] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\atiesrxx.exe[1004] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 001501F8
.text C:\Windows\system32\atiesrxx.exe[1004] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 001503FC
.text C:\Windows\system32\atiesrxx.exe[1004] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[1004] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00170600
.text C:\Windows\system32\atiesrxx.exe[1004] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00170804
.text C:\Windows\system32\atiesrxx.exe[1004] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\atiesrxx.exe[1004] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\atiesrxx.exe[1004] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\atiesrxx.exe[1004] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\atiesrxx.exe[1004] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\atiesrxx.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\atiesrxx.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\atiesrxx.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\atiesrxx.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\atiesrxx.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\atiesrxx.exe[1004] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\winlogon.exe[1052] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[1052] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[1052] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[1052] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000903FC
.text C:\Windows\system32\winlogon.exe[1052] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00090600
.text C:\Windows\system32\winlogon.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00091014
.text C:\Windows\system32\winlogon.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00090804
.text C:\Windows\system32\winlogon.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00090A08
.text C:\Windows\system32\winlogon.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00090C0C
.text C:\Windows\system32\winlogon.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00090E10
.text C:\Windows\system32\winlogon.exe[1052] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000901F8
.text C:\Windows\system32\winlogon.exe[1052] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 000A0600
.text C:\Windows\system32\winlogon.exe[1052] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 000A0804
.text C:\Windows\system32\winlogon.exe[1052] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 000A0A08
.text C:\Windows\system32\winlogon.exe[1052] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000A01F8
.text C:\Windows\system32\winlogon.exe[1052] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00080C0C
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00A90600
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00A90804
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00A90A08
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 00A901F8
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 00A903FC
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000C03FC
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 000C0600
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 000C1014
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 000C0804
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 000C0A08
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 000C0C0C
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 000C0E10
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000C01F8
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00CC0600
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00CC0804
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00CC0A08
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 00CC01F8
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 00CC03FC
.text C:\Windows\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1156] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00B80600
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00B80804
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00B80A08
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 00B801F8
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 00B803FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1168] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\AUDIODG.EXE[1240] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] kernel32.dll!CreateThread 75F8CB2E 5 Bytes JMP 6CE57303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!CreateDialogParamW 76B572A2 5 Bytes JMP 6CFE66A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!GetAsyncKeyState 76B5863C 5 Bytes JMP 6CE3DD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 6CE92194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!CallNextHookEx 76B58E3B 5 Bytes JMP 6CEB7BAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 6CEDEB00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!EnableWindow 76B5CD8B 5 Bytes JMP 6CE99A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!DefWindowProcA 76B5DB88 7 Bytes JMP 6CE5952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!CreateWindowExA 76B5DC2A 5 Bytes JMP 6CE63363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!CreateWindowExW 76B61305 5 Bytes JMP 6CEBFF87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!GetKeyState 76B68CB1 5 Bytes JMP 6CE3DC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!DefWindowProcW 76B703B4 7 Bytes JMP 6CEB7C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!IsDialogMessageW 76B70745 5 Bytes JMP 6CFE6E05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!CreateDialogParamA 76B717AA 5 Bytes JMP 6CFE6668 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!IsDialogMessage 76B71847 2 Bytes JMP 6CFE6DDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!IsDialogMessage + 3 76B7184A 2 Bytes [47, F6]
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!CreateDialogIndirectParamA 76B726F1 5 Bytes JMP 6CFE66D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!CreateDialogIndirectParamW 76B79A62 5 Bytes JMP 6CFE6710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!SetKeyboardState 76B80987 5 Bytes JMP 6CFE76D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!DialogBoxParamW 76B810B0 5 Bytes JMP 6CDF170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!DialogBoxIndirectParamW 76B82EF5 5 Bytes JMP 6CFE6336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!SendInput 76B82F75 5 Bytes JMP 6CFE7679 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!EndDialog 76B8326E 5 Bytes JMP 6CFE70B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!SetCursorPos 76B96FB2 5 Bytes JMP 6CFE7752 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!DialogBoxParamA 76B98152 5 Bytes JMP 6CFE62D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!DialogBoxIndirectParamA 76B9847D 5 Bytes JMP 6CFE639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!MessageBoxIndirectA 76BAD4D9 5 Bytes JMP 6CFE6258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!MessageBoxIndirectW 76BAD5D3 5 Bytes JMP 6CFE61DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!MessageBoxExA 76BAD639 5 Bytes JMP 6CFE617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!MessageBoxExW 76BAD65D 5 Bytes JMP 6CFE6117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] USER32.dll!keybd_event 76BAD972 5 Bytes JMP 6CFE7636 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] SHELL32.dll!SHRestricted + D95 760B89A8 4 Bytes [CF, 01, CC, 68]
