Computer running slow, possible virus again

Inactive
By dobysport55
Nov 25, 2011
  1. Hi,

    My comp is running slow and I might have a virus...again.

    I ran ESET scans and found two trojan associated with gaming websites.
    Also my computer is running very slow. Especially on Chrome (which has been
    my fastest running browser)

    Here is my info...

    My GMER is really long.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8235

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    11/25/2011 4:49:39 PM
    mbam-log-2011-11-25 (16-49-39).txt

    Scan type: Quick scan
    Objects scanned: 189377
    Time elapsed: 16 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by MoneyIsDaObject at 21:16:52 on 2011-11-25
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.829 [GMT -5:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files\Trademanager\AliIM.exe
    C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Windows\system32\java.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Apoint2K\Apntex.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://yahoo.com/
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    uRun: [aliim] c:\program files\trademanager\aliim.exe
    uRun: [Google Update] "c:\users\moneyisdaobject\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Akamai NetSession Interface] c:\users\moneyisdaobject\appdata\local\akamai\netsession_win.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: taobao.com
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 205.152.144.23 205.152.132.23 205.152.144.23 205.152.132.23 192.168.1.1
    TCP: Interfaces\{17326E47-A1BC-4B5A-926E-7F3F39042A46} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EE86D58F-A459-4265-9B67-2674BEB79697} : DhcpNameServer = 205.152.144.23 205.152.132.23 205.152.144.23 205.152.132.23 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\moneyisdaobject\appdata\roaming\mozilla\firefox\profiles\5ze65ihb.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111113&q=
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\trademanager\npwangwang.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\moneyisdaobject\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\users\moneyisdaobject\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\moneyisdaobject\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-11 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-11 320856]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-11 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-11 54616]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-11 44768]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-3-28 204800]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-12 1153368]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-11-8 227896]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-8 136176]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-8 136176]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-17 22216]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-17 366152]
    .
    =============== Created Last 30 ================
    .
    2011-11-09 00:10:03 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-11-09 00:10:00 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 00:09:59 707584 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-08 05:34:25 -------- d-----w- c:\windows\QLB
    2011-11-03 00:45:29 -------- d-----w- c:\users\moneyisdaobject\appdata\local\Akamai
    .
    ==================== Find3M ====================
    .
    2011-11-16 14:01:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 21:18:34.33 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/8/2010 2:32:57 AM
    System Uptime: 11/25/2011 1:17:49 PM (8 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30D9
    Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | CPU | 800/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 221 GiB total, 116.683 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.618 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP400: 10/29/2011 8:26:21 PM - Scheduled Checkpoint
    RP401: 11/1/2011 6:00:19 PM - Scheduled Checkpoint
    RP402: 11/4/2011 10:49:49 PM - Scheduled Checkpoint
    RP403: 11/6/2011 4:22:10 PM - Scheduled Checkpoint
    RP405: 11/7/2011 10:02:52 AM - Installed Router
    RP407: 11/7/2011 1:45:02 PM - Installed Router
    RP409: 11/7/2011 3:03:37 PM - Installed Router
    RP411: 11/7/2011 4:29:33 PM - Installed Router
    RP412: 11/8/2011 12:32:30 AM - Windows Update
    RP413: 11/9/2011 1:23:47 AM - Windows Update
    RP414: 11/11/2011 12:48:39 AM - Scheduled Checkpoint
    RP415: 11/13/2011 3:00:11 AM - Windows Update
    RP416: 11/14/2011 11:38:22 AM - Scheduled Checkpoint
    RP417: 11/17/2011 2:42:16 PM - Scheduled Checkpoint
    RP418: 11/19/2011 1:39:12 PM - Scheduled Checkpoint
    RP419: 11/23/2011 11:31:00 PM - Scheduled Checkpoint
    RP420: 11/25/2011 1:55:24 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Community Help
    Adobe CSI CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Help Center 2.1
    Adobe Media Player
    Adobe Photoshop CS2
    Adobe Reader X (10.1.1)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player
    Adobe Shockwave Player 11.6
    Adobe Stock Photos 1.0
    Adobe Update Manager CS4
    AI RoboForm (All Users)
    AIM 7
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Apple Application Support
    Apple Software Update
    Atheros Driver Installation Program
    Audacity 1.2.6
    avast! Free Antivirus
    BitTorrent
    BufferChm
    Camtasia Studio 7
    Cards_Calendar_OrderGift_DoMorePlugout
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    Connect
    Content Bully
    Copy
    CustomerResearchQFolder
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Setup
    DJ_AIO_03_F4200_Software
    DJ_AIO_03_F4200_Software_Min
    eSupportQFolder
    FileZilla Client 3.5.1
    Google Chrome
    Google Earth Plug-in
    Google Talk Plugin
    Google Update Helper
    GoToMeeting 5.0.0.799
    GPBaseService
    GPBaseService2
    HamsterFreeVideoConverter
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hewlett-Packard Active Check
    Hewlett-Packard Asset Agent for Health Check
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Participation Program 11.0
    HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
    HP Doc Viewer
    HP DVD Play 3.6
    HP Easy Setup - Frontend
    HP Help and Support
    HP Imaging Device Functions 11.0
    HP Photosmart Essential 2.5
    HP Photosmart Essential 3.0
    HP Quick Launch Buttons
    HP Smart Web Printing
    HP Solution Center 13.0
    HP Total Care Advisor
    HP Update
    HP User Guides 0093
    HP Wireless Assistant
    HPDiagnosticAlert
    HPNetworkAssistant
    HPProductAssistant
    HPSSupply
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    Intel(R) TV Wizard
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    kuler
    Linksys EasyLink Advisor
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Corporation
    Microsoft LifeCam
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox (3.6.24)
    MSVCRT
    MSVCSetup
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.1
    My HP Games
    NetWaiting
    OGA Notifier 2.0.0048.0
    PokerStars
    Power2Go
    PowerDirector
    PSSWCORE
    Pure Networks Platform
    QLBCASL
    QuickPlay SlingPlayer 0.4.6
    QuickTime
    Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
    S3 Browser version 2.9.2
    Scan
    Secunia PSI (2.0.0.3003)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Excel 2010 (KB2553070)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Segoe UI
    Shop for HP Supplies
    Skype Toolbars
    Skype™ 5.3
    SmartWebPrinting
    Snagit 10
    SolutionCenter
    Spybot - Search & Destroy
    Status
    Suite Shared Configuration CS4
    Toolbox
    Touch Pad Driver
    TradeManager 2011 Beta2
    TrayApp
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    VC80CRTRedist - 8.0.50727.6195
    VideoToolkit01
    WeatherBug Gadget
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Xvid 1.2.1 final uninstall
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/25/2011 4:27:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
    11/25/2011 10:37:38 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    11/21/2011 5:40:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    11/19/2011 5:00:13 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001F3AAB45B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
  2. dobysport55

    dobysport55 Newcomer, in training Topic Starter Posts: 94

    Here is my GMER
    Like I said its realy long...

