TechSpot

[A] I'm infected with the redirect bug

By JohnH11
Feb 10, 2012
  1. My frustration level has reached its’ limit. I have lost count on how long I have been infected with this nasty bug, but it’s been a long time. I’ve run almost every scan to try to get rid of it to no avail. To reiterate I am infected with the search engine result hijacks/redirects. Meaning I’ll search for something in a search engine like Bing or Google and when I go to click the link it redirects me to a whole other site that has nothing to do with the intended site I was trying to enter. I don’t really know what infection it is mainly because I’ve read where it’s described as a virus, malware, spyware, etc. So I’ve never really taken a hold of what exactly it is. I have been able to document the sites, they are: feed.bizzclick.com, click.scour, get answers fast, gimme answers, search fast results, happili, admarketplace.net. Quite a few as you can tell. I’ve learned to deal with it, for example if I search something and click the link immediately I won’t be redirected, but if I wait more than two seconds then I’ll be redirected. Another one is when I have the results I’ll hover the cursor over the link and the url address will show up at the bottom, once I click and hold the link the url address will then change to mainly feed.bizzclick.com or another mainly composed of numbers. I’ll then drag the link a little bit and let it fall back so as to not actually enter the site, then when I would hover over it the link would have permanently changed, so it’s longer what it originally was but the hijack site. All the other result links are fine and I can click them without being redirected, seems it only affects one link.
    So as you see I’ve learned to deal with it, but I don’t want that, I want to permanently get rid of it. Like I stated I have ran many scans in attempts to get rid of it. I’ve also read instructions on how to manually get rid of it, I’m somewhat advanced when it comes to working with computers, but not enough where I can comfortably mess with the registry or anything dealing with the OS for that matter. I’ve run MalwareBytes, SuperAntiSpyware, Avast anti-virus, CCleaner, Hitman pro, Norton Power Eraser, and TDSKiller. They were unable to successfully remove the bug. I’ve also tried to run Spyware Doctor, Spybot, Ad Aware, Hijackthis, and Bitdefender. I was unable to use these programs because I had difficulty and/or problems installing them. One problem was that they were unable to connect to the internet, I have an internet connection but some programs fail to connect to it. I was able to install Hijackthis, but it told me to copy and paste the program to the hard drive in order to successfully use it right which threw me off a bit, I then read statements while researching that said to cautionary use that program and under the orders of pros because it could cause some problems so I uninstalled it and decided to use it when told to.
    I ran SuperAntiSpyware in safe mode and it found over 100 infections, to which I successfully removed, was hoping that the hijack bug was in there but to my disappointment it wasn’t. I apologize if the post is a bit long, but I really wanted to be thorough and specific in my description of my problem. Really hoping someone can help me to finally get rid of it. By the way my default browser is the lastest version of Firefox and all my add-ons are up to date, I only have one’s that I need, i.e. flash, Java. I don’t use IE, pretty much ignore it, used a dummy proxy on it. The proxy server is directed to 0.0.0.0 and port 80. Nothing is updated on it, hopefully that isn’t a liability or the origins of the problems. If you have further questions or requests feel free to ask, I’ll be patiently waiting.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    Just an update on my situation. I did a startup scan with Avast and it appears to have gotten rid of the hijacking, my searches are no longer being redirected. So I no longer need any assistance in fixing the problem I had since it seems to be gone. I have the bugs in my vault if you would still want to see what I had I have no problem posting them. Though I still have problems with some of my programs not being able to connect/detect the internet, should I post this problem in another section of the forum?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I suggest you follow my previous reply.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Reopened....
     