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] SHELL32.dll!SHRestricted + D9D 760B89B0 8 Bytes [E0, 61, CB, 68, 79, F7, CB, ...] {LOOPNZ 0x63; RETF ; PUSH 0x68cbf779}
.text C:\Program Files\Internet Explorer\iexplore.exe[1260] ole32.dll!OleLoadFromStream 77121E80 5 Bytes JMP 6CFE6B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1332] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1332] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1332] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1332] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00BC0600
.text C:\Windows\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00BC0804
.text C:\Windows\system32\svchost.exe[1332] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00BC0A08
.text C:\Windows\system32\svchost.exe[1332] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 00BC01F8
.text C:\Windows\system32\svchost.exe[1332] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 00BC03FC
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1440] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00140804
.text C:\Windows\system32\svchost.exe[1440] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00140A08
.text C:\Windows\system32\svchost.exe[1440] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 001401F8
.text C:\Windows\system32\svchost.exe[1440] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 001403FC
.text C:\Windows\system32\libusbd-nt.exe[1548] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 002401F8
.text C:\Windows\system32\libusbd-nt.exe[1548] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 002403FC
.text C:\Windows\system32\libusbd-nt.exe[1548] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\libusbd-nt.exe[1548] ADVAPI32.DLL!CreateServiceW 76E69EB4 5 Bytes JMP 002603FC
.text C:\Windows\system32\libusbd-nt.exe[1548] ADVAPI32.DLL!DeleteService 76E6A07E 5 Bytes JMP 00260600
.text C:\Windows\system32\libusbd-nt.exe[1548] ADVAPI32.DLL!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00261014
.text C:\Windows\system32\libusbd-nt.exe[1548] ADVAPI32.DLL!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00260804
.text C:\Windows\system32\libusbd-nt.exe[1548] ADVAPI32.DLL!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00260A08
.text C:\Windows\system32\libusbd-nt.exe[1548] ADVAPI32.DLL!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00260C0C
.text C:\Windows\system32\libusbd-nt.exe[1548] ADVAPI32.DLL!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00260E10
.text C:\Windows\system32\libusbd-nt.exe[1548] ADVAPI32.DLL!CreateServiceA 76EA72A1 5 Bytes JMP 002601F8
.text C:\Windows\system32\libusbd-nt.exe[1548] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00380600
.text C:\Windows\system32\libusbd-nt.exe[1548] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00380804
.text C:\Windows\system32\libusbd-nt.exe[1548] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00380A08
.text C:\Windows\system32\libusbd-nt.exe[1548] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 003801F8
.text C:\Windows\system32\libusbd-nt.exe[1548] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 003803FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1600] kernel32.dll!SetUnhandledExceptionFilter 75F6A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1600] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1724] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 001501F8
.text C:\Windows\system32\atieclxx.exe[1724] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 001503FC
.text C:\Windows\system32\atieclxx.exe[1724] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1724] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00170600
.text C:\Windows\system32\atieclxx.exe[1724] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00170804
.text C:\Windows\system32\atieclxx.exe[1724] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\atieclxx.exe[1724] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\atieclxx.exe[1724] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\atieclxx.exe[1724] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\atieclxx.exe[1724] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\atieclxx.exe[1724] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\atieclxx.exe[1724] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\atieclxx.exe[1724] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\atieclxx.exe[1724] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\atieclxx.exe[1724] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\atieclxx.exe[1724] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\spoolsv.exe[1812] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1812] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1812] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1812] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1812] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1812] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1812] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1812] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1812] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1812] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1812] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1812] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00190600
.text C:\Windows\System32\spoolsv.exe[1812] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00190804
.text C:\Windows\System32\spoolsv.exe[1812] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00190A08
.text C:\Windows\System32\spoolsv.exe[1812] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 001901F8
.text C:\Windows\System32\spoolsv.exe[1812] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 001903FC
