Inactive Computer running slow, possible virus again

D

dobysport55

Posts: 119   +0
Hi,

My comp is running slow and I might have a virus...again.

I ran ESET scans and found two trojan associated with gaming websites.
Also my computer is running very slow. Especially on Chrome (which has been
my fastest running browser)

Here is my info...

My GMER is really long.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8235

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/25/2011 4:49:39 PM
mbam-log-2011-11-25 (16-49-39).txt

Scan type: Quick scan
Objects scanned: 189377
Time elapsed: 16 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by MoneyIsDaObject at 21:16:52 on 2011-11-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.829 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Trademanager\AliIM.exe
C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\java.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [aliim] c:\program files\trademanager\aliim.exe
uRun: [Google Update] "c:\users\moneyisdaobject\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] c:\users\moneyisdaobject\appdata\local\akamai\netsession_win.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 205.152.144.23 205.152.132.23 205.152.144.23 205.152.132.23 192.168.1.1
TCP: Interfaces\{17326E47-A1BC-4B5A-926E-7F3F39042A46} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EE86D58F-A459-4265-9B67-2674BEB79697} : DhcpNameServer = 205.152.144.23 205.152.132.23 205.152.144.23 205.152.132.23 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\moneyisdaobject\appdata\roaming\mozilla\firefox\profiles\5ze65ihb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111113&q=
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\trademanager\npwangwang.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\moneyisdaobject\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\moneyisdaobject\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\moneyisdaobject\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-11 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-11 320856]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-11 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-11 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-11 44768]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-3-28 204800]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-12 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-11-8 227896]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-8 136176]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-8 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-17 22216]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-17 366152]
.
=============== Created Last 30 ================
.
2011-11-09 00:10:03 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 00:10:00 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 00:09:59 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-08 05:34:25 -------- d-----w- c:\windows\QLB
2011-11-03 00:45:29 -------- d-----w- c:\users\moneyisdaobject\appdata\local\Akamai
.
==================== Find3M ====================
.
2011-11-16 14:01:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 21:18:34.33 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/8/2010 2:32:57 AM
System Uptime: 11/25/2011 1:17:49 PM (8 hours ago)
.
Motherboard: Hewlett-Packard | | 30D9
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | CPU | 800/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 116.683 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.618 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP400: 10/29/2011 8:26:21 PM - Scheduled Checkpoint
RP401: 11/1/2011 6:00:19 PM - Scheduled Checkpoint
RP402: 11/4/2011 10:49:49 PM - Scheduled Checkpoint
RP403: 11/6/2011 4:22:10 PM - Scheduled Checkpoint
RP405: 11/7/2011 10:02:52 AM - Installed Router
RP407: 11/7/2011 1:45:02 PM - Installed Router
RP409: 11/7/2011 3:03:37 PM - Installed Router
RP411: 11/7/2011 4:29:33 PM - Installed Router
RP412: 11/8/2011 12:32:30 AM - Windows Update
RP413: 11/9/2011 1:23:47 AM - Windows Update
RP414: 11/11/2011 12:48:39 AM - Scheduled Checkpoint
RP415: 11/13/2011 3:00:11 AM - Windows Update
RP416: 11/14/2011 11:38:22 AM - Scheduled Checkpoint
RP417: 11/17/2011 2:42:16 PM - Scheduled Checkpoint
RP418: 11/19/2011 1:39:12 PM - Scheduled Checkpoint
RP419: 11/23/2011 11:31:00 PM - Scheduled Checkpoint
RP420: 11/25/2011 1:55:24 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe CSI CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Help Center 2.1
Adobe Media Player
Adobe Photoshop CS2
Adobe Reader X (10.1.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Adobe Stock Photos 1.0
Adobe Update Manager CS4
AI RoboForm (All Users)
AIM 7
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Audacity 1.2.6
avast! Free Antivirus
BitTorrent
BufferChm
Camtasia Studio 7
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Connect
Content Bully
Copy
CustomerResearchQFolder
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
eSupportQFolder
FileZilla Client 3.5.1
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
GoToMeeting 5.0.0.799
GPBaseService
GPBaseService2
HamsterFreeVideoConverter
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 11.0
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 11.0
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Quick Launch Buttons
HP Smart Web Printing
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guides 0093
HP Wireless Assistant
HPDiagnosticAlert
HPNetworkAssistant
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) TV Wizard
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
kuler
Linksys EasyLink Advisor
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.24)
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NetWaiting
OGA Notifier 2.0.0048.0
PokerStars
Power2Go
PowerDirector
PSSWCORE
Pure Networks Platform
QLBCASL
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
S3 Browser version 2.9.2
Scan
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Segoe UI
Shop for HP Supplies
Skype Toolbars
Skype™ 5.3
SmartWebPrinting
Snagit 10
SolutionCenter
Spybot - Search & Destroy
Status
Suite Shared Configuration CS4
Toolbox
Touch Pad Driver
TradeManager 2011 Beta2
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
WeatherBug Gadget
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
Xvid 1.2.1 final uninstall
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
11/25/2011 4:27:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
11/25/2011 10:37:38 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/21/2011 5:40:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/19/2011 5:00:13 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001F3AAB45B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
Here is my GMER
Like I said its realy long...