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-25 20:52:27
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0001
    Running: b3wq2iys.exe; Driver: C:\Users\MONEYI~1\AppData\Local\Temp\kwtyapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D4DA374]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D4DC996]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D4DC9EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D4DCB04]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D4DC8EC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D4DCA3E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D4DC940]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D4DCAB2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D4DA398]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D4DA162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D4DA3BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D4DCEFC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D4DAE54]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D4DC9C6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D4DCA16]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D4DCB2E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D4DC918]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D4DCA7E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D4DC96E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D4DCADC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D4DAD1A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D4DA3E0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D4DA404]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D4DA1BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D4DA2F8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D4DA2D4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D4DA31C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D4DA428]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D9079A6]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 10D 822BD890 4 Bytes [74, A3, 4D, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 1D1 822BD954 8 Bytes [96, C9, 4D, 8D, EE, C9, 4D, ...]
    .text ntkrnlpa.exe!KeSetEvent + 1DD 822BD960 4 Bytes [04, CB, 4D, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 822BD978 4 Bytes [EC, C8, 4D, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 215 822BD998 8 Bytes [3E, CA, 4D, 8D, 40, C9, 4D, ...]
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 823E862F 5 Bytes JMP 8D9033DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 82441543 5 Bytes JMP 8D904E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8244AE68 4 Bytes CALL 8D4DB4C5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8244EADC 4 Bytes CALL 8D4DB4DB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 824A2DCA 7 Bytes JMP 8D9079AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text win32k.sys!EngCreateRectRgn + 4537 8FA9FC90 5 Bytes JMP 8D4DD5E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + C20 8FAB8EC9 5 Bytes JMP 8D4DDFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTransparentBlt + 4A1 8FAB9CB5 5 Bytes JMP 8D4DE118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTransparentBlt + 8C03 8FAC2417 5 Bytes JMP 8D4DCF32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 616 8FAC336E 5 Bytes JMP 8D4DDD7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 30F6 8FACEAA7 5 Bytes JMP 8D4DD4BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 4569 8FACFF1A 5 Bytes JMP 8D4DD0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 119BE 8FAE9A45 5 Bytes JMP 8D4DD326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 11A12 8FAE9A99 5 Bytes JMP 8D4DD4CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 377F 8FB10A7E 5 Bytes JMP 8D4DDD0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 60DE 8FB133DD 5 Bytes JMP 8D4DCFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMulDiv + 4D3F 8FB19D2E 5 Bytes JMP 8D4DD14A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBlt + 2B42 8FB241CC 5 Bytes JMP 8D4DE1BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStrokePath + 5FF 8FB270B4 5 Bytes JMP 8D4DD016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngNineGrid + 81C 8FB454D5 5 Bytes JMP 8D4DDEFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngNineGrid + 6EC2 8FB4BB7B 5 Bytes JMP 8D4DDD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + B0F 8FB4F2EA 5 Bytes JMP 8D4DDE48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!STROBJ_vEnumStart + 4728 8FB56C09 5 Bytes JMP 8D4DD096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + E80 8FB751A4 5 Bytes JMP 8D4DD254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!CLIPOBJ_bEnum + 248 8FB7AA22 5 Bytes JMP 8D4DD1AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 26D9 8FB7E55A 5 Bytes JMP 8D4DE070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + A0F 8FB9CA67 5 Bytes JMP 8D4DD1E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + D229 8FBA9281 5 Bytes JMP 8D4DD28E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001601F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001603FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[496] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\csrss.exe[520] KERNEL32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[556] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[556] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[556] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\wininit.exe[564] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[564] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[564] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00060600
    .text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\wininit.exe[564] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\wininit.exe[564] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\csrss.exe[576] KERNEL32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\services.exe[608] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\services.exe[608] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\services.exe[608] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\services.exe[608] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\services.exe[608] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\services.exe[608] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\services.exe[608] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\services.exe[608] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsass.exe[620] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsass.exe[620] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsass.exe[620] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
  3. dobysport55

    dobysport55 Newcomer, in training Topic Starter Posts: 94

    C:\Windows\system32\lsass.exe[620] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\lsass.exe[620] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\lsass.exe[620] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\lsass.exe[620] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\lsass.exe[620] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsm.exe[632] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000901F8
    .text C:\Windows\system32\lsm.exe[632] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000903FC
    .text C:\Windows\system32\lsm.exe[632] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 000C0600
    .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 000C1014
    .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 000C0804
    .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 000C0C0C
    .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 000C0E10
    .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000C01F8
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[700] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[712] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[712] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[712] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00060600
    .text C:\Windows\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\winlogon.exe[712] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\winlogon.exe[712] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\winlogon.exe[712] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000603FC
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00160600
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00160804
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00160A08
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001601F8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001603FC
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[780] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Apoint2K\Apoint.exe[840] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
    .text C:\Program Files\Apoint2K\Apoint.exe[840] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
    .text C:\Program Files\Apoint2K\Apoint.exe[840] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Apoint2K\Apoint.exe[840] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00160600
    .text C:\Program Files\Apoint2K\Apoint.exe[840] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00160804
    .text C:\Program Files\Apoint2K\Apoint.exe[840] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00160A08
    .text C:\Program Files\Apoint2K\Apoint.exe[840] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001601F8
    .text C:\Program Files\Apoint2K\Apoint.exe[840] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001603FC
    .text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Apoint2K\Apoint.exe[840] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
    .text C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000901F8
    .text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00970600
    .text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00970804
    .text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00970A08
    .text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 009701F8
    .text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 009703FC
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1048] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
    .text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 000E0600
    .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 000E0804
    .text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 000E0A08
    .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000E01F8
    .text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000E03FC
    .text C:\Windows\System32\svchost.exe[1084] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00CA0600
    .text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00CA0804
    .text C:\Windows\System32\svchost.exe[1084] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00CA0A08
    .text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 00CA01F8
    .text C:\Windows\System32\svchost.exe[1084] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 00CA03FC
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00160600
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00160804
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00160A08
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001601F8
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001603FC
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\HP\QuickPlay\QPService.exe[1092] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
    .text C:\Windows\system32\svchost.exe[1096] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1096] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00260600
    .text C:\Windows\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00260804
    .text C:\Windows\system32\svchost.exe[1096] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00260A08
    .text C:\Windows\system32\svchost.exe[1096] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 002601F8
    .text C:\Windows\system32\svchost.exe[1096] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 002603FC
    .text C:\Windows\system32\AUDIODG.EXE[1216] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\igfxsrvc.exe[1236] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Windows\system32\igfxsrvc.exe[1236] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Windows\system32\igfxsrvc.exe[1236] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\igfxsrvc.exe[1236] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
    .text C:\Windows\system32\igfxsrvc.exe[1236] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
    .text C:\Windows\system32\igfxsrvc.exe[1236] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
    .text C:\Windows\system32\igfxsrvc.exe[1236] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
    .text C:\Windows\system32\igfxsrvc.exe[1236] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001903FC
    .text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00190600
    .text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00191014
    .text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00190804
    .text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00190A08
    .text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00190C0C
    .text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00190E10
    .text C:\Windows\system32\igfxsrvc.exe[1236] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001901F8
    .text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
  4. dobysport55