.text C:\Windows\system32\svchost.exe[1884] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1884] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 001003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00070600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00080600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00080804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00080A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2304] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2304] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2304] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[2304] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[2304] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[2304] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 001C0600
.text C:\Windows\system32\svchost.exe[2304] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 001C0804
.text C:\Windows\system32\svchost.exe[2304] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 001C0A08
.text C:\Windows\system32\svchost.exe[2304] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 001C01F8
.text C:\Windows\system32\svchost.exe[2304] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 001C03FC
.text C:\Windows\system32\svchost.exe[2328] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2328] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2328] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000C01F8
.text C:\Windows\System32\svchost.exe[2400] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2400] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2400] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2400] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[2400] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[2400] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\svchost.exe[2400] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[2400] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[2400] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00080C0C
.text C:\Windows\System32\svchost.exe[2400] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\svchost.exe[2400] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2464] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2464] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2464] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2464] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2464] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2464] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2464] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2464] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2464] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2464] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2464] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2464] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2464] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2464] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[2464] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2464] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000803FC
.text C:\Windows\ehome\ehmsas.exe[2560] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2720] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2720] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2720] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2980] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2980] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2980] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2980] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00090600
.text C:\Windows\system32\taskeng.exe[2980] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00090804
.text C:\Windows\system32\taskeng.exe[2980] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\taskeng.exe[2980] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskeng.exe[2980] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000903FC
.text C:\Users\Louise\Desktop\p4nrz43n.exe[3044] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3128] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[3128] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[3128] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3128] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[3128] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[3128] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[3128] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[3128] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[3128] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[3128] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[3128] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[3128] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[3128] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[3128] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[3128] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[3128] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[3156] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3156] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3156] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3156] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3156] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3156] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3156] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3156] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3156] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3156] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3156] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3156] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3156] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3156] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[3156] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3156] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[3216] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[3216] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[3216] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\Explorer.EXE[3216] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[3216] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[3216] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[3216] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[3216] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[3216] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[3216] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[3216] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[3216] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00090600
.text C:\Windows\Explorer.EXE[3216] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00090804
.text C:\Windows\Explorer.EXE[3216] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00090A08