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-25 20:52:27
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0001
Running: b3wq2iys.exe; Driver: C:\Users\MONEYI~1\AppData\Local\Temp\kwtyapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D4DA374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D4DC996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D4DC9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D4DCB04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D4DC8EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D4DCA3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D4DC940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D4DCAB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D4DA398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D4DA162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D4DA3BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D4DCEFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D4DAE54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D4DC9C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D4DCA16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D4DCB2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D4DC918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D4DCA7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D4DC96E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D4DCADC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D4DAD1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D4DA3E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D4DA404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D4DA1BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D4DA2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D4DA2D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D4DA31C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D4DA428]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D9079A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 822BD890 4 Bytes [74, A3, 4D, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1D1 822BD954 8 Bytes [96, C9, 4D, 8D, EE, C9, 4D, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 822BD960 4 Bytes [04, CB, 4D, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1F5 822BD978 4 Bytes [EC, C8, 4D, 8D]
.text ntkrnlpa.exe!KeSetEvent + 215 822BD998 8 Bytes [3E, CA, 4D, 8D, 40, C9, 4D, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 823E862F 5 Bytes JMP 8D9033DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82441543 5 Bytes JMP 8D904E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8244AE68 4 Bytes CALL 8D4DB4C5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8244EADC 4 Bytes CALL 8D4DB4DB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 824A2DCA 7 Bytes JMP 8D9079AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 4537 8FA9FC90 5 Bytes JMP 8D4DD5E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 8FAB8EC9 5 Bytes JMP 8D4DDFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 8FAB9CB5 5 Bytes JMP 8D4DE118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 8FAC2417 5 Bytes JMP 8D4DCF32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 8FAC336E 5 Bytes JMP 8D4DDD7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 30F6 8FACEAA7 5 Bytes JMP 8D4DD4BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4569 8FACFF1A 5 Bytes JMP 8D4DD0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119BE 8FAE9A45 5 Bytes JMP 8D4DD326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A12 8FAE9A99 5 Bytes JMP 8D4DD4CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 8FB10A7E 5 Bytes JMP 8D4DDD0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 8FB133DD 5 Bytes JMP 8D4DCFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 8FB19D2E 5 Bytes JMP 8D4DD14A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B42 8FB241CC 5 Bytes JMP 8D4DE1BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 8FB270B4 5 Bytes JMP 8D4DD016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 81C 8FB454D5 5 Bytes JMP 8D4DDEFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6EC2 8FB4BB7B 5 Bytes JMP 8D4DDD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 8FB4F2EA 5 Bytes JMP 8D4DDE48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 8FB56C09 5 Bytes JMP 8D4DD096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 8FB751A4 5 Bytes JMP 8D4DD254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 8FB7AA22 5 Bytes JMP 8D4DD1AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 8FB7E55A 5 Bytes JMP 8D4DE070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 8FB9CA67 5 Bytes JMP 8D4DD1E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D229 8FBA9281 5 Bytes JMP 8D4DD28E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\csrss.exe[520] KERNEL32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[556] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[556] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[556] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wininit.exe[564] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[564] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[564] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[564] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[564] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[576] KERNEL32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\services.exe[608] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[608] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[608] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[608] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[608] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[608] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[608] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[608] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[620] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[620] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[620] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
 
C:\Windows\system32\lsass.exe[620] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[620] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[620] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[620] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[620] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[632] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\lsm.exe[632] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000903FC
.text C:\Windows\system32\lsm.exe[632] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000C01F8
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[700] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[712] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[712] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[712] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[712] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\winlogon.exe[712] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[712] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00160600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00160804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Apoint2K\Apoint.exe[840] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Apoint2K\Apoint.exe[840] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Apoint2K\Apoint.exe[840] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Apoint2K\Apoint.exe[840] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00160600
.text C:\Program Files\Apoint2K\Apoint.exe[840] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00160804
.text C:\Program Files\Apoint2K\Apoint.exe[840] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Apoint2K\Apoint.exe[840] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Apoint2K\Apoint.exe[840] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
.text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
.text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
.text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
.text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
.text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00970600
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00970804
.text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00970A08
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 009701F8
.text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 009703FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 000E0600
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 000E0804
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 000E0A08
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000E01F8
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000E03FC
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00CA0600
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00CA0804
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00CA0A08
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 00CA01F8
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 00CA03FC
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00160600
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00160804
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00160A08
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
.text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00260600
.text C:\Windows\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00260804
.text C:\Windows\system32\svchost.exe[1096] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00260A08
.text C:\Windows\system32\svchost.exe[1096] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 002601F8
.text C:\Windows\system32\svchost.exe[1096] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 002603FC
.text C:\Windows\system32\AUDIODG.EXE[1216] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[1236] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxsrvc.exe[1236] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxsrvc.exe[1236] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[1236] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxsrvc.exe[1236] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxsrvc.exe[1236] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxsrvc.exe[1236] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\igfxsrvc.exe[1236] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001903FC
.text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00190600
.text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00191014
.text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00190804
.text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00190A08
.text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00190C0C
.text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00190E10
.text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001901F8
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
 