    dobysport55 Newcomer, in training Topic Starter Posts: 94

    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1276] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00C60600
    .text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00C60804
    .text C:\Windows\system32\svchost.exe[1304] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00C60A08
    .text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 00C601F8
    .text C:\Windows\system32\svchost.exe[1304] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 00C603FC
    .text C:\Windows\system32\SearchIndexer.exe[1372] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\SearchIndexer.exe[1372] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\SearchIndexer.exe[1372] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000F03FC
    .text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 000F0600
    .text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 000F1014
    .text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 000F0804
    .text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 000F0A08
    .text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 000F0C0C
    .text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 000F0E10
    .text C:\Windows\system32\SearchIndexer.exe[1372] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000F01F8
    .text C:\Windows\system32\SearchIndexer.exe[1372] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00100600
    .text C:\Windows\system32\SearchIndexer.exe[1372] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00100804
    .text C:\Windows\system32\SearchIndexer.exe[1372] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00100A08
    .text C:\Windows\system32\SearchIndexer.exe[1372] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001001F8
    .text C:\Windows\system32\SearchIndexer.exe[1372] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001003FC
    .text C:\Windows\system32\taskeng.exe[1392] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[1392] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[1392] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\taskeng.exe[1392] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\taskeng.exe[1392] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00090600
    .text C:\Windows\system32\taskeng.exe[1392] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00090804
    .text C:\Windows\system32\taskeng.exe[1392] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00090A08
    .text C:\Windows\system32\taskeng.exe[1392] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000901F8
    .text C:\Windows\system32\taskeng.exe[1392] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000903FC
    .text C:\Windows\System32\igfxtray.exe[1436] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Windows\System32\igfxtray.exe[1436] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Windows\System32\igfxtray.exe[1436] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\System32\igfxtray.exe[1436] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
    .text C:\Windows\System32\igfxtray.exe[1436] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
    .text C:\Windows\System32\igfxtray.exe[1436] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
    .text C:\Windows\System32\igfxtray.exe[1436] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
    .text C:\Windows\System32\igfxtray.exe[1436] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
    .text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001903FC
    .text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00190600
    .text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00191014
    .text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00190804
    .text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00190A08
    .text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00190C0C
    .text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00190E10
    .text C:\Windows\System32\igfxtray.exe[1436] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001901F8
    .text C:\Windows\system32\svchost.exe[1496] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000901F8
    .text C:\Windows\system32\svchost.exe[1496] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 000F0600
    .text C:\Windows\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 000F0804
    .text C:\Windows\system32\svchost.exe[1496] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 000F0A08
    .text C:\Windows\system32\svchost.exe[1496] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000F01F8
    .text C:\Windows\system32\svchost.exe[1496] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000F03FC
    .text C:\Windows\System32\hkcmd.exe[1508] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Windows\System32\hkcmd.exe[1508] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Windows\System32\hkcmd.exe[1508] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\System32\hkcmd.exe[1508] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
    .text C:\Windows\System32\hkcmd.exe[1508] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
    .text C:\Windows\System32\hkcmd.exe[1508] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
    .text C:\Windows\System32\hkcmd.exe[1508] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
    .text C:\Windows\System32\hkcmd.exe[1508] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
    .text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001903FC
    .text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00190600
    .text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00191014
    .text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00190804
    .text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00190A08
    .text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00190C0C
    .text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00190E10
    .text C:\Windows\System32\hkcmd.exe[1508] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001901F8
    .text C:\Windows\System32\igfxpers.exe[1536] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Windows\System32\igfxpers.exe[1536] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Windows\System32\igfxpers.exe[1536] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\System32\igfxpers.exe[1536] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
    .text C:\Windows\System32\igfxpers.exe[1536] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
    .text C:\Windows\System32\igfxpers.exe[1536] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
    .text C:\Windows\System32\igfxpers.exe[1536] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
    .text C:\Windows\System32\igfxpers.exe[1536] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
    .text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
    .text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
    .text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
    .text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
    .text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
    .text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
    .text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
    .text C:\Windows\System32\igfxpers.exe[1536] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
    .text C:\Windows\System32\spoolsv.exe[1576] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\spoolsv.exe[1576] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\spoolsv.exe[1576] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00220600
    .text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00220804
    .text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00220A08
    .text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 002201F8
    .text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 002203FC
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1692] kernel32.dll!SetUnhandledExceptionFilter 76BBA8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1692] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[1700] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\Dwm.exe[1700] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\Dwm.exe[1700] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\Dwm.exe[1700] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\Dwm.exe[1700] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\Dwm.exe[1700] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\Dwm.exe[1700] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\Dwm.exe[1700] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\Dwm.exe[1700] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
    .text C:\Windows\Explorer.EXE[1712] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\Explorer.EXE[1712] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\Explorer.EXE[1712] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\Explorer.EXE[1712] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\Explorer.EXE[1712] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
    .text C:\Windows\Explorer.EXE[1712] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
    .text C:\Windows\Explorer.EXE[1712] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
    .text C:\Windows\Explorer.EXE[1712] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\Explorer.EXE[1712] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000401F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] ntdll.dll!LdrUnloadDll 779BB740 3 Bytes JMP 000403FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] ntdll.dll!LdrUnloadDll + 4 779BB744 1 Byte [88]
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000603FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00060600
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00061014
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00060804
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00060A08
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00060C0C
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00060E10
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000601F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00070600
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00070804
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00070A08
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!EnableWindow 76ACCD8B 5 Bytes JMP 70889934 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxParamW 76AF10B0 5 Bytes JMP 707E160B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxIndirectParamW 76AF2EF5 5 Bytes JMP 709D605E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxParamA 76B08152 5 Bytes JMP 709D5FF9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxIndirectParamA 76B0847D 5 Bytes JMP 709D60C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxIndirectA 76B1D4D9 5 Bytes JMP 709D5F80 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxIndirectW 76B1D5D3 5 Bytes JMP 709D5F07 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxExA 76B1D639 5 Bytes JMP 709D5EA3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxExW 76B1D65D 5 Bytes JMP 709D5E3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00160600
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00160804
    .text
  5. dobysport55

    dobysport55 Newcomer, in training Topic Starter Posts: 94

    C:\Program Files\Apoint2K\Apntex.exe[1836] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00160A08
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001601F8
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001603FC
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Apoint2K\Apntex.exe[1836] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
    .text C:\Windows\system32\svchost.exe[1960] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1960] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1960] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1960] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00240600
    .text C:\Windows\system32\svchost.exe[1960] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00240804
    .text C:\Windows\system32\svchost.exe[1960] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00240A08
    .text C:\Windows\system32\svchost.exe[1960] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 002401F8
    .text C:\Windows\system32\svchost.exe[1960] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 002403FC
    .text C:\Windows\system32\taskeng.exe[2056] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[2056] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[2056] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\taskeng.exe[2056] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[2056] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\taskeng.exe[2056] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\taskeng.exe[2056] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\taskeng.exe[2056] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\taskeng.exe[2056] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001601F8
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001603FC
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2084] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001903FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00190600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00191014
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00190804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00190A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00190C0C
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00190E10
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001901F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 001A0600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 001A0804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 001A0A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001A01F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001A03FC
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2232] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001D01F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001D03FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 002003FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00200600
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00201014
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00200804
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00200A08
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00200C0C
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00200E10
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 002001F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00210600
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00210804
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00210A08
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 002101F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2388] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 002103FC
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
    .text
  6. dobysport55