  6. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    MBAM log:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.22.04

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 7.0.6002.18005
    Steve :: STEVE-PC [administrator]

    2/22/2012 3:38:53 PM
    mbam-log-2012-02-22 (15-38-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 178494
    Time elapsed: 8 minute(s), 31 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  7. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-23 22:15:13
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-75L9A0 rev.01.03E01
    Running: 7pu3g73d.exe; Driver: C:\Users\Steve\AppData\Local\Temp\ugloypob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D439FC4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D43C456]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D43C4AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D43C5C4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D43C3AC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D43C4FE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D43C400]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D43C572]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D439FE8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D439DB2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D43A00C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D43C9BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D43AAA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D43C486]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D43C4D6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D43C5EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D43C3D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D43C53E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D43C42E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D43C59C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D43A96A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D43A030]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D43A054]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D439E0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D439F48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D439F24]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D439F6C]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8D537640]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D43A078]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D5C07A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 10D 828C7890 4 Bytes [C4, 9F, 43, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 1D1 828C7954 8 Bytes [56, C4, 43, 8D, AE, C4, 43, ...] {PUSH ESI; LES EAX, DWORD [EBX-0x73]; SCASB ; LES EAX, DWORD [EBX-0x73]}
    .text ntkrnlpa.exe!KeSetEvent + 1DD 828C7960 4 Bytes [C4, C5, 43, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 828C7978 4 Bytes [AC, C3, 43, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 215 828C7998 8 Bytes [FE, C4, 43, 8D, 00, C4, 43, ...] {INC AH; INC EBX; LEA EAX, [EAX]; LES EAX, DWORD [EBX-0x73]}
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 829F25C7 5 Bytes JMP 8D5BD69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 82A4B4F3 5 Bytes JMP 8D5BF15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A54E18 4 Bytes CALL 8D43B025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A58A8C 4 Bytes CALL 8D43B03B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AACDAE 7 Bytes JMP 8D5C07A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text win32k.sys!EngCreateRectRgn + 4537 97ABFC90 5 Bytes JMP 8D43D0D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTransparentBlt + 8C03 97AE2407 5 Bytes JMP 8D43C9F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 30F1 97AEEA84 5 Bytes JMP 8D43CF90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 455C 97AEFEEF 5 Bytes JMP 8D43CB9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 119C6 97B09A25 5 Bytes JMP 8D43CDE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 11A1A 97B09A79 5 Bytes JMP 8D43CFBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 60DE 97B33371 5 Bytes JMP 8D43CABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMulDiv + 4D3A 97B39CA9 5 Bytes JMP 8D43CC0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStrokePath + 5FF 97B46FFC 5 Bytes JMP 8D43CAD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!STROBJ_vEnumStart + 4728 97B76B49 5 Bytes JMP 8D43CB56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + E80 97B950A6 5 Bytes JMP 8D43CD14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!CLIPOBJ_bEnum + 248 97B9A902 5 Bytes JMP 8D43CC6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + A0F 97BBD707 5 Bytes JMP 8D43CCA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + D23F 97BC9F37 5 Bytes JMP 8D43CD4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    ? C:\Users\Steve\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    ? C:\Users\Steve\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\wuauclt.exe[276] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000601F8
    .text C:\Windows\system32\wuauclt.exe[276] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000603FC
    .text C:\Windows\system32\wuauclt.exe[276] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\wuauclt.exe[276] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00070600
    .text C:\Windows\system32\wuauclt.exe[276] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00070804
    .text C:\Windows\system32\wuauclt.exe[276] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00070A08
    .text C:\Windows\system32\wuauclt.exe[276] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000701F8
    .text C:\Windows\system32\wuauclt.exe[276] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000703FC
    .text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\svchost.exe[468] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[468] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[468] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\svchost.exe[468] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00BF0600
    .text C:\Windows\system32\svchost.exe[468] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00BF0804
    .text C:\Windows\system32\svchost.exe[468] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00BF0A08
    .text C:\Windows\system32\svchost.exe[468] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 00BF01F8
    .text C:\Windows\system32\svchost.exe[468] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 00BF03FC
    .text C:\Windows\System32\svchost.exe[472] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[472] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[472] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00070600
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00070804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00070A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\csrss.exe[528] KERNEL32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[572] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[572] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[572] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wininit.exe[572] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00060600
    .text C:\Windows\system32\wininit.exe[572] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\wininit.exe[572] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\wininit.exe[572] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\wininit.exe[572] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\csrss.exe[580] KERNEL32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[612] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[612] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[612] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\winlogon.exe[612] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 000A0600
    .text C:\Windows\system32\winlogon.exe[612] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 000A0804
    .text C:\Windows\system32\winlogon.exe[612] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 000A0A08
    .text C:\Windows\system32\winlogon.exe[612] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000A01F8
    .text C:\Windows\system32\winlogon.exe[612] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000A03FC
    .text C:\Windows\system32\services.exe[656] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\services.exe[656] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\services.exe[656] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\services.exe[656] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
    .text C:\Windows\system32\services.exe[656] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\services.exe[656] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\services.exe[656] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\services.exe[656] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsass.exe[672] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
     