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00C60600
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00C60804
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00C60A08
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 00C601F8
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 00C603FC
.text C:\Windows\system32\SearchIndexer.exe[1372] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[1372] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[1372] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000F03FC
.text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 000F0600
.text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 000F1014
.text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 000F0804
.text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 000F0A08
.text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 000F0C0C
.text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 000F0E10
.text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000F01F8
.text C:\Windows\system32\SearchIndexer.exe[1372] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00100600
.text C:\Windows\system32\SearchIndexer.exe[1372] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[1372] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[1372] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[1372] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001003FC
.text C:\Windows\system32\taskeng.exe[1392] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[1392] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[1392] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[1392] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00090600
.text C:\Windows\system32\taskeng.exe[1392] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00090804
.text C:\Windows\system32\taskeng.exe[1392] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\taskeng.exe[1392] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskeng.exe[1392] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000903FC
.text C:\Windows\System32\igfxtray.exe[1436] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxtray.exe[1436] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxtray.exe[1436] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[1436] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxtray.exe[1436] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxtray.exe[1436] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxtray.exe[1436] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\igfxtray.exe[1436] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00190600
.text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001901F8
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 000F0804
.text C:\Windows\system32\svchost.exe[1496] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 000F0A08
.text C:\Windows\system32\svchost.exe[1496] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000F01F8
.text C:\Windows\system32\svchost.exe[1496] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000F03FC
.text C:\Windows\System32\hkcmd.exe[1508] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\hkcmd.exe[1508] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Windows\System32\hkcmd.exe[1508] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[1508] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
.text C:\Windows\System32\hkcmd.exe[1508] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
.text C:\Windows\System32\hkcmd.exe[1508] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\hkcmd.exe[1508] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\hkcmd.exe[1508] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00190600
.text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001901F8
.text C:\Windows\System32\igfxpers.exe[1536] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxpers.exe[1536] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxpers.exe[1536] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[1536] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
.text C:\Windows\System32\igfxpers.exe[1536] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
.text C:\Windows\System32\igfxpers.exe[1536] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\igfxpers.exe[1536] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\igfxpers.exe[1536] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
.text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
.text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
.text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
.text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\spoolsv.exe[1576] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1576] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1576] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00220600
.text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00220804
.text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00220A08
.text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 002201F8
.text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 002203FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1692] kernel32.dll!SetUnhandledExceptionFilter 76BBA8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1692] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1700] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[1700] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[1700] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[1700] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[1700] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[1700] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[1700] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[1700] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[1712] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[1712] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[1712] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[1712] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[1712] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[1712] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[1712] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[1712] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] ntdll.dll!LdrUnloadDll 779BB740 3 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] ntdll.dll!LdrUnloadDll + 4 779BB744 1 Byte [88]
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00070804
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!EnableWindow 76ACCD8B 5 Bytes JMP 70889934 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxParamW 76AF10B0 5 Bytes JMP 707E160B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxIndirectParamW 76AF2EF5 5 Bytes JMP 709D605E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxParamA 76B08152 5 Bytes JMP 709D5FF9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxIndirectParamA 76B0847D 5 Bytes JMP 709D60C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxIndirectA 76B1D4D9 5 Bytes JMP 709D5F80 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxIndirectW 76B1D5D3 5 Bytes JMP 709D5F07 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxExA 76B1D639 5 Bytes JMP 709D5EA3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxExW 76B1D65D 5 Bytes JMP 709D5E3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Apoint2K\Apntex.exe[1836] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Apoint2K\Apntex.exe[1836] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Apoint2K\Apntex.exe[1836] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Apoint2K\Apntex.exe[1836] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00160600
.text C:\Program Files\Apoint2K\Apntex.exe[1836] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00160804
.text
 
C:\Program Files\Apoint2K\Apntex.exe[1836] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Apoint2K\Apntex.exe[1836] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Apoint2K\Apntex.exe[1836] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
.text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
.text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
.text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
.text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
.text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[1960] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1960] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1960] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00240600
.text C:\Windows\system32\svchost.exe[1960] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00240804
.text C:\Windows\system32\svchost.exe[1960] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00240A08
.text C:\Windows\system32\svchost.exe[1960] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 002401F8
.text C:\Windows\system32\svchost.exe[1960] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 002403FC
.text C:\Windows\system32\taskeng.exe[2056] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2056] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2056] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2056] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2056] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2056] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2056] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2056] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001601F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001603FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001903FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00190600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00191014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00190804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00190A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00190C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00190E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 001A0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 001A0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001A01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001A03FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001D01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001D03FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 002003FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00200600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00201014
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00200804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00200A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00200C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00200E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 002001F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00210600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00210804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00210A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 002101F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2388] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 002103FC
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
.text
 
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Trademanager\AliIM.exe[2436] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Trademanager\AliIM.exe[2436] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Trademanager\AliIM.exe[2436] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
.text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
.text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
.text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
.text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
.text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00190600
.text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00190804
.text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00190A08
.text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001901F8
.text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001903FC
.text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!SetScrollRange 76ACD185 5 Bytes JMP 61603DD2 C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
.text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!GetScrollInfo 76ACF073 5 Bytes JMP 61603CE0 C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
.text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!ShowScrollBar 76ACF8AE 5 Bytes JMP 61603E01 C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
.text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!SetScrollInfo 76AD71D8 5 Bytes JMP 61603D7C C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
.text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!EnableScrollBar 76AEAF53 5 Bytes JMP 61603CB5 C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
.text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!GetScrollPos 76AF337D 5 Bytes JMP 61603D07 C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
.text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!GetScrollRange 76AF34A5 5 Bytes JMP 61603D31 C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
.text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!SetScrollPos 76AF3602 5 Bytes JMP 61603DA7 C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Secunia\PSI\sua.exe[2480] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000601F8
.text C:\Program Files\Secunia\PSI\sua.exe[2480] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000603FC
.text C:\Program Files\Secunia\PSI\sua.exe[2480] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
.text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
.text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
.text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
.text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
.text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00160600
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00160804
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00160A08
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001601F8
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001603FC
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001903FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001C03FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 001C0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 001C1014
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 001C0804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 001C0A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 001C0C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 001C0E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001C01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 001D0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 001D0804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 001D0A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001D01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2632] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001D03FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00070600
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00070804
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00080600
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00081014
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00080804
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00080A08
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00080C0C
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00080E10
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001603FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00160600
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00161014
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00160804
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00160A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00160C0C
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00160E10
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001601F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2764] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00160600
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00160804
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00160A08
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001601F8
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001603FC
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
.text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\svchost.exe[3060] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3060] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3060] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[3060] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 001B0600
.text C:\Windows\System32\svchost.exe[3060] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 001B0804
.text C:\Windows\System32\svchost.exe[3060] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 001B0A08
.text C:\Windows\System32\svchost.exe[3060] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001B01F8
.text C:\Windows\System32\svchost.exe[3060] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001B03FC
.text C:\Windows\system32\svchost.exe[3120] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3120] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3120] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00160600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00160804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001601F8
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001603FC
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
 