    dobysport55 Newcomer, in training Topic Starter Posts: 94

    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2420] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Trademanager\AliIM.exe[2436] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Trademanager\AliIM.exe[2436] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Trademanager\AliIM.exe[2436] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Trademanager\AliIM.exe[2436] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00190600
    .text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00190804
    .text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00190A08
    .text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001901F8
    .text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001903FC
    .text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!SetScrollRange 76ACD185 5 Bytes JMP 61603DD2 C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
    .text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!GetScrollInfo 76ACF073 5 Bytes JMP 61603CE0 C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
    .text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!ShowScrollBar 76ACF8AE 5 Bytes JMP 61603E01 C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
    .text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!SetScrollInfo 76AD71D8 5 Bytes JMP 61603D7C C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
    .text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!EnableScrollBar 76AEAF53 5 Bytes JMP 61603CB5 C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
    .text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!GetScrollPos 76AF337D 5 Bytes JMP 61603D07 C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
    .text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!GetScrollRange 76AF34A5 5 Bytes JMP 61603D31 C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
    .text C:\Program Files\Trademanager\AliIM.exe[2436] USER32.dll!SetScrollPos 76AF3602 5 Bytes JMP 61603DA7 C:\Program Files\Trademanager\GUICore.dll (GUICore/Alisoft (Shanghai) Co., Ltd.)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2476] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Secunia\PSI\sua.exe[2480] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000601F8
    .text C:\Program Files\Secunia\PSI\sua.exe[2480] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000603FC
    .text C:\Program Files\Secunia\PSI\sua.exe[2480] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Secunia\PSI\sua.exe[2480] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00160600
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00160804
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00160A08
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001601F8
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001603FC
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2496] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001601F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001603FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2568] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001901F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001903FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001C03FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 001C0600
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 001C1014
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 001C0804
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 001C0A08
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 001C0C0C
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 001C0E10
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001C01F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 001D0600
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 001D0804
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 001D0A08
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001D01F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2632] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001D03FC
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00070600
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00070804
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00070A08
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00080600
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00081014
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00080804
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00080A08
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00080C0C
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00080E10
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[2732] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001603FC
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00160600
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00161014
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00160804
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00160A08
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00160C0C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00160E10
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001601F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2764] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00160600
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00160804
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00160A08
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001601F8
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001603FC
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
    .text C:\Users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe[2776] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2920] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000601F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000603FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00070600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00070804
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00070A08
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00080600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00081014
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00080804
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00080A08
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00080C0C
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00080E10
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3016] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000801F8
    .text C:\Windows\System32\svchost.exe[3060] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[3060] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[3060] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[3060] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[3060] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 001B0600
    .text C:\Windows\System32\svchost.exe[3060] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 001B0804
    .text C:\Windows\System32\svchost.exe[3060] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 001B0A08
    .text C:\Windows\System32\svchost.exe[3060] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001B01F8
    .text C:\Windows\System32\svchost.exe[3060] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001B03FC
    .text C:\Windows\system32\svchost.exe[3120] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[3120] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[3120] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[3120] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001401F8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001403FC
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00160600
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00160804
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00160A08
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001601F8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001603FC
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3132] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001601F8
    .text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001603FC
    .text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
  7. dobysport55

    dobysport55 Newcomer, in training Topic Starter Posts: 94

    .text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
    .text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[3256] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[3364] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[3424] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[3424] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[3424] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[3424] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[3424] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00280600
    .text C:\Windows\system32\svchost.exe[3424] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00280804
    .text C:\Windows\system32\svchost.exe[3424] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00280A08
    .text C:\Windows\system32\svchost.exe[3424] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 002801F8
    .text C:\Windows\system32\svchost.exe[3424] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 002803FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001903FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00190600
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00191014
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00190804
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00190A08
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00190C0C
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00190E10
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3452] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001901F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3500] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00090600
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00090804
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00090A08
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000901F8
    .text C:\Program Files\Secunia\PSI\PSIA.exe[3580] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000903FC
    .text C:\Windows\system32\java.exe[3592] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\java.exe[3592] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\java.exe[3592] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 000C0600
    .text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 000C1014
    .text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 000C0804
    .text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 000C0C0C
    .text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 000C0E10
    .text C:\Windows\system32\java.exe[3592] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\java.exe[3592] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00C90600
    .text C:\Windows\system32\java.exe[3592] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00C90804
    .text C:\Windows\system32\java.exe[3592] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00C90A08
    .text C:\Windows\system32\java.exe[3592] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 00C901F8
    .text C:\Windows\system32\java.exe[3592] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 00C903FC
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3752] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3780] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[4048] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4100] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000D03FC
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 000D0600
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 000D1014
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 000D0804
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 000D0A08
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 000D0C0C
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 000D0E10
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000D01F8
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 000E0600
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 000E0804
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 000E0A08
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000E01F8
    .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[4436] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000E03FC
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000903FC
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00090600
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00091014
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00090804
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00090A08
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00090C0C
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00090E10
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[4724] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000901F8
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4772] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00080600
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00081014
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00080804
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00080A08
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00080C0C
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00080E10
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00090600
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00090804
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00090A08
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000901F8
    .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4992] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000903FC
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 003603FC
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00360600
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00361014
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00360804
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00360A08
    .text
  8. dobysport55

    dobysport55 Newcomer, in training Topic Starter Posts: 94

    C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00360C0C
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00360E10
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 003601F8
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00370600
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00370804
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00370A08
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 003701F8
    .text C:\Users\MoneyIsDaObject\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P84OE4M\b3wq2iys.exe[5008] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 003703FC
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00180600
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00180804
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001903FC
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00190600
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00191014
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00190804
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00190A08
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00190C0C
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00190E10
    .text C:\Program Files\Apoint2K\ApMsgFwd.exe[5064] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001901F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000401F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] ntdll.dll!LdrUnloadDll 779BB740 3 Bytes JMP 000403FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] ntdll.dll!LdrUnloadDll + 4 779BB744 1 Byte [88]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] kernel32.dll!CreateThread 76BDCB2E 5 Bytes JMP 7084723B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000603FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00060600
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00061014
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00060804
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00060A08
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00060C0C
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00060E10
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000601F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00070600
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 708820C4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!CallNextHookEx 76AC8E3B 5 Bytes JMP 708A7ACF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 708CEA88 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!EnableWindow 76ACCD8B 5 Bytes JMP 70889934 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!DefWindowProcA 76ACDB88 7 Bytes JMP 70849465 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!CreateWindowExA 76ACDC2A 5 Bytes JMP 70853293 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!CreateWindowExW 76AD1305 5 Bytes JMP 708AFEAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!DefWindowProcW 76AE03B4 7 Bytes JMP 708A7B32 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!DialogBoxParamW 76AF10B0 5 Bytes JMP 707E160B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!DialogBoxIndirectParamW 76AF2EF5 5 Bytes JMP 709D605E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!DialogBoxParamA 76B08152 5 Bytes JMP 709D5FF9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!DialogBoxIndirectParamA 76B0847D 5 Bytes JMP 709D60C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!MessageBoxIndirectA 76B1D4D9 5 Bytes JMP 709D5F80 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!MessageBoxIndirectW 76B1D5D3 5 Bytes JMP 709D5F07 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!MessageBoxExA 76B1D639 5 Bytes JMP 709D5EA3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] USER32.dll!MessageBoxExW 76B1D65D 5 Bytes JMP 709D5E3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5128] ole32.dll!OleLoadFromStream 76941E80 5 Bytes JMP 709D682D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Windows\System32\notepad.exe[5284] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\notepad.exe[5284] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\notepad.exe[5284] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\notepad.exe[5284] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\notepad.exe[5284] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
    .text C:\Windows\System32\notepad.exe[5284] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
    .text C:\Windows\System32\notepad.exe[5284] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
    .text C:\Windows\System32\notepad.exe[5284] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\System32\notepad.exe[5284] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
    .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[5760] KERNEL32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00170600
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00170804
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5796] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 001801F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] USER32.dll!SetWindowsHookExA 76AC6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] USER32.dll!SetWindowsHookExW 76AC87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] USER32.dll!UnhookWindowsHookEx 76AC98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] USER32.dll!SetWinEventHook 76AC9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[5928] USER32.dll!UnhookWinEvent 76ACC06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[6120] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[6120] ntdll.dll!LdrUnloadDll 779BB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[6120] kernel32.dll!GetBinaryTypeW + 70 76BE2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!CreateServiceW 76739EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!DeleteService 7673A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!SetServiceObjectSecurity 76776CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!ChangeServiceConfigA 76776DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!ChangeServiceConfigW 76776F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!ChangeServiceConfig2A 76777099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!ChangeServiceConfig2W 767771E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[6120] ADVAPI32.dll!CreateServiceA 767772A1 5 Bytes JMP 000701F8