  8. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    .text C:\Windows\system32\lsass.exe[672] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\lsass.exe[672] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
    .text C:\Windows\system32\lsass.exe[672] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\lsass.exe[672] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\lsass.exe[672] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\lsass.exe[672] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsm.exe[680] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsm.exe[680] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsm.exe[680] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Dell\DellDock\DellDock.exe[764] KERNEL32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\RtHDVCpl.exe[828] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
    .text C:\Windows\RtHDVCpl.exe[828] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
    .text C:\Windows\RtHDVCpl.exe[828] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 002703FC
    .text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00270600
    .text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00271014
    .text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00270804
    .text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00270A08
    .text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00270C0C
    .text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00270E10
    .text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 002701F8
    .text C:\Windows\RtHDVCpl.exe[828] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00280600
    .text C:\Windows\RtHDVCpl.exe[828] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00280804
    .text C:\Windows\RtHDVCpl.exe[828] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00280A08
    .text C:\Windows\RtHDVCpl.exe[828] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 002801F8
    .text C:\Windows\RtHDVCpl.exe[828] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 002803FC
    .text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[916] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[916] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00A50600
    .text C:\Windows\system32\svchost.exe[916] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00A50804
    .text C:\Windows\system32\svchost.exe[916] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00A50A08
    .text C:\Windows\system32\svchost.exe[916] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 00A501F8
    .text C:\Windows\system32\svchost.exe[916] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 00A503FC
    .text C:\Windows\System32\svchost.exe[952] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[952] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[952] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 001A0600
    .text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 001A0804
    .text C:\Windows\System32\svchost.exe[952] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 001A0A08
    .text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001A01F8
    .text C:\Windows\System32\svchost.exe[952] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001A03FC
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00170600
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00170804
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00170A08
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001701F8
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001703FC
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001803FC
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00180600
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00181014
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00180804
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00180A08
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00180C0C
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00180E10
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001801F8
    .text C:\Windows\System32\svchost.exe[1040] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00240600
    .text C:\Windows\System32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00240804
    .text C:\Windows\System32\svchost.exe[1040] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00240A08
    .text C:\Windows\System32\svchost.exe[1040] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 002401F8
    .text C:\Windows\System32\svchost.exe[1040] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 002403FC
    .text C:\Windows\System32\svchost.exe[1116] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00D10600
    .text C:\Windows\System32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00D10804
    .text C:\Windows\System32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00D10A08
    .text C:\Windows\System32\svchost.exe[1116] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 00D101F8
    .text C:\Windows\System32\svchost.exe[1116] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 00D103FC
    .text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00100600
    .text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00100804
    .text C:\Windows\system32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00100A08
    .text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001001F8
    .text C:\Windows\system32\svchost.exe[1128] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001003FC
    .text C:\Windows\system32\AUDIODG.EXE[1204] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000901F8
    .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000B01F8
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000401F8
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000403FC
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000603FC
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00060600
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00061014
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00060804
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00060A08
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00060C0C
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00060E10
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000601F8
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00070600
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00070804
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00070A08
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000701F8
    .text C:\Windows\servicing\TrustedInstaller.exe[1264] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00B00600
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00B00804
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00B00A08
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 00B001F8
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 00B003FC
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00180600
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00180804
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\svchost.exe[1432] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1432] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00360600
    .text C:\Windows\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00360804
    .text C:\Windows\system32\svchost.exe[1432] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00360A08
    .text C:\Windows\system32\svchost.exe[1432] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 003601F8
    .text C:\Windows\system32\svchost.exe[1432] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 003603FC
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1540] kernel32.dll!SetUnhandledExceptionFilter 76CEA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
     