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[3424] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3424] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3424] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3424] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00280600
.text C:\Windows\system32\svchost.exe[3424] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00280804
.text C:\Windows\system32\svchost.exe[3424] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00280A08
.text C:\Windows\system32\svchost.exe[3424] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 002801F8
.text C:\Windows\system32\svchost.exe[3424] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 002803FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001903FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00190600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00191014
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00190804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00190A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00190C0C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00190E10
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001901F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00090600
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00090804
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00090A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[3580] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\java.exe[3592] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000B01F8
.text C:\Windows\system32\java.exe[3592] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000B03FC
.text C:\Windows\system32\java.exe[3592] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000C01F8
.text C:\Windows\system32\java.exe[3592] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00C90600
.text C:\Windows\system32\java.exe[3592] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00C90804
.text C:\Windows\system32\java.exe[3592] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00C90A08
.text C:\Windows\system32\java.exe[3592] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 00C901F8
.text C:\Windows\system32\java.exe[3592] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 00C903FC
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000D03FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 000D0600
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 000D1014
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 000D0804
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 000D0A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 000D0C0C
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 000D0E10
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000D01F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 000E0600
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 000E0804
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 000E0A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000E01F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000E03FC
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000903FC
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00090600
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00091014
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00090804
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00090A08
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00090C0C
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00090E10
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000901F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000903FC
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 003603FC
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00360600
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00361014
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00360804
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00360A08
.text
 
C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00360C0C
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00360E10
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 003601F8
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00370600
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00370804
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00370A08
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 003701F8
.text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 003703FC
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001903FC
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00190600
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00191014
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00190804
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00190A08
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00190C0C
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00190E10
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001901F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] ntdll.dll!LdrUnloadDll 779BB740 3 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] ntdll.dll!LdrUnloadDll + 4 779BB744 1 Byte [88]
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] kernel32.dll!CreateThread 76BDCB2E 5 Bytes JMP 7084723B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 708820C4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!CallNextHookEx 76AC8E3B 5 Bytes JMP 708A7ACF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 708CEA88 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!EnableWindow 76ACCD8B 5 Bytes JMP 70889934 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!DefWindowProcA 76ACDB88 7 Bytes JMP 70849465 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!CreateWindowExA 76ACDC2A 5 Bytes JMP 70853293 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!CreateWindowExW 76AD1305 5 Bytes JMP 708AFEAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!DefWindowProcW 76AE03B4 7 Bytes JMP 708A7B32 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!DialogBoxParamW 76AF10B0 5 Bytes JMP 707E160B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!DialogBoxIndirectParamW 76AF2EF5 5 Bytes JMP 709D605E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!DialogBoxParamA 76B08152 5 Bytes JMP 709D5FF9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!DialogBoxIndirectParamA 76B0847D 5 Bytes JMP 709D60C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!MessageBoxIndirectA 76B1D4D9 5 Bytes JMP 709D5F80 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!MessageBoxIndirectW 76B1D5D3 5 Bytes JMP 709D5F07 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!MessageBoxExA 76B1D639 5 Bytes JMP 709D5EA3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!MessageBoxExW 76B1D65D 5 Bytes JMP 709D5E3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5128] ole32.dll!OleLoadFromStream 76941E80 5 Bytes JMP 709D682D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Windows\System32\notepad.exe[5284] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\notepad.exe[5284] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\notepad.exe[5284] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\notepad.exe[5284] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
.text C:\Windows\System32\notepad.exe[5284] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
.text C:\Windows\System32\notepad.exe[5284] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
.text C:\Windows\System32\notepad.exe[5284] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\System32\notepad.exe[5284] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[5760] KERNEL32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[5928] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[6120] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[6120] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[6120] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[608] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[608] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7483A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74818395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7486CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7480C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 
---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Files - GMER 1.0.15 ----