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\services.exe[608] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
    IAT C:\Windows\system32\services.exe[608] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7483A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74818395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7486CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7480C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
  9. dobysport55

    dobysport55 Newcomer, in training Topic Starter Posts: 94

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- Files - GMER 1.0.15 ----

    File Q:\MASTER.LOG 746 bytes
    File Q:\$RECYCLE.BIN 0 bytes
    File Q:\$RECYCLE.BIN\S-1-5-21-452617041-2393866445-922946053-1000 0 bytes
    File Q:\$RECYCLE.BIN\S-1-5-21-452617041-2393866445-922946053-1000\desktop.ini 129 bytes
    File Q:\$RECYCLE.BIN\S-1-5-21-452617041-2393866445-922946053-500 0 bytes
    File Q:\AUTOMODE 340 bytes
    File Q:\BLOCK.RIN 13 bytes
    File Q:\boot 0 bytes
    File Q:\boot\protect.danish 109124 bytes
    File Q:\boot\BCD 28672 bytes
    File Q:\boot\BCD.LOG 262144 bytes
    File Q:\boot\bcd.LOG1 262144 bytes
    File Q:\boot\bcd.LOG2 0 bytes
    File Q:\boot\boot.sdi 3170304 bytes
    File Q:\boot\BOOTFIX.BIN 1024 bytes
    File Q:\boot\BOOTSECT.EXE 87552 bytes executable
    File Q:\boot\Desktop.ini 891 bytes
    File Q:\boot\ETFSBOOT.COM 2048 bytes
    File Q:\boot\Folder.htt 8134 bytes
    File Q:\boot\FONTS 0 bytes
    File Q:\boot\FONTS\CHS_BOOT.TTF 3694080 bytes
    File Q:\boot\FONTS\CHT_BOOT.TTF 3876772 bytes
    File Q:\boot\FONTS\JPN_BOOT.TTF 1984228 bytes
    File Q:\boot\FONTS\KOR_BOOT.TTF 2371360 bytes
    File Q:\boot\FONTS\WGL4_BOOT.TTF 47452 bytes
    File Q:\boot\memtest.exe 385024 bytes executable
    File Q:\boot\protect.chinese hong kong 109342 bytes
    File Q:\boot\protect.chinese simplified 109360 bytes
    File Q:\boot\protect.chinese traditional 109342 bytes
    File Q:\boot\protect.czech 111653 bytes
    File Q:\boot\protect.dutch 109049 bytes
    File Q:\boot\Protect.ed 109092 bytes
    File Q:\boot\protect.english 109092 bytes
    File Q:\boot\protect.finnish 109092 bytes
    File Q:\boot\protect.french 109060 bytes
    File Q:\boot\protect.german 109094 bytes
    File Q:\boot\protect.greek 112541 bytes
    File Q:\boot\protect.hebrew 112375 bytes
    File Q:\boot\protect.hungarian 111475 bytes
    File Q:\boot\protect.italian 108979 bytes
    File Q:\boot\protect.japanese 109795 bytes
    File Q:\boot\protect.korean 109487 bytes
    File Q:\boot\protect.norwegian 111402 bytes
    File Q:\boot\protect.polish 111585 bytes
    File Q:\boot\protect.portuguese 111448 bytes
    File Q:\boot\protect.portuguese brazilian 111697 bytes
    File Q:\boot\protect.russian 163804 bytes
    File Q:\boot\protect.spanish 109016 bytes
    File Q:\boot\protect.swedish 111445 bytes
    File Q:\boot\protect.turkish 111598 bytes
    File Q:\bootmgr 438328 bytes
    File Q:\Desktop.ini 891 bytes
    File Q:\Folder.htt 8134 bytes
    File Q:\HP 0 bytes
    File Q:\HP\protect.japanese 109795 bytes
    File Q:\HP\Desktop.ini 891 bytes
    File Q:\HP\Folder.htt 8134 bytes
    File Q:\HP\protect.chinese hong kong 109342 bytes
    File Q:\HP\protect.chinese simplified 109360 bytes
    File Q:\HP\protect.chinese traditional 109342 bytes
    File Q:\HP\protect.czech 111653 bytes
    File Q:\HP\protect.danish 109124 bytes
    File Q:\HP\protect.dutch 109049 bytes
    File Q:\HP\Protect.ed 109092 bytes
    File Q:\HP\protect.english 109092 bytes
    File Q:\HP\protect.finnish 109092 bytes
    File Q:\HP\protect.french 109060 bytes
    File Q:\HP\protect.german 109094 bytes
    File Q:\HP\protect.greek 112541 bytes
    File Q:\HP\protect.hebrew 112375 bytes
    File Q:\HP\protect.hungarian 111475 bytes
    File Q:\HP\protect.italian 108979 bytes
    File Q:\HP\protect.korean 109487 bytes
    File Q:\HP\protect.norwegian 111402 bytes
    File Q:\HP\protect.polish 111585 bytes
    File Q:\HP\protect.portuguese 111448 bytes
    File Q:\HP\protect.portuguese brazilian 111697 bytes
    File Q:\HP\protect.russian 163804 bytes
    File Q:\HP\protect.spanish 109016 bytes
    File Q:\HP\protect.swedish 111445 bytes
    File Q:\HP\protect.turkish 111598 bytes
    File Q:\HP\RECOVERY 0 bytes
    File Q:\HP\RECOVERY\COMPAQ 0 bytes
    File Q:\HP\RECOVERY\LOGS 0 bytes
    File Q:\HP\RECOVERY\MULTI.FLG 17 bytes
    File Q:\HP\RECOVERY\REIMAGE.FLG 24 bytes
    File Q:\HP\RECOVERY\RestoreWiz.exe 2497672 bytes executable
    File Q:\HP\RECOVERY\Skin.smf 734207 bytes
    File Q:\preload 0 bytes
    File Q:\preload\protect.hebrew 112375 bytes
    File Q:\preload\BASE.DAT 120 bytes
    File Q:\preload\BASE.WIM 1271738760 bytes
    File Q:\preload\CD0 36 bytes
    File Q:\preload\CSP.DAT 840 bytes
    File Q:\preload\Desktop.ini 891 bytes
    File Q:\preload\Folder.htt 8134 bytes
    File Q:\preload\protect.chinese hong kong 109342 bytes
    File Q:\preload\protect.chinese simplified 109360 bytes
    File Q:\preload\protect.chinese traditional 109342 bytes
    File Q:\preload\protect.czech 111653 bytes
    File Q:\preload\protect.danish 109124 bytes
    File Q:\preload\protect.dutch 109049 bytes
    File Q:\preload\Protect.ed 109092 bytes
    File Q:\preload\protect.english 109092 bytes
    File Q:\preload\protect.finnish 109092 bytes
    File Q:\preload\protect.french 109060 bytes
    File Q:\preload\protect.german 109094 bytes
    File Q:\preload\protect.greek 112541 bytes
    File Q:\preload\protect.hungarian 111475 bytes
    File Q:\preload\protect.italian 108979 bytes
    File Q:\preload\protect.japanese 109795 bytes
    File Q:\preload\protect.korean 109487 bytes
    File Q:\preload\protect.norwegian 111402 bytes
    File Q:\preload\protect.polish 111585 bytes
    File Q:\preload\protect.portuguese 111448 bytes
    File Q:\preload\protect.portuguese brazilian 111697 bytes
    File Q:\preload\protect.russian 163804 bytes
    File Q:\preload\protect.spanish 109016 bytes
    File Q:\preload\protect.swedish 111445 bytes
    File Q:\preload\protect.turkish 111598 bytes
    File Q:\protect.chinese hong kong 109342 bytes
    File Q:\protect.chinese simplified 109360 bytes
    File Q:\protect.chinese traditional 109342 bytes
    File Q:\protect.czech 111653 bytes
    File Q:\protect.danish 109124 bytes
    File Q:\protect.dutch 109049 bytes
    File Q:\protect.ed 109092 bytes
    File Q:\protect.english 109092 bytes
    File Q:\protect.finnish 109092 bytes
    File Q:\protect.french 109060 bytes
    File Q:\protect.german 109094 bytes
    File Q:\protect.greek 112541 bytes
    File Q:\protect.hebrew 112375 bytes
    File Q:\protect.hungarian 111475 bytes
    File Q:\protect.italian 108979 bytes
    File Q:\protect.japanese 109795 bytes
    File Q:\protect.korean 109487 bytes
    File Q:\protect.norwegian 111402 bytes
    File Q:\protect.polish 111585 bytes
    File Q:\protect.portuguese 111448 bytes
  10. dobysport55