  9. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1540] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001401F8
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001403FC
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00160600
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00160804
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00160A08
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001601F8
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001603FC
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001701F8
    .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00DC0600
    .text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00DC0804
    .text C:\Windows\system32\svchost.exe[1588] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00DC0A08
    .text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 00DC01F8
    .text C:\Windows\system32\svchost.exe[1588] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 00DC03FC
    .text C:\Windows\system32\igfxsrvc.exe[1868] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
    .text C:\Windows\system32\igfxsrvc.exe[1868] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
    .text C:\Windows\system32\igfxsrvc.exe[1868] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\igfxsrvc.exe[1868] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00170600
    .text C:\Windows\system32\igfxsrvc.exe[1868] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00170804
    .text C:\Windows\system32\igfxsrvc.exe[1868] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00170A08
    .text C:\Windows\system32\igfxsrvc.exe[1868] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001701F8
    .text C:\Windows\system32\igfxsrvc.exe[1868] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001703FC
    .text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001803FC
    .text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00180600
    .text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00181014
    .text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00180804
    .text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00180A08
    .text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00180C0C
    .text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00180E10
    .text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001801F8
    .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000A03FC
    .text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 000A0600
    .text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 000A1014
    .text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 000A0804
    .text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 000A0A08
    .text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 000A0C0C
    .text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 000A0E10
    .text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000A01F8
    .text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 001E0600
    .text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 001E0804
    .text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 001E0A08
    .text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001E01F8
    .text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001E03FC
    .text C:\Windows\system32\svchost.exe[1952] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1952] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1952] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00150600
    .text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00150804
    .text C:\Windows\system32\svchost.exe[1952] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00150A08
    .text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001501F8
    .text C:\Windows\system32\svchost.exe[1952] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001503FC
    .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\SearchIndexer.exe[2052] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\SearchIndexer.exe[2052] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
    .text C:\Windows\system32\SearchIndexer.exe[2052] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\SearchIndexer.exe[2052] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\SearchIndexer.exe[2052] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\SearchIndexer.exe[2052] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\wbem\unsecapp.exe[2120] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
    .text C:\Windows\System32\hkcmd.exe[2296] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
    .text C:\Windows\System32\hkcmd.exe[2296] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
    .text C:\Windows\System32\hkcmd.exe[2296] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\System32\hkcmd.exe[2296] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00180600
    .text C:\Windows\System32\hkcmd.exe[2296] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00180804
    .text C:\Windows\System32\hkcmd.exe[2296] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00180A08
    .text C:\Windows\System32\hkcmd.exe[2296] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001801F8
    .text C:\Windows\System32\hkcmd.exe[2296] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001803FC
    .text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 002903FC
    .text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00290600
    .text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00291014
    .text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00290804
    .text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00290A08
    .text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00290C0C
    .text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00290E10
    .text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 002901F8
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00070600
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00070804
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00070A08
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
    .text C:\Windows\System32\igfxtray.exe[2492] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
    .text C:\Windows\System32\igfxtray.exe[2492] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
    .text C:\Windows\System32\igfxtray.exe[2492] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\System32\igfxtray.exe[2492] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00180600
    .text C:\Windows\System32\igfxtray.exe[2492] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00180804
    .text C:\Windows\System32\igfxtray.exe[2492] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00180A08
    .text C:\Windows\System32\igfxtray.exe[2492] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001801F8
    .text C:\Windows\System32\igfxtray.exe[2492] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001803FC
    .text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001903FC
    .text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00190600
    .text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00191014
    .text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00190804
    .text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00190A08
     