.text C:\Windows\Explorer.EXE[3216] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000901F8
.text C:\Windows\Explorer.EXE[3216] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\taskeng.exe[3324] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3324] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3324] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3324] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3324] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3324] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3324] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3324] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3324] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[3324] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3324] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000803FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3452] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 001501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 001503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 001703FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00170600
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00171014
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00170804
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00170A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00170C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00170E10
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 001701F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00180600
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00180804
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00180A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 001801F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 001803FC
.text C:\Windows\ehome\ehtray.exe[3564] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000901F8
.text C:\Windows\ehome\ehtray.exe[3564] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000903FC
.text C:\Windows\ehome\ehtray.exe[3564] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[3564] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000B03FC
.text C:\Windows\ehome\ehtray.exe[3564] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 000B0600
.text C:\Windows\ehome\ehtray.exe[3564] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 000B1014
.text C:\Windows\ehome\ehtray.exe[3564] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 000B0804
.text C:\Windows\ehome\ehtray.exe[3564] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 000B0A08
.text C:\Windows\ehome\ehtray.exe[3564] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 000B0C0C
.text C:\Windows\ehome\ehtray.exe[3564] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 000B0E10
.text C:\Windows\ehome\ehtray.exe[3564] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000B01F8
.text C:\Windows\ehome\ehtray.exe[3564] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 000C0600
.text C:\Windows\ehome\ehtray.exe[3564] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 000C0804
.text C:\Windows\ehome\ehtray.exe[3564] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 000C0A08
.text C:\Windows\ehome\ehtray.exe[3564] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000C01F8
.text C:\Windows\ehome\ehtray.exe[3564] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000C03FC
.text C:\Program Files\iPod\bin\iPodService.exe[3708] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Program Files\iPod\bin\iPodService.exe[3708] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Program Files\iPod\bin\iPodService.exe[3708] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[3708] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000703FC
.text C:\Program Files\iPod\bin\iPodService.exe[3708] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00070600
.text C:\Program Files\iPod\bin\iPodService.exe[3708] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00071014
.text C:\Program Files\iPod\bin\iPodService.exe[3708] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00070804
.text C:\Program Files\iPod\bin\iPodService.exe[3708] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00070A08
.text C:\Program Files\iPod\bin\iPodService.exe[3708] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00070C0C
.text C:\Program Files\iPod\bin\iPodService.exe[3708] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00070E10
.text C:\Program Files\iPod\bin\iPodService.exe[3708] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000701F8
.text C:\Program Files\iPod\bin\iPodService.exe[3708] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00080600
.text C:\Program Files\iPod\bin\iPodService.exe[3708] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00080804
.text C:\Program Files\iPod\bin\iPodService.exe[3708] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00080A08
.text C:\Program Files\iPod\bin\iPodService.exe[3708] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000801F8
.text C:\Program Files\iPod\bin\iPodService.exe[3708] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\unsecapp.exe[3928] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[3928] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[3928] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\unsecapp.exe[3928] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\unsecapp.exe[3928] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\unsecapp.exe[3928] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\unsecapp.exe[3928] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\unsecapp.exe[3928] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3972] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00090600
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00090804
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4000] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000903FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00070804
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00070A08
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!EnableWindow 76B5CD8B 5 Bytes JMP 6CE99A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!DialogBoxParamW 76B810B0 5 Bytes JMP 6CDF170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!DialogBoxIndirectParamW 76B82EF5 5 Bytes JMP 6CFE6336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!DialogBoxParamA 76B98152 5 Bytes JMP 6CFE62D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!DialogBoxIndirectParamA 76B9847D 5 Bytes JMP 6CFE639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!MessageBoxIndirectA 76BAD4D9 5 Bytes JMP 6CFE6258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!MessageBoxIndirectW 76BAD5D3 5 Bytes JMP 6CFE61DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!MessageBoxExA 76BAD639 5 Bytes JMP 6CFE617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!MessageBoxExW 76BAD65D 5 Bytes JMP 6CFE6117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] ntdll.dll!LdrLoadDll 778A9378 5 Bytes JMP 000601F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] ntdll.dll!LdrUnloadDll 778BB680 5 Bytes JMP 000603FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] USER32.dll!SetWindowsHookExA 76B56322 5 Bytes JMP 00210600