    dobysport55 Newcomer, in training Topic Starter Posts: 94

    File Q:\protect.portuguese brazilian 111697 bytes
    File Q:\protect.russian 163804 bytes
    File Q:\protect.spanish 109016 bytes
    File Q:\protect.swedish 111445 bytes
    File Q:\protect.turkish 111598 bytes
    File Q:\RECOVERY 0 bytes
    File Q:\RECOVERY\protect.hungarian 111475 bytes
    File Q:\RECOVERY\Desktop.ini 891 bytes
    File Q:\RECOVERY\Folder.htt 8134 bytes
    File Q:\RECOVERY\protect.chinese hong kong 109342 bytes
    File Q:\RECOVERY\protect.chinese simplified 109360 bytes
    File Q:\RECOVERY\protect.chinese traditional 109342 bytes
    File Q:\RECOVERY\protect.czech 111653 bytes
    File Q:\RECOVERY\protect.danish 109124 bytes
    File Q:\RECOVERY\protect.dutch 109049 bytes
    File Q:\RECOVERY\protect.ed 109092 bytes
    File Q:\RECOVERY\protect.english 109092 bytes
    File Q:\RECOVERY\protect.finnish 109092 bytes
    File Q:\RECOVERY\protect.french 109060 bytes
    File Q:\RECOVERY\protect.german 109094 bytes
    File Q:\RECOVERY\protect.greek 112541 bytes
    File Q:\RECOVERY\protect.hebrew 112375 bytes
    File Q:\RECOVERY\protect.italian 108979 bytes
    File Q:\RECOVERY\protect.japanese 109795 bytes
    File Q:\RECOVERY\protect.korean 109487 bytes
    File Q:\RECOVERY\protect.norwegian 111402 bytes
    File Q:\RECOVERY\protect.polish 111585 bytes
    File Q:\RECOVERY\protect.portuguese 111448 bytes
    File Q:\RECOVERY\protect.portuguese brazilian 111697 bytes
    File Q:\RECOVERY\protect.russian 163804 bytes
    File Q:\RECOVERY\protect.spanish 109016 bytes
    File Q:\RECOVERY\protect.swedish 111445 bytes
    File Q:\RECOVERY\protect.turkish 111598 bytes
    File Q:\SOURCES 0 bytes
    File Q:\SOURCES\protect.italian 108979 bytes
    File Q:\SOURCES\boot.wim 192466691 bytes
    File Q:\SOURCES\Desktop.ini 891 bytes
    File Q:\SOURCES\Folder.htt 8134 bytes
    File Q:\SOURCES\protect.chinese hong kong 109342 bytes
    File Q:\SOURCES\protect.chinese simplified 109360 bytes
    File Q:\SOURCES\protect.chinese traditional 109342 bytes
    File Q:\SOURCES\protect.czech 111653 bytes
    File Q:\SOURCES\protect.danish 109124 bytes
    File Q:\SOURCES\protect.dutch 109049 bytes
    File Q:\SOURCES\Protect.ed 109092 bytes
    File Q:\SOURCES\protect.english 109092 bytes
    File Q:\SOURCES\protect.finnish 109092 bytes
    File Q:\SOURCES\protect.french 109060 bytes
    File Q:\SOURCES\protect.german 109094 bytes
    File Q:\SOURCES\protect.greek 112541 bytes
    File Q:\SOURCES\protect.hebrew 112375 bytes
    File Q:\SOURCES\protect.hungarian 111475 bytes
    File Q:\SOURCES\protect.japanese 109795 bytes
    File Q:\SOURCES\protect.korean 109487 bytes
    File Q:\SOURCES\protect.norwegian 111402 bytes
    File Q:\SOURCES\protect.polish 111585 bytes
    File Q:\SOURCES\protect.portuguese 111448 bytes
    File Q:\SOURCES\protect.portuguese brazilian 111697 bytes
    File Q:\SOURCES\protect.russian 163804 bytes
    File Q:\SOURCES\protect.spanish 109016 bytes
    File Q:\SOURCES\protect.swedish 111445 bytes
    File Q:\SOURCES\protect.turkish 111598 bytes
    File Q:\SOURCES\SOFTTHINKS 44 bytes
    File Q:\System Volume Information 0 bytes
    File Q:\System Volume Information\Desktop.ini 891 bytes
    File Q:\System Volume Information\Folder.htt 8134 bytes
    File Q:\System Volume Information\MountPointManagerRemoteDatabase 0 bytes
    File Q:\System Volume Information\protect.chinese hong kong 109342 bytes
    File Q:\System Volume Information\protect.chinese simplified 109360 bytes
    File Q:\System Volume Information\protect.chinese traditional 109342 bytes
    File Q:\System Volume Information\protect.czech 111653 bytes
    File Q:\System Volume Information\protect.danish 109124 bytes
    File Q:\System Volume Information\protect.dutch 109049 bytes
    File Q:\System Volume Information\Protect.ed 109092 bytes
    File Q:\System Volume Information\protect.english 109092 bytes
    File Q:\System Volume Information\protect.finnish 109092 bytes
    File Q:\System Volume Information\protect.french 109060 bytes
    File Q:\System Volume Information\protect.german 109094 bytes
    File Q:\System Volume Information\protect.greek 112541 bytes
    File Q:\System Volume Information\protect.hebrew 112375 bytes
    File Q:\System Volume Information\protect.hungarian 111475 bytes
    File Q:\System Volume Information\protect.japanese 109795 bytes
    File Q:\System Volume Information\protect.korean 109487 bytes
    File Q:\System Volume Information\protect.norwegian 111402 bytes
    File Q:\System Volume Information\protect.polish 111585 bytes
    File Q:\System Volume Information\protect.portuguese 111448 bytes
    File Q:\System Volume Information\protect.portuguese brazilian 111697 bytes
    File Q:\System Volume Information\protect.russian 163804 bytes
    File Q:\System Volume Information\protect.spanish 109016 bytes
    File Q:\System Volume Information\protect.swedish 111445 bytes
    File Q:\System Volume Information\protect.turkish 111598 bytes