  10. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    .text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00190C0C
    .text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00190E10
    .text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001901F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[2496] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000C03FC
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2592] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\taskeng.exe[2788] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[2788] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[2788] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\taskeng.exe[2788] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\taskeng.exe[2788] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\taskeng.exe[2788] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\taskeng.exe[2788] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\taskeng.exe[2788] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000C03FC
    .text C:\Windows\System32\igfxpers.exe[2872] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
    .text C:\Windows\System32\igfxpers.exe[2872] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
    .text C:\Windows\System32\igfxpers.exe[2872] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\System32\igfxpers.exe[2872] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00170600
    .text C:\Windows\System32\igfxpers.exe[2872] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00170804
    .text C:\Windows\System32\igfxpers.exe[2872] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00170A08
    .text C:\Windows\System32\igfxpers.exe[2872] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001701F8
    .text C:\Windows\System32\igfxpers.exe[2872] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001703FC
    .text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001803FC
    .text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00180600
    .text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00181014
    .text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00180804
    .text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00180A08
    .text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00180C0C
    .text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00180E10
    .text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001801F8
    .text C:\Windows\system32\taskeng.exe[3048] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[3048] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[3048] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[3048] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
    .text C:\Windows\system32\taskeng.exe[3048] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\taskeng.exe[3048] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\taskeng.exe[3048] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\taskeng.exe[3048] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00170600
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00170804
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00090600
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00090804
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00090A08
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000901F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000903FC
    .text C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe[3260] KERNEL32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00070600
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00070804
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00070A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
    .text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 002F03FC
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 002F0600
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 002F1014
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 002F0804
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 002F0A08
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 002F0C0C
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 002F0E10
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 002F01F8
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00300600
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00300804
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00300A08
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 003001F8
    .text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 003003FC
    .text C:\Windows\system32\WerCon.exe[3548] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\WerCon.exe[3548] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\WerCon.exe[3548] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\WerCon.exe[3548] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00090600
    .text C:\Windows\system32\WerCon.exe[3548] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00090804
    .text C:\Windows\system32\WerCon.exe[3548] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00090A08
    .text C:\Windows\system32\WerCon.exe[3548] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000901F8
    .text C:\Windows\system32\WerCon.exe[3548] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000903FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00180600
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00180804
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001801F8
     
  11. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!SetWindowLongA 76F0E7CD 5 Bytes JMP 621101A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!SetWindowLongW 76F113B4 5 Bytes JMP 62110135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!GetWindowInfo 76F1428E 5 Bytes JMP 61EA0924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!TrackPopupMenu 76F214F3 5 Bytes JMP 61EA0ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Windows\system32\Dwm.exe[3616] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000901F8
    .text C:\Windows\system32\Dwm.exe[3616] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000903FC
    .text C:\Windows\system32\Dwm.exe[3616] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\Dwm.exe[3616] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\Dwm.exe[3616] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\Dwm.exe[3616] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\Dwm.exe[3616] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\Dwm.exe[3616] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000C03FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001601F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001603FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00180600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 61D25B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] kernel32.dll!GetTempFileNameW 76CD1741 5 Bytes JMP 100018E0 C:\Users\Steve\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] kernel32.dll!CreateFileW 76D0AECB 5 Bytes JMP 10002150 C:\Users\Steve\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000D03FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 000D0600
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 000D1014
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 000D0804
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 000D0A08
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 000D0C0C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 000D0E10
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000D01F8
    .text C:\Windows\system32\svchost.exe[3752] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[3752] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[3752] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00170600
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00170804
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000401F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000403FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000603FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00060600
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00061014
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00060804
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00060A08
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00060C0C
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00060E10
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000601F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00070600
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00070804
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00070A08
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00070600
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00070804
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00070A08
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000C03FC
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 000C0600
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 000C1014
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 000C0804
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 000C0A08
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 000C0C0C
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 000C0E10
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000C01F8
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 000D0600
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 000D0804
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 000D0A08
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000D01F8
    .text C:\Program Files\Windows Defender\MSASCui.exe[3980] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000D03FC
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3984] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\Explorer.EXE[4032] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
    .text C:\Windows\Explorer.EXE[4032] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
    .text C:\Windows\Explorer.EXE[4032] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
    .text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
    .text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
    .text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
    .text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
    .text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
    .text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
    .text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
    .text C:\Windows\Explorer.EXE[4032] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
    .text C:\Windows\Explorer.EXE[4032] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
    .text C:\Windows\Explorer.EXE[4032] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
    .text C:\Windows\Explorer.EXE[4032] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
    .text C:\Windows\Explorer.EXE[4032] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\NOTEPAD.EXE[4256] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Windows\system32\NOTEPAD.EXE[4312] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
    .text C:\Users\Steve\Desktop\7pu3g73d.exe[6020] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\services.exe[656] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
    IAT C:\Windows\system32\services.exe[656] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 010CE660
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 010CE140
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 010CD2A0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 010CEBE0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 010CC260
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 010CBBD0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 010CBF90
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 010CD100
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 010CD7C0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 010CD550
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 010CD740
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 010CDC20
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 010CD930
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 010CD450
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 010CD690
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 010CD240
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 010CD0C0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 010CE680
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 010CC110
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 010CE3A0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 010CE2C0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 010CE280
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 010CC940
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 010CBA30
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 010CD340
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 010CB9A0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 010CBC80
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 010CA730
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 010CCC90
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 010CE650
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 010CE920
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 010CE8C0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 010CEB10
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 010CEBB0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 010CE9E0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 010CE5D0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 010CE580