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 00210804
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 00210A08
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] USER32.dll!SetWinEventHook 76B59F3A 5 Bytes JMP 002101F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] USER32.dll!UnhookWinEvent 76B5C06F 5 Bytes JMP 002103FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] ADVAPI32.dll!CreateServiceW 76E69EB4 5 Bytes JMP 001F03FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] ADVAPI32.dll!DeleteService 76E6A07E 5 Bytes JMP 001F0600
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] ADVAPI32.dll!SetServiceObjectSecurity 76EA6CD9 5 Bytes JMP 001F1014
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] ADVAPI32.dll!ChangeServiceConfigA 76EA6DD9 5 Bytes JMP 001F0804
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] ADVAPI32.dll!ChangeServiceConfigW 76EA6F81 5 Bytes JMP 001F0A08
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] ADVAPI32.dll!ChangeServiceConfig2A 76EA7099 5 Bytes JMP 001F0C0C
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] ADVAPI32.dll!ChangeServiceConfig2W 76EA71E1 5 Bytes JMP 001F0E10
.text C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe[4476] ADVAPI32.dll!CreateServiceA 76EA72A1 5 Bytes JMP 001F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] kernel32.dll!CreateThread 75F8CB2E 5 Bytes JMP 6CE57303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] kernel32.dll!GetBinaryTypeW + 70 75F92467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!CreateDialogParamW 76B572A2 5 Bytes JMP 6CFE66A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!GetAsyncKeyState 76B5863C 5 Bytes JMP 6CE3DD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!SetWindowsHookExW 76B587AD 5 Bytes JMP 6CE92194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!CallNextHookEx 76B58E3B 5 Bytes JMP 6CEB7BAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!UnhookWindowsHookEx 76B598DB 5 Bytes JMP 6CEDEB00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!EnableWindow 76B5CD8B 5 Bytes JMP 6CE99A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!DefWindowProcA 76B5DB88 7 Bytes JMP 6CE5952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!CreateWindowExA 76B5DC2A 5 Bytes JMP 6CE63363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!CreateWindowExW 76B61305 5 Bytes JMP 6CEBFF87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!GetKeyState 76B68CB1 5 Bytes JMP 6CE3DC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!DefWindowProcW 76B703B4 7 Bytes JMP 6CEB7C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!IsDialogMessageW 76B70745 5 Bytes JMP 6CFE6E05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!CreateDialogParamA 76B717AA 5 Bytes JMP 6CFE6668 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!IsDialogMessage 76B71847 2 Bytes JMP 6CFE6DDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!IsDialogMessage + 3 76B7184A 2 Bytes [47, F6]
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!CreateDialogIndirectParamA 76B726F1 5 Bytes JMP 6CFE66D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!CreateDialogIndirectParamW 76B79A62 5 Bytes JMP 6CFE6710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!SetKeyboardState 76B80987 5 Bytes JMP 6CFE76D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!DialogBoxParamW 76B810B0 5 Bytes JMP 6CDF170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!DialogBoxIndirectParamW 76B82EF5 5 Bytes JMP 6CFE6336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!SendInput 76B82F75 5 Bytes JMP 6CFE7679 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!EndDialog 76B8326E 5 Bytes JMP 6CFE70B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!SetCursorPos 76B96FB2 5 Bytes JMP 6CFE7752 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!DialogBoxParamA 76B98152 5 Bytes JMP 6CFE62D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!DialogBoxIndirectParamA 76B9847D 5 Bytes JMP 6CFE639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!MessageBoxIndirectA 76BAD4D9 5 Bytes JMP 6CFE6258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!MessageBoxIndirectW 76BAD5D3 5 Bytes JMP 6CFE61DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!MessageBoxExA 76BAD639 5 Bytes JMP 6CFE617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!MessageBoxExW 76BAD65D 5 Bytes JMP 6CFE6117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!keybd_event 76BAD972 5 Bytes JMP 6CFE7636 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] SHELL32.dll!SHRestricted + D95 760B89A8 4 Bytes [CF, 01, CC, 68]
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] SHELL32.dll!SHRestricted + D9D 760B89B0 8 Bytes [E0, 61, CB, 68, 79, F7, CB, ...] {LOOPNZ 0x63; RETF ; PUSH 0x68cbf779}
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] ole32.dll!OleLoadFromStream 77121E80 5 Bytes JMP 6CFE6B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\S-1-5-21-358367821-2992595346-2156595993-1000 0 bytes
File C:\avast! sandbox\S-1-5-21-358367821-2992595346-2156595993-1000\r126 0 bytes
File C:\avast! sandbox\S-1-5-21-358367821-2992595346-2156595993-1000\r126\Defogger.exe_{2230386a-5f85-11e1-bfe7-001d0921d950} 0 bytes
File C:\avast! sandbox\S-1-5-21-358367821-2992595346-2156595993-1000\r126\Defogger.exe_{22303870-5f85-11e1-bfe7-001d0921d950} 0 bytes
File C:\avast! sandbox\S-1-5-21-358367821-2992595346-2156595993-1000\r126\Defogger.exe_{22303876-5f85-11e1-bfe7-001d0921d950} 0 bytes
File C:\avast! sandbox\snx_rhive 262144 bytes
File C:\avast! sandbox\snx_rhive.LOG1 5120 bytes
File C:\avast! sandbox\snx_rhive.LOG2 0 bytes
File C:\avast! sandbox\snx_rhive{2230386c-5f85-11e1-bfe7-001d0921d950}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{2230386c-5f85-11e1-bfe7-001d0921d950}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{2230386c-5f85-11e1-bfe7-001d0921d950}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{22303872-5f85-11e1-bfe7-001d0921d950}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{22303872-5f85-11e1-bfe7-001d0921d950}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{22303872-5f85-11e1-bfe7-001d0921d950}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