    File Q:\System Volume Information\SPP 0 bytes
    File Q:\System Volume Information\{212f30cc-0a1c-11e1-ab61-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 15007744 bytes
    File Q:\System Volume Information\{24d4da0b-0c0b-11e1-8f53-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 14401536 bytes
    File Q:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 65536 bytes
    File Q:\System Volume Information\protect.italian 108979 bytes
    File Q:\System Volume Information\tracking.log 20480 bytes
    File Q:\System Volume Information\{89cc95e2-0db1-11e1-9218-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 15106048 bytes
    File Q:\System Volume Information\{af94ca6b-1124-11e1-a075-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 14860288 bytes
    File Q:\System Volume Information\{b53d550b-15e9-11e1-b884-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 15024128 bytes
    File Q:\System Volume Information\{decd3976-1201-11e1-a04c-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 15040512 bytes
    File Q:\System Volume Information\{f25f63ea-0ed2-11e1-9f2e-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 19890176 bytes
    File Q:\System Volume Information\{f7e266e3-177a-11e1-a0bd-001eec2aa694}{3808876b-c176-4e48-b7ae-04046e6cc752} 314572800 bytes
    File Q:\Tools 0 bytes
    File Q:\Tools\protect.greek 112541 bytes
    File Q:\Tools\Desktop.ini 891 bytes
    File Q:\Tools\Flags 0 bytes
    File Q:\Tools\Flags\BASE.DAT 120 bytes
    File Q:\Tools\Flags\BASE.INP 0 bytes
    File Q:\Tools\Flags\CD0 36 bytes
    File Q:\Tools\Folder.htt 8134 bytes
    File Q:\Tools\protect.chinese hong kong 109342 bytes
    File Q:\Tools\protect.chinese simplified 109360 bytes
    File Q:\Tools\protect.chinese traditional 109342 bytes
    File Q:\Tools\protect.czech 111653 bytes
    File Q:\Tools\protect.danish 109124 bytes
    File Q:\Tools\protect.dutch 109049 bytes
    File Q:\Tools\Protect.ed 109092 bytes
    File Q:\Tools\protect.english 109092 bytes
    File Q:\Tools\protect.finnish 109092 bytes
    File Q:\Tools\protect.french 109060 bytes
    File Q:\Tools\protect.german 109094 bytes
    File Q:\Tools\protect.hebrew 112375 bytes
    File Q:\Tools\protect.hungarian 111475 bytes
    File Q:\Tools\protect.italian 108979 bytes
    File Q:\Tools\protect.japanese 109795 bytes
    File Q:\Tools\protect.korean 109487 bytes
    File Q:\Tools\protect.norwegian 111402 bytes
    File Q:\Tools\protect.polish 111585 bytes
    File Q:\Tools\protect.portuguese 111448 bytes
    File Q:\Tools\protect.portuguese brazilian 111697 bytes
    File Q:\Tools\protect.russian 163804 bytes
    File Q:\Tools\protect.spanish 109016 bytes
    File Q:\Tools\protect.swedish 111445 bytes
    File Q:\Tools\protect.turkish 111598 bytes
    File Q:\USER 0 bytes
    File Q:\WINDOWS 0 bytes
    File Q:\WINDOWS\protect.japanese 109795 bytes
    File Q:\WINDOWS\Desktop.ini 891 bytes
    File Q:\WINDOWS\Folder.htt 8134 bytes
    File Q:\WINDOWS\protect.chinese hong kong 109342 bytes
    File Q:\WINDOWS\protect.chinese simplified 109360 bytes
    File Q:\WINDOWS\protect.chinese traditional 109342 bytes
    File Q:\WINDOWS\protect.czech 111653 bytes
    File Q:\WINDOWS\protect.danish 109124 bytes
    File Q:\WINDOWS\protect.dutch 109049 bytes
    File Q:\WINDOWS\Protect.ed 109092 bytes
    File Q:\WINDOWS\protect.english 109092 bytes
    File Q:\WINDOWS\protect.finnish 109092 bytes
    File Q:\WINDOWS\protect.french 109060 bytes
    File Q:\WINDOWS\protect.german 109094 bytes
    File Q:\WINDOWS\protect.greek 112541 bytes
    File Q:\WINDOWS\protect.hebrew 112375 bytes
    File Q:\WINDOWS\protect.hungarian 111475 bytes
    File Q:\WINDOWS\protect.italian 108979 bytes
    File Q:\WINDOWS\protect.korean 109487 bytes
    File Q:\WINDOWS\protect.norwegian 111402 bytes
    File Q:\WINDOWS\protect.polish 111585 bytes
    File Q:\WINDOWS\protect.portuguese 111448 bytes
    File Q:\WINDOWS\protect.portuguese brazilian 111697 bytes
    File Q:\WINDOWS\protect.russian 163804 bytes
    File Q:\WINDOWS\protect.spanish 109016 bytes
    File Q:\WINDOWS\protect.swedish 111445 bytes
    File Q:\WINDOWS\protect.turkish 111598 bytes
    File Q:\WINDOWS\SYSTEM32 0 bytes
    File Q:\WINDOWS\SYSTEM32\BCD_FINAL_RP.LOG 28672 bytes
    File Q:\WINDOWS\SYSTEM32\BCD_FINAL_RP_TXT.LOG 3431 bytes
    File Q:\WINDOWS\SYSTEM32\BCD_Manipulation_RP.log 3785 bytes
    File Q:\WINDOWS\SYSTEM32\BOOT_WIM_RP.LOG 1605 bytes
    File Q:\WINDOWS\SYSTEM32\CreatePage.log 194 bytes
    File Q:\WINDOWS\SYSTEM32\preload.LOG 2015 bytes
    File Q:\WINDOWS\SYSTEM32\REIMAGE.LOG 3082 bytes
    File Q:\WINDOWS\SYSTEM32\Restore7.exe.LOG 35180 bytes
    File Q:\WINDOWS\SYSTEM32\SSRDServiceKey.LOG 157 bytes
    File Q:\WINDOWS\SYSTEM32\STFramework.LOG 3324 bytes
    File Q:\WINDOWS\SYSTEM32\STVdsDisks.log 2112 bytes
    File Q:\WINDOWS\SYSTEM32\ST_LOG.LOG 116 bytes
    File Q:\WINDOWS\SYSTEM32\WINRELauncher.exe.LOG 8152 bytes
    File Q:\WINDOWS\SYSTEM32\wpeinit.log 4334 bytes