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\$NtUninstallKB47863$\1597839925 0 bytes
    File C:\Windows\$NtUninstallKB47863$\1597839925\@ 2048 bytes
    File C:\Windows\$NtUninstallKB47863$\1597839925\bckfg.tmp 823 bytes
    File C:\Windows\$NtUninstallKB47863$\1597839925\cfg.ini 77 bytes
    File C:\Windows\$NtUninstallKB47863$\1597839925\Desktop.ini 4608 bytes
    File C:\Windows\$NtUninstallKB47863$\1597839925\kwrd.dll 208896 bytes
    File C:\Windows\$NtUninstallKB47863$\1597839925\L 0 bytes
    File C:\Windows\$NtUninstallKB47863$\1597839925\L\ogejidap 185856 bytes
    File C:\Windows\$NtUninstallKB47863$\1597839925\U 0 bytes
    File C:\Windows\$NtUninstallKB47863$\1597839925\U\00000001.@ 2048 bytes
    File C:\Windows\$NtUninstallKB47863$\1597839925\U\00000002.@ 209920 bytes
    File C:\Windows\$NtUninstallKB47863$\1597839925\U\80000000.@ 1024 bytes
    File C:\Windows\$NtUninstallKB47863$\1597839925\U\80000032.@ 71168 bytes
    File C:\Windows\$NtUninstallKB47863$\4212105129 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  12. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    DDS log:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_30
    Run by Steve at 23:58:24 on 2012-02-22
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Replay Media Catcher\FLVSrvc.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Dell Remote Access\ezi_ra.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\WerCon.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Steve\Desktop\dds.scr
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uWindow Title = Internet Explorer provided by Dell
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081208
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyServer = 0.0.0.0:80
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mWinlogon: Userinit=Userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    uRun: [Aim6]
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30618; AskTB5.4)" -"http://www.shockwave.com/gamelanding/football3d.jsp"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [Performance Center] c:\program files\ascentive\performance center\ApcMain.exe -m
    mRun: [Ask and Record FLV Service] "c:\program files\replay media catcher\FLVSrvc.exe" /run
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    dRun: [AntiSpyware Service] c:\windows\temp\jebqx98xo.exe
    dRun: [Windows System Recover!] c:\windows\temp\login.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
    TCP: Interfaces\{F882070E-ED29-47A7-8387-06A7A44F36E7} : DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\acn8vfbr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? hitmanpro35;Hitman Pro 3.5 Support Driver
    R? Viewpoint Manager Service;Viewpoint Manager Service
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    S? !SASCORE;SAS Core Service
    S? aswFsBlk;aswFsBlk
    S? aswMonFlt;aswMonFlt
    S? aswSnx;aswSnx
    S? aswSP;aswSP
    S? avast! Antivirus;avast! Antivirus
    S? DockLoginService;Dock Login Service
    S? FontCache;Windows Font Cache Service
    S? SASDIFSV;SASDIFSV
    S? SASKUTIL;SASKUTIL
    .
    =============== Created Last 30 ================
    .
    2012-02-22 02:30:00 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4aba634b-9c5b-4aa6-ab32-26679405abea}\mpengine.dll
    2012-01-27 05:09:31 -------- d-----w- c:\users\steve\appdata\roaming\TestApp
    2012-01-27 04:28:02 -------- d-----w- c:\program files\ESET
    2012-01-26 00:24:26 -------- d-----w- c:\program files\Lavasoft
    2012-01-25 22:51:26 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-01-25 22:51:26 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-01-25 22:51:20 41184 ----a-w- c:\windows\avastSS.scr
    .
    ==================== Find3M ====================
    .
    2012-01-29 11:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-25 22:34:29 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
    2011-12-27 05:34:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-15 14:12:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 23:59:11.80 ===============
     