File Q:\MASTER.LOG 746 bytes
File Q:\$RECYCLE.BIN 0 bytes
File Q:\$RECYCLE.BIN\S-1-5-21-452617041-2393866445-922946053-1000 0 bytes
File Q:\$RECYCLE.BIN\S-1-5-21-452617041-2393866445-922946053-1000\desktop.ini 129 bytes
File Q:\$RECYCLE.BIN\S-1-5-21-452617041-2393866445-922946053-500 0 bytes
File Q:\AUTOMODE 340 bytes
File Q:\BLOCK.RIN 13 bytes
File Q:\boot 0 bytes
File Q:\boot\protect.danish 109124 bytes
File Q:\boot\BCD 28672 bytes
File Q:\boot\BCD.LOG 262144 bytes
File Q:\boot\bcd.LOG1 262144 bytes
File Q:\boot\bcd.LOG2 0 bytes
File Q:\boot\boot.sdi 3170304 bytes
File Q:\boot\BOOTFIX.BIN 1024 bytes
File Q:\boot\BOOTSECT.EXE 87552 bytes executable
File Q:\boot\Desktop.ini 891 bytes
File Q:\boot\ETFSBOOT.COM 2048 bytes
File Q:\boot\Folder.htt 8134 bytes
File Q:\boot\FONTS 0 bytes
File Q:\boot\FONTS\CHS_BOOT.TTF 3694080 bytes
File Q:\boot\FONTS\CHT_BOOT.TTF 3876772 bytes
File Q:\boot\FONTS\JPN_BOOT.TTF 1984228 bytes
File Q:\boot\FONTS\KOR_BOOT.TTF 2371360 bytes
File Q:\boot\FONTS\WGL4_BOOT.TTF 47452 bytes
File Q:\boot\memtest.exe 385024 bytes executable
File Q:\boot\protect.chinese hong kong 109342 bytes
File Q:\boot\protect.chinese simplified 109360 bytes
File Q:\boot\protect.chinese traditional 109342 bytes
File Q:\boot\protect.czech 111653 bytes
File Q:\boot\protect.dutch 109049 bytes
File Q:\boot\Protect.ed 109092 bytes
File Q:\boot\protect.english 109092 bytes
File Q:\boot\protect.finnish 109092 bytes
File Q:\boot\protect.french 109060 bytes
File Q:\boot\protect.german 109094 bytes
File Q:\boot\protect.greek 112541 bytes
File Q:\boot\protect.hebrew 112375 bytes
File Q:\boot\protect.hungarian 111475 bytes
File Q:\boot\protect.italian 108979 bytes
File Q:\boot\protect.japanese 109795 bytes
File Q:\boot\protect.korean 109487 bytes
File Q:\boot\protect.norwegian 111402 bytes
File Q:\boot\protect.polish 111585 bytes
File Q:\boot\protect.portuguese 111448 bytes
File Q:\boot\protect.portuguese brazilian 111697 bytes
File Q:\boot\protect.russian 163804 bytes
File Q:\boot\protect.spanish 109016 bytes
File Q:\boot\protect.swedish 111445 bytes
File Q:\boot\protect.turkish 111598 bytes
File Q:\bootmgr 438328 bytes
File Q:\Desktop.ini 891 bytes
File Q:\Folder.htt 8134 bytes
File Q:\HP 0 bytes
File Q:\HP\protect.japanese 109795 bytes
File Q:\HP\Desktop.ini 891 bytes
File Q:\HP\Folder.htt 8134 bytes
File Q:\HP\protect.chinese hong kong 109342 bytes
File Q:\HP\protect.chinese simplified 109360 bytes
File Q:\HP\protect.chinese traditional 109342 bytes
File Q:\HP\protect.czech 111653 bytes
File Q:\HP\protect.danish 109124 bytes
File Q:\HP\protect.dutch 109049 bytes
File Q:\HP\Protect.ed 109092 bytes
File Q:\HP\protect.english 109092 bytes
File Q:\HP\protect.finnish 109092 bytes
File Q:\HP\protect.french 109060 bytes
File Q:\HP\protect.german 109094 bytes
File Q:\HP\protect.greek 112541 bytes
File Q:\HP\protect.hebrew 112375 bytes
File Q:\HP\protect.hungarian 111475 bytes
File Q:\HP\protect.italian 108979 bytes
File Q:\HP\protect.korean 109487 bytes
File Q:\HP\protect.norwegian 111402 bytes
File Q:\HP\protect.polish 111585 bytes
File Q:\HP\protect.portuguese 111448 bytes
File Q:\HP\protect.portuguese brazilian 111697 bytes
File Q:\HP\protect.russian 163804 bytes
File Q:\HP\protect.spanish 109016 bytes
File Q:\HP\protect.swedish 111445 bytes
File Q:\HP\protect.turkish 111598 bytes
File Q:\HP\RECOVERY 0 bytes
File Q:\HP\RECOVERY\COMPAQ 0 bytes
File Q:\HP\RECOVERY\LOGS 0 bytes
File Q:\HP\RECOVERY\MULTI.FLG 17 bytes
File Q:\HP\RECOVERY\REIMAGE.FLG 24 bytes
File Q:\HP\RECOVERY\RestoreWiz.exe 2497672 bytes executable
File Q:\HP\RECOVERY\Skin.smf 734207 bytes
File Q:\preload 0 bytes
File Q:\preload\protect.hebrew 112375 bytes
File Q:\preload\BASE.DAT 120 bytes
File Q:\preload\BASE.WIM 1271738760 bytes
File Q:\preload\CD0 36 bytes
File Q:\preload\CSP.DAT 840 bytes
File Q:\preload\Desktop.ini 891 bytes
File Q:\preload\Folder.htt 8134 bytes
File Q:\preload\protect.chinese hong kong 109342 bytes
File Q:\preload\protect.chinese simplified 109360 bytes
File Q:\preload\protect.chinese traditional 109342 bytes
File Q:\preload\protect.czech 111653 bytes
File Q:\preload\protect.danish 109124 bytes
File Q:\preload\protect.dutch 109049 bytes
File Q:\preload\Protect.ed 109092 bytes
File Q:\preload\protect.english 109092 bytes
File Q:\preload\protect.finnish 109092 bytes
File Q:\preload\protect.french 109060 bytes
File Q:\preload\protect.german 109094 bytes
File Q:\preload\protect.greek 112541 bytes
File Q:\preload\protect.hungarian 111475 bytes
File Q:\preload\protect.italian 108979 bytes
File Q:\preload\protect.japanese 109795 bytes
File Q:\preload\protect.korean 109487 bytes
File Q:\preload\protect.norwegian 111402 bytes
File Q:\preload\protect.polish 111585 bytes
File Q:\preload\protect.portuguese 111448 bytes
File Q:\preload\protect.portuguese brazilian 111697 bytes
File Q:\preload\protect.russian 163804 bytes
File Q:\preload\protect.spanish 109016 bytes
File Q:\preload\protect.swedish 111445 bytes
File Q:\preload\protect.turkish 111598 bytes
File Q:\protect.chinese hong kong 109342 bytes
File Q:\protect.chinese simplified 109360 bytes
File Q:\protect.chinese traditional 109342 bytes
File Q:\protect.czech 111653 bytes
File Q:\protect.danish 109124 bytes
File Q:\protect.dutch 109049 bytes
File Q:\protect.ed 109092 bytes
File Q:\protect.english 109092 bytes
File Q:\protect.finnish 109092 bytes
File Q:\protect.french 109060 bytes
File Q:\protect.german 109094 bytes
File Q:\protect.greek 112541 bytes
File Q:\protect.hebrew 112375 bytes
File Q:\protect.hungarian 111475 bytes
File Q:\protect.italian 108979 bytes
File Q:\protect.japanese 109795 bytes
File Q:\protect.korean 109487 bytes
File Q:\protect.norwegian 111402 bytes
File Q:\protect.polish 111585 bytes
File Q:\protect.portuguese 111448 bytes
 