---- EOF - GMER 1.0.15 ----

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:33 PM

Posted 25 February 2012 - 05:48 AM

No need to create a new thread so I merge your two topics.

Edited by sempai, 25 February 2012 - 10:10 AM.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:33 PM

Posted 25 February 2012 - 10:16 AM

We need to run some more scans:


:step1: Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Note: Do not install Avast anti virus when offered.


:step2: Please download Malwarebytes' Anti-Malware from here:

MalwareBytes' AntiMalware download link

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#10 LouiseMorgan

LouiseMorgan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 27 February 2012 - 04:25 AM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-27 03:59:06
-----------------------------
03:59:06.452 OS Version: Windows 6.0.6002 Service Pack 2
03:59:06.452 Number of processors: 4 586 0xF0B
03:59:06.452 ComputerName: LOUISE-PC UserName: Louise
03:59:24.111 Initialize success
03:59:24.594 AVAST engine defs: 12022604
03:59:27.496 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:59:27.496 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
03:59:27.792 Disk 0 MBR read successfully
03:59:27.792 Disk 0 MBR scan
03:59:27.792 Disk 0 Windows VISTA default MBR code
03:59:27.792 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
03:59:27.824 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640
03:59:27.839 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 289829 MB offset 31569920
03:59:27.870 Disk 0 scanning sectors +625139712
03:59:27.964 Disk 0 scanning C:\Windows\system32\drivers
03:59:38.132 Service scanning
04:00:00.596 Modules scanning
04:00:09.628 Disk 0 trace - called modules:
04:00:09.660 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastorv.sys hal.dll
04:00:09.660 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c43ac8]
04:00:09.660 3 CLASSPNP.SYS[8afaa8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86597030]
04:00:15.260 AVAST engine scan C:\Windows
04:00:20.564 AVAST engine scan C:\Windows\system32
04:03:59.269 AVAST engine scan C:\Windows\system32\drivers
04:04:27.443 AVAST engine scan C:\Users\Louise
04:13:40.691 AVAST engine scan C:\ProgramData
04:14:53.309 Scan finished successfully
04:20:18.276 Disk 0 MBR has been saved successfully to "C:\Users\Louise\Desktop\MBR.dat"
04:20:18.291 The log file has been saved successfully to "C:\Users\Louise\Desktop\aswMBR.txt"






Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.26.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Louise :: LOUISE-PC [administrator]

Protection: Enabled

2/27/2012 4:01:16 AM
mbam-log-2012-02-27 (04-01-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 173632
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:33 PM

Posted 27 February 2012 - 06:45 AM

Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:33 PM

Posted 01 March 2012 - 07:16 PM

Are you still with me?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:33 PM

Posted 03 March 2012 - 08:21 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users