    ---- EOF - GMER 1.0.15 ----
  11. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  12. dobysport55

    dobysport55 Newcomer, in training Topic Starter Posts: 94

    Here it is...

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-25 22:12:49
    -----------------------------
    22:12:49.164 OS Version: Windows 6.0.6002 Service Pack 2
    22:12:49.164 Number of processors: 2 586 0xF0D
    22:12:49.164 ComputerName: MONEYISDAOBJSON UserName: MoneyIsDaObject
    22:12:53.017 Initialize success
    22:12:53.953 AVAST engine defs: 11112501
    22:13:05.138 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    22:13:05.138 Disk 0 Vendor: ST925031 0001 Size: 238475MB BusType: 3
    22:13:06.183 Disk 0 MBR read successfully
    22:13:06.199 Disk 0 MBR scan
    22:13:06.199 Disk 0 Windows XP default MBR code
    22:13:06.542 Disk 0 scanning sectors +488392065
    22:13:07.821 Disk 0 scanning C:\Windows\system32\drivers
    22:16:29.467 Service scanning
    22:16:31.823 Modules scanning
    22:19:56.183 Disk 0 trace - called modules:
    22:19:56.323 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
    22:19:56.323 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8595b500]
    22:19:56.339 3 CLASSPNP.SYS[883a18b3] -> nt!IofCallDriver -> [0x84472958]
    22:19:56.354 5 acpi.sys[8069b6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84474028]
    22:19:57.618 AVAST engine scan C:\Windows
    22:22:54.854 AVAST engine scan C:\Windows\system32
    22:54:57.525 AVAST engine scan C:\Windows\system32\drivers
    23:01:25.582 AVAST engine scan C:\Users\MoneyIsDaObject
    05:03:00.261 AVAST engine scan C:\ProgramData
    05:59:32.262 Scan finished successfully
    12:27:34.352 Disk 0 MBR has been saved successfully to "C:\Users\MoneyIsDaObject\Desktop\MBR.dat"
    12:27:34.414 The log file has been saved successfully to "C:\Users\MoneyIsDaObject\Desktop\aswMBR.txt"


    ComboFix 11-11-26.04 - MoneyIsDaObject 11/26/2011 12:52:41.5.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.932 [GMT -5:00]
    Running from: c:\users\MoneyIsDaObject\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-26 18:09 . 2011-11-26 18:09 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-11-26 18:09 . 2011-11-26 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-09 00:10 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-09 00:10 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 00:09 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-08 05:36 . 2011-11-08 05:36 -------- d-----w- c:\users\Default\AppData\Roaming\hpqLog
    2011-11-08 05:34 . 2011-11-08 05:34 -------- d-----w- c:\windows\QLB
    2011-11-07 21:43 . 2011-11-07 21:43 -------- d-----w- c:\users\MoneyIsDaObject\AppData\Roaming\GTek
    2011-11-03 01:58 . 2011-11-03 01:58 -------- d-----w- c:\programdata\Apple Computer
    2011-11-03 00:45 . 2011-11-18 01:07 -------- d-----w- c:\users\MoneyIsDaObject\AppData\Local\Akamai
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-16 14:01 . 2011-05-17 14:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-03 09:06 . 2010-09-08 04:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-06 20:45 . 2011-09-11 22:45 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 20:45 . 2011-09-11 22:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-06 20:38 . 2011-09-11 22:45 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-06 20:37 . 2011-09-11 22:45 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 20:36 . 2011-09-11 22:45 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 20:36 . 2011-09-11 22:45 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 20:36 . 2011-09-11 22:45 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-06 20:36 . 2011-09-11 22:45 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-06 13:30 . 2011-10-12 23:08 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 02:35 . 2011-10-13 19:49 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28 . 2011-10-13 19:49 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22 . 2011-10-13 19:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-31 21:00 . 2010-09-17 13:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-06-23 160328]
    "aliim"="c:\program files\Trademanager\aliim.exe" [2011-08-19 214976]
    "Akamai NetSession Interface"="c:\users\MoneyIsDaObject\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-21 217088]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 451896]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Linksys EasyLink Advisor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Linksys EasyLink Advisor.lnk
    backup=c:\windows\pss\Linksys EasyLink Advisor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Public^Documents^Windows^Adobe Gamma.lnk]
    path=c:\users\Public\Documents\Windows\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Public^Documents^Windows^ERUNT AutoBackup.lnk]
    path=c:\users\Public\Documents\Windows\ERUNT AutoBackup.lnk
    backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
    2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-09-09 23:28 136176 ----atw- c:\users\MoneyIsDaObject\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
    2007-10-01 23:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2010-05-20 19:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2011-08-31 21:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
    R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-03-28 204800]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 15:39]
    .
    2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 15:39]
    .
    2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-452617041-2393866445-922946053-1000Core.job
    - c:\users\MoneyIsDaObject\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 23:28]
    .
    2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-452617041-2393866445-922946053-1000UA.job
    - c:\users\MoneyIsDaObject\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 23:28]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://yahoo.com/
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: taobao.com
    TCP: DhcpNameServer = 205.152.144.23 205.152.132.23 205.152.144.23 205.152.132.23 192.168.1.1
    FF - ProfilePath - c:\users\MoneyIsDaObject\AppData\Roaming\Mozilla\Firefox\Profiles\5ze65ihb.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111113&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-26 13:14
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(4200)
    c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
    .
    Completion time: 2011-11-26 13:19:56
    ComboFix-quarantined-files.txt 2011-11-26 18:19
    .
    Pre-Run: 125,263,589,376 bytes free
    Post-Run: 125,458,288,640 bytes free
    .
    - - End Of File - - E0BFD17FC6663B89D8D585A8255BBA94
  13. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    All looks clean.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
  14. dobysport55

    dobysport55 Newcomer, in training Topic Starter Posts: 94

    Ok...Where is th windows section of this forum?

    thanks
  15. Broni

    Broni Malware Annihilator Posts: 46,127   +251



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.