File Q:\protect.portuguese brazilian 111697 bytes
File Q:\protect.russian 163804 bytes
File Q:\protect.spanish 109016 bytes
File Q:\protect.swedish 111445 bytes
File Q:\protect.turkish 111598 bytes
File Q:\RECOVERY 0 bytes
File Q:\RECOVERY\protect.hungarian 111475 bytes
File Q:\RECOVERY\Desktop.ini 891 bytes
File Q:\RECOVERY\Folder.htt 8134 bytes
File Q:\RECOVERY\protect.chinese hong kong 109342 bytes
File Q:\RECOVERY\protect.chinese simplified 109360 bytes
File Q:\RECOVERY\protect.chinese traditional 109342 bytes
File Q:\RECOVERY\protect.czech 111653 bytes
File Q:\RECOVERY\protect.danish 109124 bytes
File Q:\RECOVERY\protect.dutch 109049 bytes
File Q:\RECOVERY\protect.ed 109092 bytes
File Q:\RECOVERY\protect.english 109092 bytes
File Q:\RECOVERY\protect.finnish 109092 bytes
File Q:\RECOVERY\protect.french 109060 bytes
File Q:\RECOVERY\protect.german 109094 bytes
File Q:\RECOVERY\protect.greek 112541 bytes
File Q:\RECOVERY\protect.hebrew 112375 bytes
File Q:\RECOVERY\protect.italian 108979 bytes
File Q:\RECOVERY\protect.japanese 109795 bytes
File Q:\RECOVERY\protect.korean 109487 bytes
File Q:\RECOVERY\protect.norwegian 111402 bytes
File Q:\RECOVERY\protect.polish 111585 bytes
File Q:\RECOVERY\protect.portuguese 111448 bytes
File Q:\RECOVERY\protect.portuguese brazilian 111697 bytes
File Q:\RECOVERY\protect.russian 163804 bytes
File Q:\RECOVERY\protect.spanish 109016 bytes
File Q:\RECOVERY\protect.swedish 111445 bytes
File Q:\RECOVERY\protect.turkish 111598 bytes
File Q:\SOURCES 0 bytes
File Q:\SOURCES\protect.italian 108979 bytes
File Q:\SOURCES\boot.wim 192466691 bytes
File Q:\SOURCES\Desktop.ini 891 bytes
File Q:\SOURCES\Folder.htt 8134 bytes
File Q:\SOURCES\protect.chinese hong kong 109342 bytes
File Q:\SOURCES\protect.chinese simplified 109360 bytes
File Q:\SOURCES\protect.chinese traditional 109342 bytes
File Q:\SOURCES\protect.czech 111653 bytes
File Q:\SOURCES\protect.danish 109124 bytes
File Q:\SOURCES\protect.dutch 109049 bytes
File Q:\SOURCES\Protect.ed 109092 bytes
File Q:\SOURCES\protect.english 109092 bytes
File Q:\SOURCES\protect.finnish 109092 bytes
File Q:\SOURCES\protect.french 109060 bytes
File Q:\SOURCES\protect.german 109094 bytes
File Q:\SOURCES\protect.greek 112541 bytes
File Q:\SOURCES\protect.hebrew 112375 bytes
File Q:\SOURCES\protect.hungarian 111475 bytes
File Q:\SOURCES\protect.japanese 109795 bytes
File Q:\SOURCES\protect.korean 109487 bytes
File Q:\SOURCES\protect.norwegian 111402 bytes
File Q:\SOURCES\protect.polish 111585 bytes
File Q:\SOURCES\protect.portuguese 111448 bytes
File Q:\SOURCES\protect.portuguese brazilian 111697 bytes
File Q:\SOURCES\protect.russian 163804 bytes
File Q:\SOURCES\protect.spanish 109016 bytes
File Q:\SOURCES\protect.swedish 111445 bytes
File Q:\SOURCES\protect.turkish 111598 bytes
File Q:\SOURCES\SOFTTHINKS 44 bytes
File Q:\System Volume Information 0 bytes
File Q:\System Volume Information\Desktop.ini 891 bytes
File Q:\System Volume Information\Folder.htt 8134 bytes
File Q:\System Volume Information\MountPointManagerRemoteDatabase 0 bytes
File Q:\System Volume Information\protect.chinese hong kong 109342 bytes
File Q:\System Volume Information\protect.chinese simplified 109360 bytes
File Q:\System Volume Information\protect.chinese traditional 109342 bytes
File Q:\System Volume Information\protect.czech 111653 bytes
File Q:\System Volume Information\protect.danish 109124 bytes
File Q:\System Volume Information\protect.dutch 109049 bytes
File Q:\System Volume Information\Protect.ed 109092 bytes
File Q:\System Volume Information\protect.english 109092 bytes
File Q:\System Volume Information\protect.finnish 109092 bytes
File Q:\System Volume Information\protect.french 109060 bytes
File Q:\System Volume Information\protect.german 109094 bytes
File Q:\System Volume Information\protect.greek 112541 bytes
File Q:\System Volume Information\protect.hebrew 112375 bytes
File Q:\System Volume Information\protect.hungarian 111475 bytes
File Q:\System Volume Information\protect.japanese 109795 bytes
File Q:\System Volume Information\protect.korean 109487 bytes
File Q:\System Volume Information\protect.norwegian 111402 bytes
File Q:\System Volume Information\protect.polish 111585 bytes
File Q:\System Volume Information\protect.portuguese 111448 bytes
File Q:\System Volume Information\protect.portuguese brazilian 111697 bytes
File Q:\System Volume Information\protect.russian 163804 bytes
File Q:\System Volume Information\protect.spanish 109016 bytes
File Q:\System Volume Information\protect.swedish 111445 bytes
File Q:\System Volume Information\protect.turkish 111598 bytes
File Q:\System Volume Information\SPP 0 bytes