  13. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    Attach log:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume3
    Install Date: 12/7/2008 1:04:31 PM
    System Uptime: 2/22/2012 2:56:50 PM (9 hours ago)
    .
    Motherboard: Dell Inc. | | 0RY007
    Processor: Intel(R) Celeron(R) CPU 450 @ 2.20GHz | Socket 775 | 2194/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 177.357 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.226 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP2016: 2/21/2012 8:22:21 PM - Windows Update
    RP2017: 2/22/2012 5:20:22 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Reader 9
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask & Record Toolbar 4.01
    avast! Free Antivirus
    Browser Address Error Redirector
    CCleaner
    Compatibility Pack for the 2007 Office system
    Dell-eBay
    Dell Best of Web
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Remote Access
    Dell Support Center (Support Software)
    DELL0604
    DivX Version Checker
    DivX Web Player
    GameSpy Arcade
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) PRO Network Connections 12.1.11.0
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 30
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    OGA Notifier 2.0.0048.0
    QuickTime
    Realtek High Definition Audio Driver
    Replay Media Catcher 3.11
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SUPERAntiSpyware
    swMSM
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.762
    WildTangent Games
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/22/2012 2:59:35 PM, Error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The system cannot find the path specified.
    2/22/2012 1:59:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi SASDIFSV SASKUTIL spldr Wanarpv6
    2/22/2012 1:59:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/22/2012 1:59:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/22/2012 1:59:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/22/2012 1:58:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/22/2012 1:58:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/22/2012 1:58:18 PM, Error: EventLog [6008] - The previous system shutdown at 1:54:07 PM on 2/22/2012 was unexpected.
    2/20/2012 4:57:04 AM, Error: netbt [4321] - The name "HOMECOMPUTER-PC:0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.
    2/17/2012 12:38:44 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
    2/17/2012 11:02:21 AM, Error: volsnap [13] - The shadow copy of volume C: could not grow its shadow copy storage on volume C:.
    .
    ==== End Of File ===========================
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Download BTKR_RunBox to your desktop.

    Double click on downloaded BTKR_RunBox.exe file.
    Small RunBox DOS window will open.
    Press any key to continue.
    Press "1" to select "Run a scan with Bootkit Remover" option.
    Press "Enter".
    Press "Enter" one more time to generate log.
    Click OK, IF any "Warning" message pops up.
    Notepad will open with Bootkit Remover log.
    Copy the content and post it in your next reply.
    In RunBox press "4" then Enter to exit it.

    NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
     
  15. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-23 00:04:15
    -----------------------------
    00:04:15.049 OS Version: Windows 6.0.6002 Service Pack 2
    00:04:15.050 Number of processors: 1 586 0x1601
    00:04:15.051 ComputerName: STEVE-PC UserName: Steve
    00:04:17.335 Initialize success
    00:04:18.189 AVAST engine defs: 12022201
    00:05:04.783 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    00:05:04.786 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 01.03E01 Size: 305245MB BusType: 3
    00:05:05.030 Disk 0 MBR read successfully
    00:05:05.034 Disk 0 MBR scan
    00:05:05.038 Disk 0 Windows VISTA default MBR code
    00:05:05.100 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
    00:05:05.156 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
    00:05:05.226 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294956 MB offset 21069824
    00:05:05.328 Disk 0 scanning sectors +625139712
    00:05:05.557 Disk 0 scanning C:\Windows\system32\drivers
    00:06:27.158 Service scanning
    00:06:44.234 Modules scanning
    00:09:51.600 Disk 0 trace - called modules:
    00:09:51.990 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
    00:09:51.997 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854e2210]
    00:09:52.003 3 CLASSPNP.SYS[883a98b3] -> nt!IofCallDriver -> [0x84a67958]
    00:09:52.009 5 acpi.sys[806996bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84a4f528]
    00:09:52.882 AVAST engine scan C:\Windows
    00:12:05.610 AVAST engine scan C:\Windows\system32
    00:27:48.246 AVAST engine scan C:\Windows\system32\drivers
    00:28:27.440 AVAST engine scan C:\Users\Steve
    01:36:42.668 AVAST engine scan C:\ProgramData
    02:26:32.968 Scan finished successfully
    06:37:22.350 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
    06:37:22.398 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.log"
     
