Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer, malicious URL blocking, FastAntiVirus2011?


  • This topic is locked This topic is locked
13 replies to this topic

#1 jhoybs

jhoybs

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 22 August 2012 - 10:19 PM

I'm working on my wife's friend's desktop. Upon bootup, the system is dog slow and Avast Free Antivirus is periodically blocking malicious URL sites. I installed Malwarebytes Anti-Malware in safe mode and a full scan revealed some Trojans - FastAntiVirus2011 was one of them. After removal and rebooting into normal mode, the problems continue. Avast doesn't pick up anything on a full scan.

Running DDS.COM yielded the error message:

'C:\DOCUME~1\BECKY' is not recognized as an internal or external command, operable program or batch file. The system cannot find the path specified.

Below is the GMER log (MUCH THANKS AHEAD OF TIME!):


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-22 21:57:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 SAMSUNG_SP8004H rev.QW100-61
Running: qpher541.exe; Driver: C:\DOCUME~1\BECKY&~1\LOCALS~1\Temp\ffaoifob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF4C47536]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF4D187BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF4C47F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF4C87C31]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF4C52D7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF4C52DC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF4C52F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF4C875E5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF4C52CE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF4C52E0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF4C52D30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xF4C48146]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF4C52F02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xF4C488CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF4C47584]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF4C882F7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF4C885AD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF4C4BF36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF4C88162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF4C87FCD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF4D1889E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF4C471EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF4C475D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF4C4C2A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF4C49292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF4C52DA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF4C52DE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF4C52F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF4C87941]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF4C52D0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF4C4BAAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF4C52E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF4C52D58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF4C4BCDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF4C52F26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF4D18A1E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF4C87E48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF4C4915E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF4C87C9A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xF4C48D08]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF4D24338]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF4C86C58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF4C47620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF4C4766E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xF4C4874A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF4C47276]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF4C47426]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF4C883FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF4C473CC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xF4C48A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xF4C48B88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF4C47496]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xF4C48468]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xF4C485CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF4C476BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xF4C47F96]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF4D30744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + F8 804E2764 4 Bytes CALL 9A42EC95
.text ntoskrnl.exe!_abnormal_termination + 398 804E2A04 12 Bytes [20, 76, C4, F4, 6E, 76, C4, ...] {AND [ESI-0x3c], DH; HLT ; OUTSB ; JBE 0xffffffffffffffcb; HLT ; DEC EDX; XCHG ESP, EAX; HLT }
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [2C, 8A, C4, F4, 88, 8B, C4, ...]
PAGE ntoskrnl.exe!ObInsertObject 8056513A 5 Bytes JMP F4D2F0FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB88 4 Bytes CALL F4C49943 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058304C 7 Bytes JMP F4D30748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059EA42 5 Bytes JMP F4D2D61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF80992D 5 Bytes JMP F4C4D8C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C889 5 Bytes JMP F4C4D7B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813921 5 Bytes JMP F4C4D76A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C58B 5 Bytes JMP F4C4CE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240FB 5 Bytes JMP F4C4C538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A65 5 Bytes JMP F4C4DA2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314B0 5 Bytes JMP F4C4DC32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839EE7 5 Bytes JMP F4C4D670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851775 5 Bytes JMP F4C4C3FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BCAA 5 Bytes JMP F4C4CEDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E314 5 Bytes JMP F4C4C992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E39F 5 Bytes JMP F4C4CC58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F612 5 Bytes JMP F4C4C3E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649E1 5 Bytes JMP F4C4D7FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB BF8731DB 5 Bytes JMP F4C4CA52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4138 BF873D18 5 Bytes JMP F4C4CC12 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890E16 5 Bytes JMP F4C4CEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8943C1 5 Bytes JMP F4C4D972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894E99 5 Bytes JMP F4C4DB90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C24E 5 Bytes JMP F4C4CE04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D7E3 5 Bytes JMP F4C4C5A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1D20 5 Bytes JMP F4C4C6B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA1B1 5 Bytes JMP F4C4C790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA431 5 Bytes JMP F4C4C8BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3AFB BF8EBDB4 5 Bytes JMP F4C4C2DE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB0D BF8F4DC6 5 Bytes JMP F4C4CE34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2F BF9142E4 5 Bytes JMP F4C4C4D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2603 BF914EB8 5 Bytes JMP F4C4C664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7C BF917831 5 Bytes JMP F4C4CD72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1947 BF947980 5 Bytes JMP F4C4DAE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\System32\alg.exe[160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\System32\alg.exe[160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\alg.exe[160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\System32\alg.exe[160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
.text C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe[192] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[412] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[436] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[464] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\ctfmon.exe[464] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\ctfmon.exe[464] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\ctfmon.exe[464] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\ctfmon.exe[464] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\ctfmon.exe[464] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\ctfmon.exe[464] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\ctfmon.exe[464] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\ctfmon.exe[464] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\ctfmon.exe[464] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\ctfmon.exe[464] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\ctfmon.exe[464] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\ctfmon.exe[464] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B20804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00B20A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00B20600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00B201F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00B203FC
.text C:\WINDOWS\System32\smss.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[600] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\csrss.exe[632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[632] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00BD1014
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00BD0804
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00BD0A08
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00BD0C0C
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00BD0E10
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00BD01F8
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00BD03FC
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00BD0600
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BC0804
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00BC0A08
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00BC0600
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00BC01F8
.text C:\Documents and Settings\Becky & Darren\My Documents\Downloads\qpher541.exe[852] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00BC03FC
.text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1032] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1032] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1056] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 001A3E39
.text C:\WINDOWS\System32\svchost.exe[1056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 001A47A7
.text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 001A47F6
.text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 001A4856
.text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!IsWindowVisible 7E429E3D 5 Bytes JMP 001A487D
.text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!MessageBoxIndirectW 7E4664D5 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1056] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 001A4974
.text C:\WINDOWS\System32\svchost.exe[1056] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 001A494A
.text C:\WINDOWS\System32\svchost.exe[1056] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 001A4743
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[1432] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\WINDOWS\Explorer.EXE[1544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2228] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03CC0804
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 03CC0A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 03CC0600
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 03CC01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 03CC03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 03CD1014
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 03CD0804
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 03CD0A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 03CD0C0C
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 03CD0E10
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 03CD01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 03CD03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2240] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 03CD0600
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00561014
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00560804
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00560A08
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00560C0C
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00560E10
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005601F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005603FC
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00560600
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00570804
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00570A08
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00570600
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005701F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005703FC
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00571014
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00570804
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00570A08
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00570C0C
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00570E10
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005701F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005703FC
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00570600
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00580804
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00580A08
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00580600
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005801F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005803FC
.text C:\WINDOWS\system32\svchost.exe[2620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2620] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2620] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[2620] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[2620] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[2620] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[2620] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[2620] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[2620] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[2620] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[2620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[2620] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[2620] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[2620] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[2620] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[2648] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2648] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2648] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2648] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2648] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[2648] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[2648] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[2648] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[2648] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[2648] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[2648] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[2648] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[2648] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[2648] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[2648] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[2648] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[2648] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2700] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\WINDOWS\System32\svchost.exe[2736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2736] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\svchost.exe[2736] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[2736] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[2736] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[2736] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[2736] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[2736] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[2736] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[2736] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2852] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\WINDOWS\System32\svchost.exe[2924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2924] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\svchost.exe[2924] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[2924] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[2924] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\svchost.exe[2924] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\svchost.exe[2924] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[2924] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[2924] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[2924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[2924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[2924] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[2924] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[2924] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\WINDOWS\System32\svchost.exe[3004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[3004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[3004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3004] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\svchost.exe[3004] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[3004] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[3004] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[3004] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[3004] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[3004] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[3004] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[3004] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3232] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3280] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 1F, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 1F, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 1F, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 1F, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F51A
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 1F, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 1F, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 1F, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F58B
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 1F, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F6B9
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 1F, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 1F, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 1F, 00]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002101F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002103FC
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00601014
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00600804
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00600A08
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00600C0C
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00600E10
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006001F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006003FC
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00600600
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00610804
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00610A08
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00610600
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006101F8
.text C:\Documents and Settings\Becky & Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006103FC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 jhoybs