File Q:\System Volume Information\{212f30cc-0a1c-11e1-ab61-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 15007744 bytes
File Q:\System Volume Information\{24d4da0b-0c0b-11e1-8f53-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 14401536 bytes
File Q:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 65536 bytes
File Q:\System Volume Information\protect.italian 108979 bytes
File Q:\System Volume Information\tracking.log 20480 bytes
File Q:\System Volume Information\{89cc95e2-0db1-11e1-9218-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 15106048 bytes
File Q:\System Volume Information\{af94ca6b-1124-11e1-a075-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 14860288 bytes
File Q:\System Volume Information\{b53d550b-15e9-11e1-b884-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 15024128 bytes
File Q:\System Volume Information\{decd3976-1201-11e1-a04c-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 15040512 bytes
File Q:\System Volume Information\{f25f63ea-0ed2-11e1-9f2e-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 19890176 bytes
File Q:\System Volume Information\{f7e266e3-177a-11e1-a0bd-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 314572800 bytes
File Q:\Tools 0 bytes
File Q:\Tools\protect.greek 112541 bytes
File Q:\Tools\Desktop.ini 891 bytes
File Q:\Tools\Flags 0 bytes
File Q:\Tools\Flags\BASE.DAT 120 bytes
File Q:\Tools\Flags\BASE.INP 0 bytes
File Q:\Tools\Flags\CD0 36 bytes
File Q:\Tools\Folder.htt 8134 bytes
File Q:\Tools\protect.chinese hong kong 109342 bytes
File Q:\Tools\protect.chinese simplified 109360 bytes
File Q:\Tools\protect.chinese traditional 109342 bytes
File Q:\Tools\protect.czech 111653 bytes
File Q:\Tools\protect.danish 109124 bytes
File Q:\Tools\protect.dutch 109049 bytes
File Q:\Tools\Protect.ed 109092 bytes
File Q:\Tools\protect.english 109092 bytes
File Q:\Tools\protect.finnish 109092 bytes
File Q:\Tools\protect.french 109060 bytes
File Q:\Tools\protect.german 109094 bytes
File Q:\Tools\protect.hebrew 112375 bytes
File Q:\Tools\protect.hungarian 111475 bytes
File Q:\Tools\protect.italian 108979 bytes
File Q:\Tools\protect.japanese 109795 bytes
File Q:\Tools\protect.korean 109487 bytes
File Q:\Tools\protect.norwegian 111402 bytes
File Q:\Tools\protect.polish 111585 bytes
File Q:\Tools\protect.portuguese 111448 bytes
File Q:\Tools\protect.portuguese brazilian 111697 bytes
File Q:\Tools\protect.russian 163804 bytes
File Q:\Tools\protect.spanish 109016 bytes
File Q:\Tools\protect.swedish 111445 bytes
File Q:\Tools\protect.turkish 111598 bytes
File Q:\USER 0 bytes
File Q:\WINDOWS 0 bytes
File Q:\WINDOWS\protect.japanese 109795 bytes
File Q:\WINDOWS\Desktop.ini 891 bytes
File Q:\WINDOWS\Folder.htt 8134 bytes
File Q:\WINDOWS\protect.chinese hong kong 109342 bytes
File Q:\WINDOWS\protect.chinese simplified 109360 bytes
File Q:\WINDOWS\protect.chinese traditional 109342 bytes
File Q:\WINDOWS\protect.czech 111653 bytes
File Q:\WINDOWS\protect.danish 109124 bytes
File Q:\WINDOWS\protect.dutch 109049 bytes
File Q:\WINDOWS\Protect.ed 109092 bytes
File Q:\WINDOWS\protect.english 109092 bytes
File Q:\WINDOWS\protect.finnish 109092 bytes
File Q:\WINDOWS\protect.french 109060 bytes
File Q:\WINDOWS\protect.german 109094 bytes
File Q:\WINDOWS\protect.greek 112541 bytes
File Q:\WINDOWS\protect.hebrew 112375 bytes
File Q:\WINDOWS\protect.hungarian 111475 bytes
File Q:\WINDOWS\protect.italian 108979 bytes
File Q:\WINDOWS\protect.korean 109487 bytes
File Q:\WINDOWS\protect.norwegian 111402 bytes
File Q:\WINDOWS\protect.polish 111585 bytes
File Q:\WINDOWS\protect.portuguese 111448 bytes
File Q:\WINDOWS\protect.portuguese brazilian 111697 bytes
File Q:\WINDOWS\protect.russian 163804 bytes
File Q:\WINDOWS\protect.spanish 109016 bytes
File Q:\WINDOWS\protect.swedish 111445 bytes
File Q:\WINDOWS\protect.turkish 111598 bytes
File Q:\WINDOWS\SYSTEM32 0 bytes
File Q:\WINDOWS\SYSTEM32\BCD_FINAL_RP.LOG 28672 bytes
File Q:\WINDOWS\SYSTEM32\BCD_FINAL_RP_TXT.LOG 3431 bytes
File Q:\WINDOWS\SYSTEM32\BCD_Manipulation_RP.log 3785 bytes
File Q:\WINDOWS\SYSTEM32\BOOT_WIM_RP.LOG 1605 bytes
File Q:\WINDOWS\SYSTEM32\CreatePage.log 194 bytes
File Q:\WINDOWS\SYSTEM32\preload.LOG 2015 bytes
File Q:\WINDOWS\SYSTEM32\REIMAGE.LOG 3082 bytes
File Q:\WINDOWS\SYSTEM32\Restore7.exe.LOG 35180 bytes
File Q:\WINDOWS\SYSTEM32\SSRDServiceKey.LOG 157 bytes
File Q:\WINDOWS\SYSTEM32\STFramework.LOG 3324 bytes
File Q:\WINDOWS\SYSTEM32\STVdsDisks.log 2112 bytes
File Q:\WINDOWS\SYSTEM32\ST_LOG.LOG 116 bytes
File Q:\WINDOWS\SYSTEM32\WINRELauncher.exe.LOG 8152 bytes
File Q:\WINDOWS\SYSTEM32\wpeinit.log 4334 bytes