  16. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    I'm having difficulty running BTKR_RunBox, when I press any key to continue the same original message keeps coming up.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Click on SCAN.
      [/b]
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
     
  18. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    RogueKiller V7.1.0 [02/15/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User: Steve [Admin rights]
    Mode: Scan -- Date: 02/25/2012 01:10:31

    ¤¤¤ Bad processes: 2 ¤¤¤
    [SUSP PATH] FLVSrvLib.dll -- C:\Users\Steve\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
    [SUSP PATH] FLVSrvLib.dll -- C:\Users\Steve\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED

    ¤¤¤ Registry Entries: 10 ¤¤¤
    [SUSP PATH] HKUS\.DEFAULT[...]\Run : AntiSpyware Service (C:\Windows\TEMP\jebqx98xo.exe) -> FOUND
    [SUSP PATH] HKUS\.DEFAULT[...]\Run : Windows System Recover! (C:\Windows\TEMP\login.exe) -> FOUND
    [SUSP PATH] HKUS\S-1-5-18[...]\Run : AntiSpyware Service (C:\Windows\TEMP\jebqx98xo.exe) -> FOUND
    [SUSP PATH] HKUS\S-1-5-18[...]\Run : Windows System Recover! (C:\Windows\TEMP\login.exe) -> FOUND
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (0.0.0.0:80) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200AAKS-75L9A0 ATA Device +++++
    --- User ---
    [MBR] 9839b7b9b5184b3246c5e883f9154a86
    [BSP] cb96dfa00f188250b5f4e01fecd4dba3 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 294956 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  19. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    Some additional comments to RogueKiller, a folder called RK_Quarantine was created on my desktop and during the time the program was open I kept getting a message stating that Internet Explorer was not responding - it kept popping up. But since the scan didn't take long it didn't come up as much. Also the program seemed to find some stuff wrong, but I didn't do anything.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  21. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    I came across a problem trying to run ComboFix. I followed all the procedures, but it detected the following:

    antivirus: Mcafee virusscan
    antivirus: antivir desktop
    antispyware: Mcafee virusscan
    antispyware: antivir desktop

    I was under the impression that I had removed Mcafee, I tried to search for it, but couldn't find anything concrete - just something that windows couldn't open. I attempted once to install Avira, but was also the impression that I quit that program and again I couldn't find anything concrete to remove or disable any of the two.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Run Combofix anyway.
     
  23. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    I don't know if ComboFix worked. It took maybe 10 or so hours scanning, during the scan I got a message from Windows telling me that Freeware implementation of XCACLS has stopped working. I didn't mouseclick anything but the notice that came up, so I'm unaware if it stalled or something happened. I exited and restarted the computer and I got a message that the Application 0x800106ba had failed to initialized. I also got a message telling me that the Recycle Bin is corrupted so I clicked yes to empty that drive. I thought the internet was supposed to be disconnected and some of the computer images be changed, but the icon showed internet and everything was fine. I don't know anymore. Were you at least able to maybe get a hint of what may be wrong that some programs are unable to connect/detect the internet from all the previous logs?
     
  24. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Re-run Combofix from safe mode.
     
  25. JohnH11

    JohnH11 TS Rookie Topic Starter Posts: 23

    Ran ComboFix from safe mode and it said there was rootkit activity and had to reboot. So I clicked reboot, but it didn't seem like it left a log, I even looked in (C:) combofix and still nothing.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...