jhoybs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 23 August 2012 - 06:41 AM

I just tried running DDS.com in Safe mode w/o networking and I'm getting the same error.

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 PM

Posted 27 August 2012 - 07:17 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

In place of DDS can you run OTL

  • Please download OTL
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.

Posted Image
m0le is a proud member of UNITE

#4 jhoybs

jhoybs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 27 August 2012 - 09:28 PM

Hi m0le, thanks for the help.

Attached are the OTL and Extras files.

Attached Files



#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 PM

Posted 28 August 2012 - 08:25 PM

Gmer spotted rootkit-like behaviour. Let's see what that might be

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#6 jhoybs

jhoybs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 28 August 2012 - 09:38 PM

Here you go...

Attached Files



#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 PM

Posted 29 August 2012 - 02:38 PM

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#8 jhoybs

jhoybs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 29 August 2012 - 06:07 PM

It found a rootkit, repaired and rebooted. Attached is the report...

Attached Files



#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 PM

Posted 29 August 2012 - 07:37 PM

Happy with that. Please run an ESET online scan

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.


Also, let me know how the PC is running.
Posted Image
m0le is a proud member of UNITE

#10 jhoybs

jhoybs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 31 August 2012 - 05:18 PM

After the rootkit removal, things got faster and the Avast blocking popups seemed to stop. I also got update notifications from Windows, Avast and Java so evidently those updates were being blocked. I ran the ESET scanner and it found some things (see attached)...

Attached Files



#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 PM

Posted 31 August 2012 - 10:54 PM

That's looking good. Most of what it found were TDSSKiller quarantine items but there were also a few minor files and adware. Nothing to be worried about.

Sounds like we're at my favourite part of the topic...

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

If you used DeFogger now is the time to enable your CD emulation software again.

We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it jhoybs, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#12 jhoybs

jhoybs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 01 September 2012 - 11:39 AM

Thanks so much!

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 PM

Posted 01 September 2012 - 08:01 PM

You're very welcome :thumbup2:
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 PM

Posted 06 September 2012 - 08:29 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users