---- EOF - GMER 1.0.15 ----
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Here it is...

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-25 22:12:49
-----------------------------
22:12:49.164 OS Version: Windows 6.0.6002 Service Pack 2
22:12:49.164 Number of processors: 2 586 0xF0D
22:12:49.164 ComputerName: MONEYISDAOBJSON UserName: MoneyIsDaObject
22:12:53.017 Initialize success
22:12:53.953 AVAST engine defs: 11112501
22:13:05.138 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:13:05.138 Disk 0 Vendor: ST925031 0001 Size: 238475MB BusType: 3
22:13:06.183 Disk 0 MBR read successfully
22:13:06.199 Disk 0 MBR scan
22:13:06.199 Disk 0 Windows XP default MBR code
22:13:06.542 Disk 0 scanning sectors +488392065
22:13:07.821 Disk 0 scanning C:\Windows\system32\drivers
22:16:29.467 Service scanning
22:16:31.823 Modules scanning
22:19:56.183 Disk 0 trace - called modules:
22:19:56.323 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
22:19:56.323 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8595b500]
22:19:56.339 3 CLASSPNP.SYS[883a18b3] -> nt!IofCallDriver -> [0x84472958]
22:19:56.354 5 acpi.sys[8069b6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84474028]
22:19:57.618 AVAST engine scan C:\Windows
22:22:54.854 AVAST engine scan C:\Windows\system32
22:54:57.525 AVAST engine scan C:\Windows\system32\drivers
23:01:25.582 AVAST engine scan C:\Users\MoneyIsDaObject
05:03:00.261 AVAST engine scan C:\ProgramData
05:59:32.262 Scan finished successfully
12:27:34.352 Disk 0 MBR has been saved successfully to "C:\Users\MoneyIsDaObject\Desktop\MBR.dat"
12:27:34.414 The log file has been saved successfully to "C:\Users\MoneyIsDaObject\Desktop\aswMBR.txt"


ComboFix 11-11-26.04 - MoneyIsDaObject 11/26/2011 12:52:41.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.932 [GMT -5:00]
Running from: c:\users\MoneyIsDaObject\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 18:09 . 2011-11-26 18:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-26 18:09 . 2011-11-26 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-09 00:10 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 00:10 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 00:09 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 05:36 . 2011-11-08 05:36 -------- d-----w- c:\users\Default\AppData\Roaming\hpqLog
2011-11-08 05:34 . 2011-11-08 05:34 -------- d-----w- c:\windows\QLB
2011-11-07 21:43 . 2011-11-07 21:43 -------- d-----w- c:\users\MoneyIsDaObject\AppData\Roaming\GTek
2011-11-03 01:58 . 2011-11-03 01:58 -------- d-----w- c:\programdata\Apple Computer
2011-11-03 00:45 . 2011-11-18 01:07 -------- d-----w- c:\users\MoneyIsDaObject\AppData\Local\Akamai
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 14:01 . 2011-05-17 14:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 09:06 . 2010-09-08 04:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-06 20:45 . 2011-09-11 22:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-09-11 22:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-09-11 22:45 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-09-11 22:45 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-09-11 22:45 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-09-11 22:45 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-09-11 22:45 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-09-11 22:45 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 13:30 . 2011-10-12 23:08 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-13 19:49 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-13 19:49 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-13 19:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 21:00 . 2010-09-17 13:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-06-23 160328]
"aliim"="c:\program files\Trademanager\aliim.exe" [2011-08-19 214976]
"Akamai NetSession Interface"="c:\users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-21 217088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 451896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Linksys EasyLink Advisor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Linksys EasyLink Advisor.lnk
backup=c:\windows\pss\Linksys EasyLink Advisor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Public^Documents^Windows^Adobe Gamma.lnk]
path=c:\users\Public\Documents\Windows\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Public^Documents^Windows^ERUNT AutoBackup.lnk]
path=c:\users\Public\Documents\Windows\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-09 23:28 136176 ----atw- c:\users\MoneyIsDaObject\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-01 23:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 19:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-08-31 21:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-03-28 204800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 15:39]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 15:39]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-452617041-2393866445-922946053-1000Core.job
- c:\users\MoneyIsDaObject\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 23:28]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-452617041-2393866445-922946053-1000UA.job
- c:\users\MoneyIsDaObject\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 23:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 205.152.144.23 205.152.132.23 205.152.144.23 205.152.132.23 192.168.1.1
FF - ProfilePath - c:\users\MoneyIsDaObject\AppData\Roaming\Mozilla\Firefox\Profiles\5ze65ihb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111113&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 13:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4200)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2011-11-26 13:19:56
ComboFix-quarantined-files.txt 2011-11-26 18:19
.
Pre-Run: 125,263,589,376 bytes free
Post-Run: 125,458,288,640 bytes free
.
- - End Of File - - E0BFD17FC6663B89D8D585A8255BBA94
 
All looks clean.

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back